diff options
author | John Johansen <john.johansen@canonical.com> | 2018-02-03 20:08:28 +0100 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2018-02-09 20:30:00 +0100 |
commit | a6a52579e52b55448326db88bd9a5740e7c1a037 (patch) | |
tree | a8f9a62cfa04f14d8c6448faff38beab8e17e568 /security/apparmor | |
parent | apparmor: fix logging of the existence test for signals (diff) | |
download | linux-a6a52579e52b55448326db88bd9a5740e7c1a037.tar.xz linux-a6a52579e52b55448326db88bd9a5740e7c1a037.zip |
apparmor: split load data into management struct and data blob
Splitting the management struct from the actual data blob will allow
us in the future to do some sharing and other data reduction
techniques like replacing the the raw data with compressed data.
Prepare for this by separating the management struct from the data
blob.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor')
-rw-r--r-- | security/apparmor/include/policy_unpack.h | 2 | ||||
-rw-r--r-- | security/apparmor/policy_unpack.c | 13 |
2 files changed, 11 insertions, 4 deletions
diff --git a/security/apparmor/include/policy_unpack.h b/security/apparmor/include/policy_unpack.h index be6cd69ac319..8db4ab759e80 100644 --- a/security/apparmor/include/policy_unpack.h +++ b/security/apparmor/include/policy_unpack.h @@ -70,7 +70,7 @@ struct aa_loaddata { int abi; unsigned char *hash; - char data[]; + char *data; }; int aa_unpack(struct aa_loaddata *udata, struct list_head *lh, const char **ns); diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index 59a1a25b7d43..ece0c246cfe6 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -164,8 +164,9 @@ static void do_loaddata_free(struct work_struct *work) } kzfree(d->hash); - kfree(d->name); - kvfree(d); + kzfree(d->name); + kvfree(d->data); + kzfree(d); } void aa_loaddata_kref(struct kref *kref) @@ -180,10 +181,16 @@ void aa_loaddata_kref(struct kref *kref) struct aa_loaddata *aa_loaddata_alloc(size_t size) { - struct aa_loaddata *d = kvzalloc(sizeof(*d) + size, GFP_KERNEL); + struct aa_loaddata *d; + d = kzalloc(sizeof(*d), GFP_KERNEL); if (d == NULL) return ERR_PTR(-ENOMEM); + d->data = kvzalloc(size, GFP_KERNEL); + if (!d->data) { + kfree(d); + return ERR_PTR(-ENOMEM); + } kref_init(&d->count); INIT_LIST_HEAD(&d->list); |