From 0ca554b9fca425eb58325a36290deef698cef34b Mon Sep 17 00:00:00 2001 From: John Johansen Date: Mon, 18 Feb 2013 16:04:34 -0800 Subject: apparmor: add kvzalloc to handle zeroing for kvmalloc Signed-off-by: John Johansen Acked-by: Steve Beattie --- security/apparmor/lib.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'security/apparmor/lib.c') diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c index 7430298116d..d6e1f214839 100644 --- a/security/apparmor/lib.c +++ b/security/apparmor/lib.c @@ -75,15 +75,16 @@ void aa_info_message(const char *str) } /** - * kvmalloc - do allocation preferring kmalloc but falling back to vmalloc - * @size: size of allocation + * __aa_kvmalloc - do allocation preferring kmalloc but falling back to vmalloc + * @size: how many bytes of memory are required + * @flags: the type of memory to allocate (see kmalloc). * * Return: allocated buffer or NULL if failed * * It is possible that policy being loaded from the user is larger than * what can be allocated by kmalloc, in those cases fall back to vmalloc. */ -void *kvmalloc(size_t size) +void *__aa_kvmalloc(size_t size, gfp_t flags) { void *buffer = NULL; @@ -92,14 +93,17 @@ void *kvmalloc(size_t size) /* do not attempt kmalloc if we need more than 16 pages at once */ if (size <= (16*PAGE_SIZE)) - buffer = kmalloc(size, GFP_NOIO | __GFP_NOWARN); + buffer = kmalloc(size, flags | GFP_NOIO | __GFP_NOWARN); if (!buffer) { /* see kvfree for why size must be at least work_struct size * when allocated via vmalloc */ if (size < sizeof(struct work_struct)) size = sizeof(struct work_struct); - buffer = vmalloc(size); + if (flags & __GFP_ZERO) + buffer = vzalloc(size); + else + buffer = vmalloc(size); } return buffer; } -- cgit v1.2.3-70-g09d2 From 2654bfbc2bd0e1e64f0b257c21da23f6cec32c6c Mon Sep 17 00:00:00 2001 From: John Johansen Date: Wed, 27 Feb 2013 03:45:05 -0800 Subject: apparmor: fix fully qualified name parsing currently apparmor name parsing is only correctly handling :: but ::// is also a valid form and what is exported to userspace. Signed-off-by: John Johansen --- security/apparmor/lib.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'security/apparmor/lib.c') diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c index d6e1f214839..d40bc592180 100644 --- a/security/apparmor/lib.c +++ b/security/apparmor/lib.c @@ -45,8 +45,10 @@ char *aa_split_fqname(char *fqname, char **ns_name) *ns_name = skip_spaces(&name[1]); if (split) { /* overwrite ':' with \0 */ - *split = 0; - name = skip_spaces(split + 1); + *split++ = 0; + if (strncmp(split, "//", 2) == 0) + split += 2; + name = skip_spaces(split); } else /* a ns name without a following profile is allowed */ name = NULL; -- cgit v1.2.3-70-g09d2 From b5b3ee6c9cca8b6e1aa8c757e570f08f802c5573 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Mon, 6 May 2013 03:10:35 +0100 Subject: apparmor: no need to delay vfree() vfree() can be called from interrupt contexts now Signed-off-by: Al Viro Acked-by: John Johansen Signed-off-by: James Morris --- security/apparmor/lib.c | 24 +++--------------------- 1 file changed, 3 insertions(+), 21 deletions(-) (limited to 'security/apparmor/lib.c') diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c index d40bc592180..fcfe0233574 100644 --- a/security/apparmor/lib.c +++ b/security/apparmor/lib.c @@ -110,19 +110,6 @@ void *__aa_kvmalloc(size_t size, gfp_t flags) return buffer; } -/** - * do_vfree - workqueue routine for freeing vmalloced memory - * @work: data to be freed - * - * The work_struct is overlaid to the data being freed, as at the point - * the work is scheduled the data is no longer valid, be its freeing - * needs to be delayed until safe. - */ -static void do_vfree(struct work_struct *work) -{ - vfree(work); -} - /** * kvfree - free an allocation do by kvmalloc * @buffer: buffer to free (MAYBE_NULL) @@ -131,13 +118,8 @@ static void do_vfree(struct work_struct *work) */ void kvfree(void *buffer) { - if (is_vmalloc_addr(buffer)) { - /* Data is no longer valid so just use the allocated space - * as the work_struct - */ - struct work_struct *work = (struct work_struct *) buffer; - INIT_WORK(work, do_vfree); - schedule_work(work); - } else + if (is_vmalloc_addr(buffer)) + vfree(buffer); + else kfree(buffer); } -- cgit v1.2.3-70-g09d2