Merge branch 'stable-3.14' of git://git.infradead.org/users/pcmoore/selinux into...

diff --combined security/selinux/ss/services.c
index c93c21127f0cc5b6bc55c2930fdfe2441dc2a19c,f1e46d776544fc4694a78ad436f5d9b06ece5589..5d0144ee8ed6d58e1f75043edcd7995cf1ca3a0e
--- 1/security/selinux/ss/services.c
--- 2/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@@ -1232,6 -1232,10 +1232,10 @@@ static int security_context_to_sid_core
        struct context context;
        int rc = 0;
  
+       /* An empty security context is never valid. */
+       if (!scontext_len)
+               return -EINVAL;
+ 
        if (!ss_initialized) {
                int i;
  
@@@ -2948,21 -2952,25 +2952,21 @@@ int selinux_audit_rule_match(u32 sid, u
        struct selinux_audit_rule *rule = vrule;
        int match = 0;
  
 -      if (!rule) {
 -              audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
 -                        "selinux_audit_rule_match: missing rule\n");
 +      if (unlikely(!rule)) {
 +              WARN_ONCE(1, "selinux_audit_rule_match: missing rule\n");
                return -ENOENT;
        }
  
        read_lock(&policy_rwlock);
  
        if (rule->au_seqno < latest_granting) {
 -              audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
 -                        "selinux_audit_rule_match: stale rule\n");
                match = -ESTALE;
                goto out;
        }
  
        ctxt = sidtab_search(&sidtab, sid);
 -      if (!ctxt) {
 -              audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
 -                        "selinux_audit_rule_match: unrecognized SID %d\n",
 +      if (unlikely(!ctxt)) {
 +              WARN_ONCE(1, "selinux_audit_rule_match: unrecognized SID %d\n",
                          sid);
                match = -ENOENT;
                goto out;