[apparmor] [PATCH 21/36] apparmor: baby step - now add labels to the labelset trees

Wed May 22 05:59:48 UTC 2013

On 05/21/2013 04:48 PM, Seth Arnold wrote:
> On Wed, May 01, 2013 at 02:31:06PM -0700, John Johansen wrote:
>> Just add the labels to the tree to make sure insertions and deletions
>> into the rb tree are working.
> 
>> @@ -1330,6 +1347,8 @@ ssize_t aa_remove_profiles(char *fqname, size_t size)
>>  		}
>>  		name = profile->base.hname;
>>  		__remove_profile(profile);
>> +		aa_label_remove(&ns->labels, &profile->label);
>> +		__aa_labelset_invalidate_all(ns, profile);
>>  		mutex_unlock(&ns->lock);
>>  	}
> 
> __remove_profile() may already call __aa_label_remove():
> 
> __remove_profile()
> __list_remove_profile()
> aa_put_profile()
> aa_label_kref()
> __aa_label_remove()
> 
> As a result of __remove_profile(), I believe that the next reference to
> &profile->label may even be invalid:
> 
yep

> ...
> aa_label_kref()
> label_free_rcu()
> aa_free_profile()
> kzfree()
> 
> 
> I guess the RCU mechanisms might mean that the data wouldn't actually
> be reaped until after the above code has already run to completion --
> I really should re-read the RCU paper -- but the mixing of cleanup
> operations in current context vs in RCU callback is a bit more subtle
> than me. :)
> 
well the RCU mechanism does mean the data is still live, and the IN_TREE
flag does keep it from being removed twice but yeah not good