[apparmor] [PATCH 05/36] apparmor: fix namespace to be freeded via RCU
John Johansen
john.johansen at canonical.com
Wed May 1 21:30:50 UTC 2013
Namespace lookups are RCU lists just like profile lookups, so the
free path for namespaces need to be done using RCU just as is being
done for profiles.
Add the missing rcu_call back for freeing namespaces.
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
security/apparmor/policy.c | 28 ++++++++++++++++------------
1 file changed, 16 insertions(+), 12 deletions(-)
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index 6698083..c42cbd7 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -329,13 +329,27 @@ static void free_namespace(struct aa_namespace *ns)
}
/**
+ * aa_free_namespace_rcu - free aa_namespace by rcu
+ * @head: rcu_head callback for freeing of a profile (NOT NULL)
+ *
+ * rcu_head is to the unconfined profile associated with the namespace
+ */
+static void aa_free_namespace_rcu(struct rcu_head *head)
+{
+ struct aa_profile *p = container_of(head, struct aa_profile, base.rcu);
+ free_namespace(p->ns);
+}
+
+/**
* aa_free_namespace_kref - free aa_namespace by kref (see aa_put_namespace)
* @kr: kref callback for freeing of a namespace (NOT NULL)
+ *
+ * kref is to the unconfined profile associated with the namespace
*/
void aa_free_namespace_kref(struct kref *kref)
{
struct aa_profile *p = container_of(kref, struct aa_profile, count);
- free_namespace(p->ns);
+ call_rcu(&p->base.rcu, aa_free_namespace_rcu);
}
/**
@@ -504,14 +518,6 @@ static void destroy_namespace(struct aa_namespace *ns)
mutex_unlock(&ns->lock);
}
-static void aa_put_ns_rcu(struct rcu_head *head)
-{
- struct aa_namespace *ns = container_of(head, struct aa_namespace,
- base.rcu);
- /* release ns->base.list ref */
- aa_put_namespace(ns);
-}
-
/**
* __remove_namespace - remove a namespace and all its children
* @ns: namespace to be removed (NOT NULL)
@@ -522,10 +528,8 @@ static void __remove_namespace(struct aa_namespace *ns)
{
/* remove ns from namespace list */
list_del_rcu(&ns->base.list);
-
destroy_namespace(ns);
-
- call_rcu(&ns->base.rcu, aa_put_ns_rcu);
+ aa_put_namespace(ns);
}
/**
--
1.8.1.2
More information about the AppArmor
mailing list