[apparmor] [PATCH 19/36] apparmor: directly free a label if it has not been added to a labelset

[John Johansen]

In error conditions is possible to put a label that has not been added
to a labelset. In this case just directly free it.

Signed-off-by: John Johansen <john.johansen at canonical.com>
---
 security/apparmor/label.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/security/apparmor/label.c b/security/apparmor/label.c
index c369dcb..9a74c50 100644
--- a/security/apparmor/label.c
+++ b/security/apparmor/label.c
@@ -131,13 +131,18 @@ static bool __aa_label_remove(struct aa_labelset *ls, struct aa_label *label);
 void aa_label_kref(struct kref *kref)
 {
 	struct aa_label *l = container_of(kref, struct aa_label, count);
-	struct aa_labelset *ls = labels_set(l);
+	struct aa_namespace *ns = labels_ns(l);
 	unsigned long flags;
 
+	if (!ns) {
+		/* never live, no rcu call back just using the fn */
+		label_free_rcu(&l->rcu);
+		return;
+	}
 
-	write_lock_irqsave(&ls->lock, flags);
-	(void) __aa_label_remove(ls, l);
-	write_unlock_irqrestore(&ls->lock, flags);
+	write_lock_irqsave(&ns->labels.lock, flags);
+	(void) __aa_label_remove(&ns->labels, l);
+	write_unlock_irqrestore(&ns->labels.lock, flags);
 
 	/* TODO: if compound label and not invalid add to reclaim cache */
 	call_rcu(&l->rcu, label_free_rcu);
-- 
1.8.1.2