leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

apparmor: reduce rcu_read_lock scope for aa_file_perm mediation

Browse Source 
Now that the buffers allocation has changed and no longer needs
the full mediation under an rcu_read_lock, reduce the rcu_read_lock
scope to only where it is necessary.

Fixes: df323337e5 ("apparmor: Use a memory pool instead per-CPU caches")
Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen 2019-09-13 22:24:23 -07:00
parent 8f21a62475
commit bce4e7e9c4
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
security/apparmor/file.c
View File

@ -621,7 +621,8 @@ int aa_file_perm(const char *op, struct aa_label *label, struct file *file,
fctx = file_ctx(file); fctx = file_ctx(file);
rcu_read_lock(); rcu_read_lock();
flabel = rcu_dereference(fctx->label); flabel = aa_get_newest_label(rcu_dereference(fctx->label));
rcu_read_unlock();
AA_BUG(!flabel); AA_BUG(!flabel);
/* revalidate access, if task is unconfined, or the cached cred /* revalidate access, if task is unconfined, or the cached cred
@ -646,8 +647,7 @@ int aa_file_perm(const char *op, struct aa_label *label, struct file *file,
error = __file_sock_perm(op, label, flabel, file, request, error = __file_sock_perm(op, label, flabel, file, request,
denied); denied);
done: done:
rcu_read_unlock(); aa_put_label(flabel);
return error; return error;
} }