apparmor: split load data into management struct and data blob

Splitting the management struct from the actual data blob will allow
us in the future to do some sharing and other data reduction
techniques like replacing the the raw data with compressed data.

Prepare for this by separating the management struct from the data
blob.

Signed-off-by: John Johansen <john.johansen@canonical.com>

diff --git a/security/apparmor/include/policy_unpack.h b/security/apparmor/include/policy_unpack.h
index be6cd69ac3194aec30aded866ca4f9152982cd4e..8db4ab759e80f37837e170744f5788125ef5f657 100644 (file)
--- a/security/apparmor/include/policy_unpack.h
+++ b/security/apparmor/include/policy_unpack.h
@@ -70,7 +70,7 @@ struct aa_loaddata {
        int abi;
        unsigned char *hash;
 
-       char data[];
+       char *data;
 };
 
 int aa_unpack(struct aa_loaddata *udata, struct list_head *lh, const char **ns);

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 59a1a25b7d43f209b594d61c7fd38fb4e0e50f37..ece0c246cfe6d25a8387a0ecc6e8302097b0d0a1 100644 (file)
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -164,8 +164,9 @@ static void do_loaddata_free(struct work_struct *work)
        }
 
        kzfree(d->hash);
-       kfree(d->name);
-       kvfree(d);
+       kzfree(d->name);
+       kvfree(d->data);
+       kzfree(d);
 }
 
 void aa_loaddata_kref(struct kref *kref)
@@ -180,10 +181,16 @@ void aa_loaddata_kref(struct kref *kref)
 
 struct aa_loaddata *aa_loaddata_alloc(size_t size)
 {
-       struct aa_loaddata *d = kvzalloc(sizeof(*d) + size, GFP_KERNEL);
+       struct aa_loaddata *d;
 
+       d = kzalloc(sizeof(*d), GFP_KERNEL);
        if (d == NULL)
                return ERR_PTR(-ENOMEM);
+       d->data = kvzalloc(size, GFP_KERNEL);
+       if (!d->data) {
+               kfree(d);
+               return ERR_PTR(-ENOMEM);
+       }
        kref_init(&d->count);
        INIT_LIST_HEAD(&d->list);