[apparmor] [PATCH 19/43] apparmor: convert profile lists to RCU based locking

John Johansen john.johansen at canonical.com
Wed Feb 27 18:45:37 UTC 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 02/26/2013 04:02 PM, Seth Arnold wrote:
> On Fri, Feb 08, 2013 at 01:00:55PM -0800, John Johansen wrote:
> 
>> @@ -1091,13 +1098,13 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
> 
> Again, found while reviewing this patch, but not actually changed by
> _this_ patch at all. (Sorry.) My comments are out here: vvvvvvvvvvvv
> 
>         /* released below */
>         error = aa_unpack(udata, size, &lh, &ns_name);
>         if (error)
>                 goto out;				/* no ns yet */
> 
>         /* released below */
>         ns = aa_prepare_namespace(ns_name);
>         if (!ns) {
>                 info = "failed to prepare namespace";
>                 error = -ENOMEM;
>                 name = ns_name;
>                 goto fail;
>         }
> 
> 	/* ... */
> 
> out:
>         aa_put_namespace(ns);				/* but ns is put
> 							   and &lh is
> 							   not cleaned */
> 
>         if (error)
>                 return error;
>         return size;
> 
> fail_lock:
>         mutex_unlock(&ns->lock);
> 
> fail:
>         error = audit_policy(op, GFP_KERNEL, name, info, error);
> 
>         list_for_each_entry_safe(new, tmp, &lh, base.list) {
>                 /* &lh list is private and not rcu based */
>                 list_del_init(&new->base.list);
>                 aa_free_profile(new);
>         }
> 
>         goto out;
> }
> 
> 
> 
> At least one case of aa_unpack (an error in a profile header) can cause
> aa_unpack to leave profiles allocated on the list, so cleaning up after
> it here makes sense. (Or having aa_unpack() tear down on failure. Either
> way.)
> 
yep fixed in the new set
thanks

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRLlRQAAoJEAUvNnAY1cPYe9EP/RwBSh/kvWJeGuO4LgP4bEO/
WNeWgdZCM2gUH4ZNCKNHA2U2be4OJULAFAwyzbt11KTkoTtVwfcV5bkk/adI1E+R
Y0pu3va7sBcOxaKJFVQDoc06Ade6Iw7b3x8qOUTImrqzvORNDBz7Y4gA2/7YJ8CP
r17XHKlUKPXmg079bPCBqrNjLZFFonxJ8CvN6XlfqZ3+nfqx8lk9F6UJxauvRE3E
fk7Z1+TQZnurSy0T+rXlUACDM+FAR5166vSrVGHrraOEAKZIDUx07I/RFpAxgZ74
PXXv6RsvF+9tpB1v6hoTfNDmnF0npYlUlDr6P+gL6XAr7VFm8Tv8Q8A6koR/EGyu
CC+NNJJGUrgPCXdERN01NWdqeSNpAIYjh5OgpaDv1MqfyV9bU+NoJJbv39mFHuMT
7cX/Z/a3TAfnmtFD7/jcbaqciCppCX0poMY0KSpdjONGu2Yeha7yYaDif7jb9M1A
KXVS3TFWCJ06xq7V+kjsb3BfxZ/k5iIQ3+AEC5rB63GIr1SNzp07T29fkt5DgYff
cmBKKkGl6DI/Ui3k/bccaX9Ww5GDaiP5phyoCOEvc2PamNEcktyGT9LGkPcDZk19
Dv9qGp54qu5D4TC7JoRQXfejt4+EC8l7T9rs2ltBTBzBCCA5oTeEWTV4S+JNufqJ
r7+SShMIKmHecVDTu+5I
=0bKm
-----END PGP SIGNATURE-----

More information about the AppArmor mailing list