summaryrefslogtreecommitdiff
path: root/security/apparmor/policy.c
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2013-07-11 04:10:43 (GMT)
committerJohn Johansen <john.johansen@canonical.com>2013-08-14 18:42:06 (GMT)
commit742058b0f3a2ed32e2a7349aff97989dc4e32452 (patch)
tree25cc9f3f65e0b7889d5509396f6727d29a47ff57 /security/apparmor/policy.c
parentfa2ac468db510c653499a47c1ec3deb045bf4763 (diff)
downloadlinux-742058b0f3a2ed32e2a7349aff97989dc4e32452.tar.xz
apparmor: rework namespace free path
namespaces now completely use the unconfined profile to track the refcount and rcu freeing cycle. So rework the code to simplify (track everything through the profile path right up to the end), and move the rcu_head from policy base to profile as the namespace no longer needs it. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
Diffstat (limited to 'security/apparmor/policy.c')
-rw-r--r--security/apparmor/policy.c33
1 files changed, 6 insertions, 27 deletions
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index 0ceee96..aee2e71 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -329,30 +329,6 @@ static void free_namespace(struct aa_namespace *ns)
}
/**
- * aa_free_namespace_rcu - free aa_namespace by rcu
- * @head: rcu_head callback for freeing of a profile (NOT NULL)
- *
- * rcu_head is to the unconfined profile associated with the namespace
- */
-static void aa_free_namespace_rcu(struct rcu_head *head)
-{
- struct aa_profile *p = container_of(head, struct aa_profile, base.rcu);
- free_namespace(p->ns);
-}
-
-/**
- * aa_free_namespace_kref - free aa_namespace by kref (see aa_put_namespace)
- * @kr: kref callback for freeing of a namespace (NOT NULL)
- *
- * kref is to the unconfined profile associated with the namespace
- */
-void aa_free_namespace_kref(struct kref *kref)
-{
- struct aa_profile *p = container_of(kref, struct aa_profile, count);
- call_rcu(&p->base.rcu, aa_free_namespace_rcu);
-}
-
-/**
* __aa_find_namespace - find a namespace on a list by @name
* @head: list to search for namespace on (NOT NULL)
* @name: name of namespace to look for (NOT NULL)
@@ -632,8 +608,11 @@ static void free_profile(struct aa_profile *profile)
*/
static void aa_free_profile_rcu(struct rcu_head *head)
{
- struct aa_profile *p = container_of(head, struct aa_profile, base.rcu);
- free_profile(p);
+ struct aa_profile *p = container_of(head, struct aa_profile, rcu);
+ if (p->flags & PFLAG_NS_COUNT)
+ free_namespace(p->ns);
+ else
+ free_profile(p);
}
/**
@@ -643,7 +622,7 @@ static void aa_free_profile_rcu(struct rcu_head *head)
void aa_free_profile_kref(struct kref *kref)
{
struct aa_profile *p = container_of(kref, struct aa_profile, count);
- call_rcu(&p->base.rcu, aa_free_profile_rcu);
+ call_rcu(&p->rcu, aa_free_profile_rcu);
}
/**