On Wed, May 01, 2013 at 02:31:04PM -0700, John Johansen wrote: > In error conditions is possible to put a label that has not been added > to a labelset. In this case just directly free it. > > Signed-off-by: John Johansen <[email protected]>
Acked-by: Seth Arnold <[email protected]> > --- > security/apparmor/label.c | 13 +++++++++---- > 1 file changed, 9 insertions(+), 4 deletions(-) > > diff --git a/security/apparmor/label.c b/security/apparmor/label.c > index c369dcb..9a74c50 100644 > --- a/security/apparmor/label.c > +++ b/security/apparmor/label.c > @@ -131,13 +131,18 @@ static bool __aa_label_remove(struct aa_labelset *ls, > struct aa_label *label); > void aa_label_kref(struct kref *kref) > { > struct aa_label *l = container_of(kref, struct aa_label, count); > - struct aa_labelset *ls = labels_set(l); > + struct aa_namespace *ns = labels_ns(l); > unsigned long flags; > > + if (!ns) { > + /* never live, no rcu call back just using the fn */ > + label_free_rcu(&l->rcu); > + return; > + } > > - write_lock_irqsave(&ls->lock, flags); > - (void) __aa_label_remove(ls, l); > - write_unlock_irqrestore(&ls->lock, flags); > + write_lock_irqsave(&ns->labels.lock, flags); > + (void) __aa_label_remove(&ns->labels, l); > + write_unlock_irqrestore(&ns->labels.lock, flags); > > /* TODO: if compound label and not invalid add to reclaim cache */ > call_rcu(&l->rcu, label_free_rcu); > -- > 1.8.1.2 > > > -- > AppArmor mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor >
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
