apparmor: Move path lookup to using preallocated buffers

Dynamically allocating buffers is problematic and is an extra layer that is a potntial point of failure and can slow down mediation. Change path lookup to use the preallocated per cpu buffers. Signed-off-by: John Johansen <john.johansen@canonical.com>
2017-05-23 03:25:14 -07:00
parent 72c8a76864
commit 4227c333f6
4 changed files with 53 additions and 86 deletions
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -357,6 +357,9 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
 	AA_BUG(!ctx);

 	profile = aa_get_newest_profile(ctx->profile);
+
+	/* buffer freed below, name is pointer into buffer */
+	get_buffers(buffer);
 	/*
 	 * get the namespace from the replacement profile as replacement
 	 * can change the namespace
@@ -364,8 +367,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
 	ns = profile->ns;
 	state = profile->file.start;

-	/* buffer freed below, name is pointer into buffer */
-	error = aa_path_name(&bprm->file->f_path, profile->path_flags, &buffer,
+	error = aa_path_name(&bprm->file->f_path, profile->path_flags, buffer,
 			     &name, &info, profile->disconnected);
 	if (error) {
 		if (unconfined(profile) ||
@@ -515,7 +517,7 @@ audit:
 cleanup:
 	aa_put_profile(new_profile);
 	aa_put_profile(profile);
-	kfree(buffer);
+	put_buffers(buffer);

 	return error;
 }