summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2019-09-13 22:24:23 -0700
committerJohn Johansen <john.johansen@canonical.com>2019-11-22 16:40:21 -0800
commitbce4e7e9c45ef97ac1e30b9cb4adc25b5b5a7cfa (patch)
tree6370690d5d2b83b3f12cc5d441b60947a7cfdf64
parent8f21a62475258ba07b032f5006fb26fd6501f314 (diff)
downloadlwn-bce4e7e9c45ef97ac1e30b9cb4adc25b5b5a7cfa.tar.gz
lwn-bce4e7e9c45ef97ac1e30b9cb4adc25b5b5a7cfa.zip
apparmor: reduce rcu_read_lock scope for aa_file_perm mediation
Now that the buffers allocation has changed and no longer needs the full mediation under an rcu_read_lock, reduce the rcu_read_lock scope to only where it is necessary. Fixes: df323337e507 ("apparmor: Use a memory pool instead per-CPU caches") Signed-off-by: John Johansen <john.johansen@canonical.com>
-rw-r--r--security/apparmor/file.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/security/apparmor/file.c b/security/apparmor/file.c
index ab56e1994b01..37d62ecec29d 100644
--- a/security/apparmor/file.c
+++ b/security/apparmor/file.c
@@ -621,7 +621,8 @@ int aa_file_perm(const char *op, struct aa_label *label, struct file *file,
fctx = file_ctx(file);
rcu_read_lock();
- flabel = rcu_dereference(fctx->label);
+ flabel = aa_get_newest_label(rcu_dereference(fctx->label));
+ rcu_read_unlock();
AA_BUG(!flabel);
/* revalidate access, if task is unconfined, or the cached cred
@@ -646,8 +647,7 @@ int aa_file_perm(const char *op, struct aa_label *label, struct file *file,
error = __file_sock_perm(op, label, flabel, file, request,
denied);
done:
- rcu_read_unlock();
-
+ aa_put_label(flabel);
return error;
}