diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2019-12-03 12:51:35 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2019-12-03 12:51:35 -0800 |
commit | 79e178a57dae819ae724065b47c25720494cc9f2 (patch) | |
tree | 821bf3adee5ad86ba88d2ed25f2131854aa10147 /security/apparmor/match.c | |
parent | 01d1dff64662646023482806c6db8ef0b280c403 (diff) | |
parent | 341c1fda5e17156619fb71acfc7082b2669b4b72 (diff) |
Merge tag 'apparmor-pr-2019-12-03' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor
Pull apparmor updates from John Johansen:
"Features:
- increase left match history buffer size to provide improved
conflict resolution in overlapping execution rules.
- switch buffer allocation to use a memory pool and GFP_KERNEL where
possible.
- add compression of policy blobs to reduce memory usage.
Cleanups:
- fix spelling mistake "immutible" -> "immutable"
Bug fixes:
- fix unsigned len comparison in update_for_len macro
- fix sparse warning for type-casting of current->real_cred"
* tag 'apparmor-pr-2019-12-03' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor:
apparmor: make it so work buffers can be allocated from atomic context
apparmor: reduce rcu_read_lock scope for aa_file_perm mediation
apparmor: fix wrong buffer allocation in aa_new_mount
apparmor: fix unsigned len comparison with less than zero
apparmor: increase left match history buffer size
apparmor: Switch to GFP_KERNEL where possible
apparmor: Use a memory pool instead per-CPU caches
apparmor: Force type-casting of current->real_cred
apparmor: fix spelling mistake "immutible" -> "immutable"
apparmor: fix blob compression when ns is forced on a policy load
apparmor: fix missing ZLIB defines
apparmor: fix blob compression build failure on ppc
apparmor: Initial implementation of raw policy blob compression
Diffstat (limited to 'security/apparmor/match.c')
-rw-r--r-- | security/apparmor/match.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/security/apparmor/match.c b/security/apparmor/match.c index 6ccd3734a841..525ce22dc0e9 100644 --- a/security/apparmor/match.c +++ b/security/apparmor/match.c @@ -616,8 +616,8 @@ unsigned int aa_dfa_matchn_until(struct aa_dfa *dfa, unsigned int start, #define inc_wb_pos(wb) \ do { \ - wb->pos = (wb->pos + 1) & (wb->size - 1); \ - wb->len = (wb->len + 1) & (wb->size - 1); \ + wb->pos = (wb->pos + 1) & (WB_HISTORY_SIZE - 1); \ + wb->len = (wb->len + 1) & (WB_HISTORY_SIZE - 1); \ } while (0) /* For DFAs that don't support extended tagging of states */ @@ -636,7 +636,7 @@ static bool is_loop(struct match_workbuf *wb, unsigned int state, return true; } if (pos == 0) - pos = wb->size; + pos = WB_HISTORY_SIZE; pos--; } |