[apparmor] [PATCH 07/36] apparmor: use free_profile instead of put_profile when erroring out early
John Johansen
john.johansen at canonical.com
Wed May 22 09:16:17 UTC 2013
On 05/01/2013 05:28 PM, Seth Arnold wrote:
> On Wed, May 01, 2013 at 02:30:52PM -0700, John Johansen wrote:
>> aa_put_profile causes profiles to go throw an rcu based delayed free
>> cycle. Discard profiles that can't be in use and hence don't need the delayed
>> free call free_profile directly.
>
> This description doesn't seem to match the code, which looks like a
> simple sed s/free_profile/aa_free_profile/ -- does the patch header need
> updating? or has the corresponding code been placed into another patch?
>
Not sure sure how missed this ...
yep, description reworked
> Thanks
>
>> Signed-off-by: John Johansen <john.johansen at canonical.com>
>> ---
>> security/apparmor/include/policy.h | 1 +
>> security/apparmor/policy.c | 10 +++++-----
>> security/apparmor/policy_unpack.c | 4 ++--
>> 3 files changed, 8 insertions(+), 7 deletions(-)
>>
>> diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
>> index 587cb28..6d2b949 100644
>> --- a/security/apparmor/include/policy.h
>> +++ b/security/apparmor/include/policy.h
>> @@ -227,6 +227,7 @@ struct aa_namespace *aa_find_namespace(struct aa_namespace *root,
>> void aa_free_replacedby_kref(struct kref *kref);
>> struct aa_profile *aa_alloc_profile(const char *name);
>> struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat);
>> +void aa_free_profile(struct aa_profile *profile);
>> void aa_free_profile_kref(struct kref *kref);
>> struct aa_profile *aa_find_child(struct aa_profile *parent, const char *name);
>> struct aa_profile *aa_lookup_profile(struct aa_namespace *ns, const char *name);
>> diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
>> index 53a0573..5fe1559 100644
>> --- a/security/apparmor/policy.c
>> +++ b/security/apparmor/policy.c
>> @@ -307,7 +307,7 @@ fail_ns:
>> return NULL;
>> }
>>
>> -static void free_profile(struct aa_profile *profile);
>> +void aa_free_profile(struct aa_profile *profile);
>> /**
>> * free_namespace - free a profile namespace
>> * @ns: the namespace to free (MAYBE NULL)
>> @@ -324,7 +324,7 @@ static void free_namespace(struct aa_namespace *ns)
>> aa_put_namespace(ns->parent);
>>
>> ns->unconfined->ns = NULL;
>> - free_profile(ns->unconfined);
>> + aa_free_profile(ns->unconfined);
>> kzfree(ns);
>> }
>>
>> @@ -568,7 +568,7 @@ void aa_free_replacedby_kref(struct kref *kref)
>> }
>>
>> /**
>> - * free_profile - free a profile
>> + * aa_free_profile - free a profile
>> * @profile: the profile to free (MAYBE NULL)
>> *
>> * Free a profile, its hats and null_profile. All references to the profile,
>> @@ -577,7 +577,7 @@ void aa_free_replacedby_kref(struct kref *kref)
>> * If the profile was referenced from a task context, free_profile() will
>> * be called from an rcu callback routine, so we must not sleep here.
>> */
>> -static void free_profile(struct aa_profile *profile)
>> +void aa_free_profile(struct aa_profile *profile)
>> {
>> AA_DEBUG("%s(%p)\n", __func__, profile);
>>
>> @@ -619,7 +619,7 @@ static void aa_free_profile_rcu(struct rcu_head *head)
>> if (p->flags & PFLAG_NS_COUNT)
>> free_namespace(p->ns);
>> else
>> - free_profile(p);
>> + aa_free_profile(p);
>> }
>>
>> /**
>> diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
>> index f47b882..69894ad 100644
>> --- a/security/apparmor/policy_unpack.c
>> +++ b/security/apparmor/policy_unpack.c
>> @@ -615,7 +615,7 @@ fail:
>> else if (!name)
>> name = "unknown";
>> audit_iface(profile, name, "failed to unpack profile", e, error);
>> - aa_put_profile(profile);
>> + aa_free_profile(profile);
>>
>> return ERR_PTR(error);
>> }
>> @@ -763,7 +763,7 @@ int aa_unpack(void *udata, size_t size, struct list_head *lh, const char **ns)
>>
>> error = verify_profile(profile);
>> if (error) {
>> - aa_put_profile(profile);
>> + aa_free_profile(profile);
>> goto fail;
>> }
>>
>> --
>> 1.8.1.2
>>
>>
>> --
>> AppArmor mailing list
>> AppArmor at lists.ubuntu.com
>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
>>
>>
>>
More information about the AppArmor
mailing list