2 files changed, 35 insertions, 12 deletions

diff --git a/mm/shmem.c b/mm/shmem.c
index 0d627a37da9..1f7aeb210c7 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -1608,6 +1608,15 @@ shmem_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
 	int error = -ENOSPC;
 
 	if (inode) {
+		error = security_inode_init_security(inode, dir, NULL, NULL,
+						     NULL);
+		if (error) {
+			if (error != -EOPNOTSUPP) {
+				iput(inode);
+				return error;
+			}
+			error = 0;
+		}
 		if (dir->i_mode & S_ISGID) {
 			inode->i_gid = dir->i_gid;
 			if (S_ISDIR(mode))
@@ -1617,7 +1626,6 @@ shmem_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
 		dir->i_ctime = dir->i_mtime = CURRENT_TIME;
 		d_instantiate(dentry, inode);
 		dget(dentry); /* Extra count - pin the dentry in core */
-		error = 0;
 	}
 	return error;
 }
@@ -1747,6 +1755,16 @@ static int shmem_symlink(struct inode *dir, struct dentry *dentry, const char *s
 	if (!inode)
 		return -ENOSPC;
 
+	error = security_inode_init_security(inode, dir, NULL, NULL,
+					     NULL);
+	if (error) {
+		if (error != -EOPNOTSUPP) {
+			iput(inode);
+			return error;
+		}
+		error = 0;
+	}
+
 	info = SHMEM_I(inode);
 	inode->i_size = len-1;
 	if (len <= (char *)inode - (char *)info) {
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 63701fe0e1a..265f33d3af9 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2032,9 +2032,9 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
 	struct inode_security_struct *dsec;
 	struct superblock_security_struct *sbsec;
 	struct inode_security_struct *isec;
-	u32 newsid;
+	u32 newsid, clen;
 	int rc;
-	char *namep, *context;
+	char *namep = NULL, *context;
 
 	tsec = current->security;
 	dsec = dir->i_security;
@@ -2059,17 +2059,22 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
 
 	inode_security_set_sid(inode, newsid);
 
-	namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_KERNEL);
-	if (!namep)
-		return -ENOMEM;
-	*name = namep;
+	if (name) {
+		namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_KERNEL);
+		if (!namep)
+			return -ENOMEM;
+		*name = namep;
+	}
 
-	rc = security_sid_to_context(newsid, &context, len);
-	if (rc) {
-		kfree(namep);
-		return rc;
+	if (value && len) {
+		rc = security_sid_to_context(newsid, &context, &clen);
+		if (rc) {
+			kfree(namep);
+			return rc;
+		}
+		*value = context;
+		*len = clen;
 	}
-	*value = context;
 
 	isec->security_attr_init = 1;