Smack: Memory leak in smack_fs_context_submount()

[Casey Schaufler]

The mount options for Smack should be pointers into the global Smack label
list. smack_fs_context_submount() allocates copies of the labels. These
will never be freed. Change the code to save the pointers instead.

Fixes: d80a8f1b58c2 (vfs, security: Fix automount superblock LSM init problem, preventing NFS sb sharing)
Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
---
 security/smack/smack_lsm.c | 31 +++++++++----------------------
 1 file changed, 9 insertions(+), 22 deletions(-)

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index adf1c542d213..4c002e55d4f6 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -630,31 +630,18 @@ static int smack_fs_context_submount(struct fs_context *fc,
 	sbsp = smack_superblock(reference);
 	isp = smack_inode(reference->s_root->d_inode);
 
-	if (sbsp->smk_default) {
-		ctx->fsdefault = kstrdup(sbsp->smk_default->smk_known, GFP_KERNEL);
-		if (!ctx->fsdefault)
-			return -ENOMEM;
-	}
+	if (sbsp->smk_default)
+		ctx->fsdefault = sbsp->smk_default->smk_known;
 
-	if (sbsp->smk_floor) {
-		ctx->fsfloor = kstrdup(sbsp->smk_floor->smk_known, GFP_KERNEL);
-		if (!ctx->fsfloor)
-			return -ENOMEM;
-	}
+	if (sbsp->smk_floor)
+		ctx->fsfloor = sbsp->smk_floor->smk_known;
 
-	if (sbsp->smk_hat) {
-		ctx->fshat = kstrdup(sbsp->smk_hat->smk_known, GFP_KERNEL);
-		if (!ctx->fshat)
-			return -ENOMEM;
-	}
+	if (sbsp->smk_hat)
+		ctx->fshat = sbsp->smk_hat->smk_known;
+
+	if ((isp->smk_flags & SMK_INODE_TRANSMUTE) && sbsp->smk_root)
+		ctx->fstransmute = sbsp->smk_root->smk_known;
 
-	if (isp->smk_flags & SMK_INODE_TRANSMUTE) {
-		if (sbsp->smk_root) {
-			ctx->fstransmute = kstrdup(sbsp->smk_root->smk_known, GFP_KERNEL);
-			if (!ctx->fstransmute)
-				return -ENOMEM;
-		}
-	}
 	return 0;
 }