apparmor: pass gfp_t parameter into profile allocation

Signed-off-by: John Johansen <john.johansen@canonical.com>

diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
index 1573cade8812db34f3f34b65af671792c4134d27..b44eaea2bd2c88c1424de001185a4083e12151ef 100644 (file)
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -172,7 +172,7 @@ void aa_add_profile(struct aa_policy *common, struct aa_profile *profile);
 
 
 void aa_free_proxy_kref(struct kref *kref);
-struct aa_profile *aa_alloc_profile(const char *name);
+struct aa_profile *aa_alloc_profile(const char *name, gfp_t gfp);
 struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat);
 void aa_free_profile(struct aa_profile *profile);
 void aa_free_profile_kref(struct kref *kref);

diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index e02ab20b0a8d091ae449729a6b9506479be7329e..e310f3b63fbed4e2848fbe86eee5549ad2d162db 100644 (file)
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -255,24 +255,25 @@ void aa_free_profile_kref(struct kref *kref)
 /**
  * aa_alloc_profile - allocate, initialize and return a new profile
  * @hname: name of the profile  (NOT NULL)
+ * @gfp: allocation type
  *
  * Returns: refcount profile or NULL on failure
  */
-struct aa_profile *aa_alloc_profile(const char *hname)
+struct aa_profile *aa_alloc_profile(const char *hname, gfp_t gfp)
 {
        struct aa_profile *profile;
 
        /* freed by free_profile - usually through aa_put_profile */
-       profile = kzalloc(sizeof(*profile), GFP_KERNEL);
+       profile = kzalloc(sizeof(*profile), gfp);
        if (!profile)
                return NULL;
 
-       profile->proxy = kzalloc(sizeof(struct aa_proxy), GFP_KERNEL);
+       profile->proxy = kzalloc(sizeof(struct aa_proxy), gfp);
        if (!profile->proxy)
                goto fail;
        kref_init(&profile->proxy->count);
 
-       if (!aa_policy_init(&profile->base, NULL, hname, GFP_KERNEL))
+       if (!aa_policy_init(&profile->base, NULL, hname, gfp))
                goto fail;
        kref_init(&profile->count);
 
@@ -312,7 +313,7 @@ struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat)
                goto fail;
        sprintf(name, "%s//null-%x", parent->base.hname, uniq);
 
-       profile = aa_alloc_profile(name);
+       profile = aa_alloc_profile(name, GFP_KERNEL);
        kfree(name);
        if (!profile)
                goto fail;

diff --git a/security/apparmor/policy_ns.c b/security/apparmor/policy_ns.c
index f6cdc738ffcdd077312491d4a38062c081134115..1e19bd3c785124782c0132b76d2814ba1f0defab 100644 (file)
--- a/security/apparmor/policy_ns.c
+++ b/security/apparmor/policy_ns.c
@@ -102,7 +102,7 @@ static struct aa_ns *alloc_ns(const char *prefix, const char *name)
        mutex_init(&ns->lock);
 
        /* released by aa_free_ns() */
-       ns->unconfined = aa_alloc_profile("unconfined");
+       ns->unconfined = aa_alloc_profile("unconfined", GFP_KERNEL);
        if (!ns->unconfined)
                goto fail_unconfined;
 

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 138120698f839e049a5cf2460572559f3529e337..9ddc6b2a732268f6d778eb6e9d07e9041501b6c2 100644 (file)
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -486,7 +486,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
        if (!unpack_str(e, &name, NULL))
                goto fail;
 
-       profile = aa_alloc_profile(name);
+       profile = aa_alloc_profile(name, GFP_KERNEL);
        if (!profile)
                return ERR_PTR(-ENOMEM);