summaryrefslogtreecommitdiff
path: root/security/apparmor
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2019-05-31 06:54:54 -0700
committerJohn Johansen <john.johansen@canonical.com>2019-06-20 10:33:31 -0700
commit136db994852a9b405ac1074de0e7a1c4c840b8ee (patch)
tree361f1d713b06407ebb105a8ee0ea7edb9e36cfdb /security/apparmor
parent8ac2ca328ec9356f56d0dad3aa350d9600db951a (diff)
apparmor: increase left match history buffer size
There have been cases reported where a history buffer size of 8 was not enough to resolve conflict overlaps. Increase the buffer to and get rid of the size element which is currently just storing the constant WB_HISTORY_SIZE. Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor')
-rw-r--r--security/apparmor/include/match.h3
-rw-r--r--security/apparmor/match.c6
2 files changed, 4 insertions, 5 deletions
diff --git a/security/apparmor/include/match.h b/security/apparmor/include/match.h
index 958d2b52a7b7..90fc050a6c2d 100644
--- a/security/apparmor/include/match.h
+++ b/security/apparmor/include/match.h
@@ -138,7 +138,7 @@ unsigned int aa_dfa_matchn_until(struct aa_dfa *dfa, unsigned int start,
void aa_dfa_free_kref(struct kref *kref);
-#define WB_HISTORY_SIZE 8
+#define WB_HISTORY_SIZE 24
struct match_workbuf {
unsigned int count;
unsigned int pos;
@@ -151,7 +151,6 @@ struct match_workbuf N = { \
.count = 0, \
.pos = 0, \
.len = 0, \
- .size = WB_HISTORY_SIZE, \
}
unsigned int aa_dfa_leftmatch(struct aa_dfa *dfa, unsigned int start,
diff --git a/security/apparmor/match.c b/security/apparmor/match.c
index 55f2ee505a01..21fad8f48bc3 100644
--- a/security/apparmor/match.c
+++ b/security/apparmor/match.c
@@ -620,8 +620,8 @@ unsigned int aa_dfa_matchn_until(struct aa_dfa *dfa, unsigned int start,
#define inc_wb_pos(wb) \
do { \
- wb->pos = (wb->pos + 1) & (wb->size - 1); \
- wb->len = (wb->len + 1) & (wb->size - 1); \
+ wb->pos = (wb->pos + 1) & (WB_HISTORY_SIZE - 1); \
+ wb->len = (wb->len + 1) & (WB_HISTORY_SIZE - 1); \
} while (0)
/* For DFAs that don't support extended tagging of states */
@@ -640,7 +640,7 @@ static bool is_loop(struct match_workbuf *wb, unsigned int state,
return true;
}
if (pos == 0)
- pos = wb->size;
+ pos = WB_HISTORY_SIZE;
pos--;
}