On Wed, May 01, 2013 at 02:31:06PM -0700, John Johansen wrote: > Just add the labels to the tree to make sure insertions and deletions > into the rb tree are working.
> @@ -1330,6 +1347,8 @@ ssize_t aa_remove_profiles(char *fqname, size_t size) > } > name = profile->base.hname; > __remove_profile(profile); > + aa_label_remove(&ns->labels, &profile->label); > + __aa_labelset_invalidate_all(ns, profile); > mutex_unlock(&ns->lock); > } __remove_profile() may already call __aa_label_remove(): __remove_profile() __list_remove_profile() aa_put_profile() aa_label_kref() __aa_label_remove() As a result of __remove_profile(), I believe that the next reference to &profile->label may even be invalid: ... aa_label_kref() label_free_rcu() aa_free_profile() kzfree() I guess the RCU mechanisms might mean that the data wouldn't actually be reaped until after the above code has already run to completion -- I really should re-read the RCU paper -- but the mixing of cleanup operations in current context vs in RCU callback is a bit more subtle than me. :) Thanks
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
