[apparmor] [PATCH 19/36] apparmor: directly free a label if it has not been added to a labelset

[Seth Arnold]

On Wed, May 01, 2013 at 02:31:04PM -0700, John Johansen wrote:
> In error conditions is possible to put a label that has not been added
> to a labelset. In this case just directly free it.
> 
> Signed-off-by: John Johansen <john.johansen at canonical.com>

Acked-by: Seth Arnold <seth.arnold at canonical.com>

> ---
>  security/apparmor/label.c | 13 +++++++++----
>  1 file changed, 9 insertions(+), 4 deletions(-)
> 
> diff --git a/security/apparmor/label.c b/security/apparmor/label.c
> index c369dcb..9a74c50 100644
> --- a/security/apparmor/label.c
> +++ b/security/apparmor/label.c
> @@ -131,13 +131,18 @@ static bool __aa_label_remove(struct aa_labelset *ls, struct aa_label *label);
>  void aa_label_kref(struct kref *kref)
>  {
>  	struct aa_label *l = container_of(kref, struct aa_label, count);
> -	struct aa_labelset *ls = labels_set(l);
> +	struct aa_namespace *ns = labels_ns(l);
>  	unsigned long flags;
>  
> +	if (!ns) {
> +		/* never live, no rcu call back just using the fn */
> +		label_free_rcu(&l->rcu);
> +		return;
> +	}
>  
> -	write_lock_irqsave(&ls->lock, flags);
> -	(void) __aa_label_remove(ls, l);
> -	write_unlock_irqrestore(&ls->lock, flags);
> +	write_lock_irqsave(&ns->labels.lock, flags);
> +	(void) __aa_label_remove(&ns->labels, l);
> +	write_unlock_irqrestore(&ns->labels.lock, flags);
>  
>  	/* TODO: if compound label and not invalid add to reclaim cache */
>  	call_rcu(&l->rcu, label_free_rcu);
> -- 
> 1.8.1.2
> 
> 
> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130517/1d26d23b/attachment.pgp>