diff options
author | John Johansen <john.johansen@canonical.com> | 2017-05-23 03:25:14 -0700 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2017-06-08 11:29:34 -0700 |
commit | 4227c333f65cddc6c2f048e5b67cfe796b9df9a6 (patch) | |
tree | 4deee8d16246bc879036da19642451b8e7cdcde0 /security/apparmor/domain.c | |
parent | 72c8a768641dc6ee8d1d9dcebd51bbec2817459b (diff) | |
download | linux-next-4227c333f65cddc6c2f048e5b67cfe796b9df9a6.tar.gz |
apparmor: Move path lookup to using preallocated buffers
Dynamically allocating buffers is problematic and is an extra layer
that is a potntial point of failure and can slow down mediation.
Change path lookup to use the preallocated per cpu buffers.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/domain.c')
-rw-r--r-- | security/apparmor/domain.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index c92fd0e7b33c..ab8f23cdccff 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -357,6 +357,9 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) AA_BUG(!ctx); profile = aa_get_newest_profile(ctx->profile); + + /* buffer freed below, name is pointer into buffer */ + get_buffers(buffer); /* * get the namespace from the replacement profile as replacement * can change the namespace @@ -364,8 +367,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) ns = profile->ns; state = profile->file.start; - /* buffer freed below, name is pointer into buffer */ - error = aa_path_name(&bprm->file->f_path, profile->path_flags, &buffer, + error = aa_path_name(&bprm->file->f_path, profile->path_flags, buffer, &name, &info, profile->disconnected); if (error) { if (unconfined(profile) || @@ -515,7 +517,7 @@ audit: cleanup: aa_put_profile(new_profile); aa_put_profile(profile); - kfree(buffer); + put_buffers(buffer); return error; } |