From: Matthew Wilcox Date: Thu, 7 Feb 2019 13:33:47 +0000 (-0500) Subject: apparmor: Convert aa_secids to XArray X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=431af29f6673305d27782aa883cbacb09afa7608;p=users%2Fwilly%2Fxarray.git apparmor: Convert aa_secids to XArray Signed-off-by: Matthew Wilcox --- diff --git a/security/apparmor/include/secid.h b/security/apparmor/include/secid.h index 48ff1ddecad5..278dff5ecd1f 100644 --- a/security/apparmor/include/secid.h +++ b/security/apparmor/include/secid.h @@ -31,6 +31,4 @@ int aa_alloc_secid(struct aa_label *label, gfp_t gfp); void aa_free_secid(u32 secid); void aa_secid_update(u32 secid, struct aa_label *label); -void aa_secids_init(void); - #endif /* __AA_SECID_H */ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index ec3a928af829..123afbdb48b1 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1706,8 +1706,6 @@ static int __init apparmor_init(void) { int error; - aa_secids_init(); - error = aa_setup_dfa_engine(); if (error) { AA_ERROR("Unable to setup dfa engine\n"); diff --git a/security/apparmor/secid.c b/security/apparmor/secid.c index ce545f99259e..c9440ccf1a9d 100644 --- a/security/apparmor/secid.c +++ b/security/apparmor/secid.c @@ -29,8 +29,7 @@ */ #define AA_FIRST_SECID 2 -static DEFINE_IDR(aa_secids); -static DEFINE_SPINLOCK(secid_lock); +static DEFINE_XARRAY_FLAGS(aa_secids, XA_FLAGS_ALLOC | XA_FLAGS_LOCK_IRQ); /* * TODO: allow policy to reserve a secid range? @@ -47,9 +46,9 @@ void aa_secid_update(u32 secid, struct aa_label *label) { unsigned long flags; - spin_lock_irqsave(&secid_lock, flags); - idr_replace(&aa_secids, label, secid); - spin_unlock_irqrestore(&secid_lock, flags); + xa_lock_irqsave(&aa_secids, flags); + __xa_store(&aa_secids, secid - AA_FIRST_SECID, label, 0); + xa_unlock_irqrestore(&aa_secids, flags); } /** @@ -58,13 +57,7 @@ void aa_secid_update(u32 secid, struct aa_label *label) */ struct aa_label *aa_secid_to_label(u32 secid) { - struct aa_label *label; - - rcu_read_lock(); - label = idr_find(&aa_secids, secid); - rcu_read_unlock(); - - return label; + return xa_load(&aa_secids, secid - AA_FIRST_SECID); } int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) @@ -118,28 +111,23 @@ void apparmor_release_secctx(char *secdata, u32 seclen) * @label: the label to allocate a secid for * @gfp: memory allocation flags * - * Returns: 0 with @label->secid initialized - * <0 returns error with @label->secid set to AA_SECID_INVALID + * Return: 0 with @label->secid initialized + * <0 returns error with @label->secid set to AA_SECID_INVALID */ int aa_alloc_secid(struct aa_label *label, gfp_t gfp) { unsigned long flags; - int ret; + int err; - idr_preload(gfp); - spin_lock_irqsave(&secid_lock, flags); - ret = idr_alloc(&aa_secids, label, AA_FIRST_SECID, 0, GFP_ATOMIC); - spin_unlock_irqrestore(&secid_lock, flags); - idr_preload_end(); + label->secid = AA_SECID_INVALID; - if (ret < 0) { - label->secid = AA_SECID_INVALID; - return ret; - } + xa_lock_irqsave(&aa_secids, flags); + err = __xa_alloc(&aa_secids, &label->secid, label, xa_limit_32b, gfp); + if (!err) + label->secid += AA_FIRST_SECID; + xa_unlock_irqrestore(&aa_secids, flags); - AA_BUG(ret == AA_SECID_INVALID); - label->secid = ret; - return 0; + return err; } /** @@ -150,12 +138,7 @@ void aa_free_secid(u32 secid) { unsigned long flags; - spin_lock_irqsave(&secid_lock, flags); - idr_remove(&aa_secids, secid); - spin_unlock_irqrestore(&secid_lock, flags); -} - -void aa_secids_init(void) -{ - idr_init_base(&aa_secids, AA_FIRST_SECID); + xa_lock_irqsave(&aa_secids, flags); + __xa_erase(&aa_secids, secid - AA_FIRST_SECID); + xa_unlock_irqrestore(&aa_secids, flags); }