apparmor: Convert aa_secids to XArray

Signed-off-by: Matthew Wilcox <willy@infradead.org>

diff --git a/security/apparmor/include/secid.h b/security/apparmor/include/secid.h
index 48ff1ddecad5186526fbfa5b0e307a98828bb937..278dff5ecd1f3cdbf8578d7494185e62c5f5e068 100644 (file)
--- a/security/apparmor/include/secid.h
+++ b/security/apparmor/include/secid.h
@@ -31,6 +31,4 @@ int aa_alloc_secid(struct aa_label *label, gfp_t gfp);
 void aa_free_secid(u32 secid);
 void aa_secid_update(u32 secid, struct aa_label *label);
 
-void aa_secids_init(void);
-
 #endif /* __AA_SECID_H */

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index ec3a928af8299a1ccca676575c9b469c977ae3e5..123afbdb48b119f20c6dfa50f561d41eaa79ec85 100644 (file)
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -1706,8 +1706,6 @@ static int __init apparmor_init(void)
 {
        int error;
 
-       aa_secids_init();
-
        error = aa_setup_dfa_engine();
        if (error) {
                AA_ERROR("Unable to setup dfa engine\n");

diff --git a/security/apparmor/secid.c b/security/apparmor/secid.c
index ce545f99259e5291ef6c99142e3e2ffccf19cde4..c9440ccf1a9decad67e18fb00e8938985bb72edd 100644 (file)
--- a/security/apparmor/secid.c
+++ b/security/apparmor/secid.c
@@ -29,8 +29,7 @@
  */
 #define AA_FIRST_SECID 2
 
-static DEFINE_IDR(aa_secids);
-static DEFINE_SPINLOCK(secid_lock);
+static DEFINE_XARRAY_FLAGS(aa_secids, XA_FLAGS_ALLOC | XA_FLAGS_LOCK_IRQ);
 
 /*
  * TODO: allow policy to reserve a secid range?
@@ -47,9 +46,9 @@ void aa_secid_update(u32 secid, struct aa_label *label)
 {
        unsigned long flags;
 
-       spin_lock_irqsave(&secid_lock, flags);
-       idr_replace(&aa_secids, label, secid);
-       spin_unlock_irqrestore(&secid_lock, flags);
+       xa_lock_irqsave(&aa_secids, flags);
+       __xa_store(&aa_secids, secid - AA_FIRST_SECID, label, 0);
+       xa_unlock_irqrestore(&aa_secids, flags);
 }
 
 /**
@@ -58,13 +57,7 @@ void aa_secid_update(u32 secid, struct aa_label *label)
  */
 struct aa_label *aa_secid_to_label(u32 secid)
 {
-       struct aa_label *label;
-
-       rcu_read_lock();
-       label = idr_find(&aa_secids, secid);
-       rcu_read_unlock();
-
-       return label;
+       return xa_load(&aa_secids, secid - AA_FIRST_SECID);
 }
 
 int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
@@ -118,28 +111,23 @@ void apparmor_release_secctx(char *secdata, u32 seclen)
  * @label: the label to allocate a secid for
  * @gfp: memory allocation flags
  *
- * Returns: 0 with @label->secid initialized
- *          <0 returns error with @label->secid set to AA_SECID_INVALID
+ * Return: 0 with @label->secid initialized
+ *         <0 returns error with @label->secid set to AA_SECID_INVALID
  */
 int aa_alloc_secid(struct aa_label *label, gfp_t gfp)
 {
        unsigned long flags;
-       int ret;
+       int err;
 
-       idr_preload(gfp);
-       spin_lock_irqsave(&secid_lock, flags);
-       ret = idr_alloc(&aa_secids, label, AA_FIRST_SECID, 0, GFP_ATOMIC);
-       spin_unlock_irqrestore(&secid_lock, flags);
-       idr_preload_end();
+       label->secid = AA_SECID_INVALID;
 
-       if (ret < 0) {
-               label->secid = AA_SECID_INVALID;
-               return ret;
-       }
+       xa_lock_irqsave(&aa_secids, flags);
+       err = __xa_alloc(&aa_secids, &label->secid, label, xa_limit_32b, gfp);
+       if (!err)
+               label->secid += AA_FIRST_SECID;
+       xa_unlock_irqrestore(&aa_secids, flags);
 
-       AA_BUG(ret == AA_SECID_INVALID);
-       label->secid = ret;
-       return 0;
+       return err;
 }
 
 /**
@@ -150,12 +138,7 @@ void aa_free_secid(u32 secid)
 {
        unsigned long flags;
 
-       spin_lock_irqsave(&secid_lock, flags);
-       idr_remove(&aa_secids, secid);
-       spin_unlock_irqrestore(&secid_lock, flags);
-}
-
-void aa_secids_init(void)
-{
-       idr_init_base(&aa_secids, AA_FIRST_SECID);
+       xa_lock_irqsave(&aa_secids, flags);
+       __xa_erase(&aa_secids, secid - AA_FIRST_SECID);
+       xa_unlock_irqrestore(&aa_secids, flags);
 }