]> asedeno.scripts.mit.edu Git - linux.git/blobdiff - security/apparmor/mount.c
projects / linux.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge tag 'iio-fixes-for-5.5a' of git://git.kernel.org/pub/scm/linux/kernel/git/jic23...
[linux.git] / security / apparmor / mount.c
diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c
index 17081c8dbefacae33dd8e84bf19dfefdd2b22bb4..4ed6688f9d404c1d73d6da7134b572db760ebb21 100644 (file)
--- a/security/apparmor/mount.c
+++ b/security/apparmor/mount.c
@@ -408,11 +408,13 @@ int aa_remount(struct aa_label *label, const struct path *path,
 
        binary = path->dentry->d_sb->s_type->fs_flags & FS_BINARY_MOUNTDATA;
 
-       get_buffers(buffer);
+       buffer = aa_get_buffer(false);
+       if (!buffer)
+               return -ENOMEM;
        error = fn_for_each_confined(label, profile,
                        match_mnt(profile, path, buffer, NULL, NULL, NULL,
                                  flags, data, binary));
-       put_buffers(buffer);
+       aa_put_buffer(buffer);
 
        return error;
 }
@@ -437,11 +439,18 @@ int aa_bind_mount(struct aa_label *label, const struct path *path,
        if (error)
                return error;
 
-       get_buffers(buffer, old_buffer);
+       buffer = aa_get_buffer(false);
+       old_buffer = aa_get_buffer(false);
+       error = -ENOMEM;
+       if (!buffer || old_buffer)
+               goto out;
+
        error = fn_for_each_confined(label, profile,
                        match_mnt(profile, path, buffer, &old_path, old_buffer,
                                  NULL, flags, NULL, false));
-       put_buffers(buffer, old_buffer);
+out:
+       aa_put_buffer(buffer);
+       aa_put_buffer(old_buffer);
        path_put(&old_path);
 
        return error;
@@ -461,11 +470,13 @@ int aa_mount_change_type(struct aa_label *label, const struct path *path,
        flags &= (MS_REC | MS_SILENT | MS_SHARED | MS_PRIVATE | MS_SLAVE |
                  MS_UNBINDABLE);
 
-       get_buffers(buffer);
+       buffer = aa_get_buffer(false);
+       if (!buffer)
+               return -ENOMEM;
        error = fn_for_each_confined(label, profile,
                        match_mnt(profile, path, buffer, NULL, NULL, NULL,
                                  flags, NULL, false));
-       put_buffers(buffer);
+       aa_put_buffer(buffer);
 
        return error;
 }
@@ -488,11 +499,17 @@ int aa_move_mount(struct aa_label *label, const struct path *path,
        if (error)
                return error;
 
-       get_buffers(buffer, old_buffer);
+       buffer = aa_get_buffer(false);
+       old_buffer = aa_get_buffer(false);
+       error = -ENOMEM;
+       if (!buffer || !old_buffer)
+               goto out;
        error = fn_for_each_confined(label, profile,
                        match_mnt(profile, path, buffer, &old_path, old_buffer,
                                  NULL, MS_MOVE, NULL, false));
-       put_buffers(buffer, old_buffer);
+out:
+       aa_put_buffer(buffer);
+       aa_put_buffer(old_buffer);
        path_put(&old_path);
 
        return error;
@@ -533,8 +550,17 @@ int aa_new_mount(struct aa_label *label, const char *dev_name,
                }
        }
 
-       get_buffers(buffer, dev_buffer);
+       buffer = aa_get_buffer(false);
+       if (!buffer) {
+               error = -ENOMEM;
+               goto out;
+       }
        if (dev_path) {
+               dev_buffer = aa_get_buffer(false);
+               if (!dev_buffer) {
+                       error = -ENOMEM;
+                       goto out;
+               }
                error = fn_for_each_confined(label, profile,
                        match_mnt(profile, path, buffer, dev_path, dev_buffer,
                                  type, flags, data, binary));
@@ -543,7 +569,10 @@ int aa_new_mount(struct aa_label *label, const char *dev_name,
                        match_mnt_path_str(profile, path, buffer, dev_name,
                                           type, flags, data, binary, NULL));
        }
-       put_buffers(buffer, dev_buffer);
+
+out:
+       aa_put_buffer(buffer);
+       aa_put_buffer(dev_buffer);
        if (dev_path)
                path_put(dev_path);
 
@@ -591,10 +620,13 @@ int aa_umount(struct aa_label *label, struct vfsmount *mnt, int flags)
        AA_BUG(!label);
        AA_BUG(!mnt);
 
-       get_buffers(buffer);
+       buffer = aa_get_buffer(false);
+       if (!buffer)
+               return -ENOMEM;
+
        error = fn_for_each_confined(label, profile,
                        profile_umount(profile, &path, buffer));
-       put_buffers(buffer);
+       aa_put_buffer(buffer);
 
        return error;
 }
@@ -667,8 +699,12 @@ int aa_pivotroot(struct aa_label *label, const struct path *old_path,
        AA_BUG(!old_path);
        AA_BUG(!new_path);
 
-       get_buffers(old_buffer, new_buffer);
-       target = fn_label_build(label, profile, GFP_ATOMIC,
+       old_buffer = aa_get_buffer(false);
+       new_buffer = aa_get_buffer(false);
+       error = -ENOMEM;
+       if (!old_buffer || !new_buffer)
+               goto out;
+       target = fn_label_build(label, profile, GFP_KERNEL,
                        build_pivotroot(profile, new_path, new_buffer,
                                        old_path, old_buffer));
        if (!target) {
@@ -686,7 +722,8 @@ int aa_pivotroot(struct aa_label *label, const struct path *old_path,
                /* already audited error */
                error = PTR_ERR(target);
 out:
-       put_buffers(old_buffer, new_buffer);
+       aa_put_buffer(old_buffer);
+       aa_put_buffer(new_buffer);
 
        return error;
 
local clone of linux.git