summaryrefslogtreecommitdiffstats
path: root/security/apparmor
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2018-02-03 20:08:28 +0100
committerJohn Johansen <john.johansen@canonical.com>2018-02-09 20:30:00 +0100
commita6a52579e52b55448326db88bd9a5740e7c1a037 (patch)
treea8f9a62cfa04f14d8c6448faff38beab8e17e568 /security/apparmor
parentapparmor: fix logging of the existence test for signals (diff)
downloadlinux-a6a52579e52b55448326db88bd9a5740e7c1a037.tar.xz
linux-a6a52579e52b55448326db88bd9a5740e7c1a037.zip
apparmor: split load data into management struct and data blob
Splitting the management struct from the actual data blob will allow us in the future to do some sharing and other data reduction techniques like replacing the the raw data with compressed data. Prepare for this by separating the management struct from the data blob. Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor')
-rw-r--r--security/apparmor/include/policy_unpack.h2
-rw-r--r--security/apparmor/policy_unpack.c13
2 files changed, 11 insertions, 4 deletions
diff --git a/security/apparmor/include/policy_unpack.h b/security/apparmor/include/policy_unpack.h
index be6cd69ac319..8db4ab759e80 100644
--- a/security/apparmor/include/policy_unpack.h
+++ b/security/apparmor/include/policy_unpack.h
@@ -70,7 +70,7 @@ struct aa_loaddata {
int abi;
unsigned char *hash;
- char data[];
+ char *data;
};
int aa_unpack(struct aa_loaddata *udata, struct list_head *lh, const char **ns);
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 59a1a25b7d43..ece0c246cfe6 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -164,8 +164,9 @@ static void do_loaddata_free(struct work_struct *work)
}
kzfree(d->hash);
- kfree(d->name);
- kvfree(d);
+ kzfree(d->name);
+ kvfree(d->data);
+ kzfree(d);
}
void aa_loaddata_kref(struct kref *kref)
@@ -180,10 +181,16 @@ void aa_loaddata_kref(struct kref *kref)
struct aa_loaddata *aa_loaddata_alloc(size_t size)
{
- struct aa_loaddata *d = kvzalloc(sizeof(*d) + size, GFP_KERNEL);
+ struct aa_loaddata *d;
+ d = kzalloc(sizeof(*d), GFP_KERNEL);
if (d == NULL)
return ERR_PTR(-ENOMEM);
+ d->data = kvzalloc(size, GFP_KERNEL);
+ if (!d->data) {
+ kfree(d);
+ return ERR_PTR(-ENOMEM);
+ }
kref_init(&d->count);
INIT_LIST_HEAD(&d->list);