summaryrefslogtreecommitdiff
path: root/security/apparmor/domain.c
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2017-05-23 13:25:14 +0300
committerJohn Johansen <john.johansen@canonical.com>2017-06-08 21:29:34 +0300
commit4227c333f65cddc6c2f048e5b67cfe796b9df9a6 (patch)
tree4deee8d16246bc879036da19642451b8e7cdcde0 /security/apparmor/domain.c
parent72c8a768641dc6ee8d1d9dcebd51bbec2817459b (diff)
downloadlinux-4227c333f65cddc6c2f048e5b67cfe796b9df9a6.tar.xz
apparmor: Move path lookup to using preallocated buffers
Dynamically allocating buffers is problematic and is an extra layer that is a potntial point of failure and can slow down mediation. Change path lookup to use the preallocated per cpu buffers. Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/domain.c')
-rw-r--r--security/apparmor/domain.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index c92fd0e7b33c..ab8f23cdccff 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -357,6 +357,9 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
AA_BUG(!ctx);
profile = aa_get_newest_profile(ctx->profile);
+
+ /* buffer freed below, name is pointer into buffer */
+ get_buffers(buffer);
/*
* get the namespace from the replacement profile as replacement
* can change the namespace
@@ -364,8 +367,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
ns = profile->ns;
state = profile->file.start;
- /* buffer freed below, name is pointer into buffer */
- error = aa_path_name(&bprm->file->f_path, profile->path_flags, &buffer,
+ error = aa_path_name(&bprm->file->f_path, profile->path_flags, buffer,
&name, &info, profile->disconnected);
if (error) {
if (unconfined(profile) ||
@@ -515,7 +517,7 @@ audit:
cleanup:
aa_put_profile(new_profile);
aa_put_profile(profile);
- kfree(buffer);
+ put_buffers(buffer);
return error;
}