[apparmor] [PATCH 19/43] apparmor: convert profile lists to RCU based locking
Seth Arnold
seth.arnold at canonical.com
Wed Feb 27 00:02:37 UTC 2013
On Fri, Feb 08, 2013 at 01:00:55PM -0800, John Johansen wrote:
> @@ -1091,13 +1098,13 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
Again, found while reviewing this patch, but not actually changed by
_this_ patch at all. (Sorry.) My comments are out here: vvvvvvvvvvvv
/* released below */
error = aa_unpack(udata, size, &lh, &ns_name);
if (error)
goto out; /* no ns yet */
/* released below */
ns = aa_prepare_namespace(ns_name);
if (!ns) {
info = "failed to prepare namespace";
error = -ENOMEM;
name = ns_name;
goto fail;
}
/* ... */
out:
aa_put_namespace(ns); /* but ns is put
and &lh is
not cleaned */
if (error)
return error;
return size;
fail_lock:
mutex_unlock(&ns->lock);
fail:
error = audit_policy(op, GFP_KERNEL, name, info, error);
list_for_each_entry_safe(new, tmp, &lh, base.list) {
/* &lh list is private and not rcu based */
list_del_init(&new->base.list);
aa_free_profile(new);
}
goto out;
}
At least one case of aa_unpack (an error in a profile header) can cause
aa_unpack to leave profiles allocated on the list, so cleaning up after
it here makes sense. (Or having aa_unpack() tear down on failure. Either
way.)
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130226/af8007f1/attachment.pgp>
More information about the AppArmor
mailing list