@@ -56,7 +56,7 @@ static char *aa_simple_write_to_buffer(int op, const char __user *userbuf,
return ERR_PTR(-EACCES);
/* freed by caller to simple_write_to_buffer */
- data = kvmalloc(alloc_size);
+ data = kvmalloc(alloc_size, 0);
if (data == NULL)
return ERR_PTR(-ENOMEM);
@@ -15,6 +15,7 @@
#ifndef __APPARMOR_H
#define __APPARMOR_H
+#include <linux/slab.h>
#include <linux/fs.h>
#include "match.h"
@@ -51,9 +52,18 @@ extern int apparmor_initialized __initdata;
/* fn's in lib */
char *aa_split_fqname(char *args, char **ns_name);
void aa_info_message(const char *str);
-void *kvmalloc(size_t size);
+void *kvmalloc(size_t size, gfp_t flags);
void kvfree(void *buffer);
+/**
+ * kvzalloc - allocate memory. The memory is set to zero.
+ * @size: how many bytes of memory are required.
+ * @flags: the type of memory to allocate (see kmalloc).
+ */
+static inline void *kvzalloc(size_t size, gfp_t flags)
+{
+ return kvmalloc(size, flags | __GFP_ZERO);
+}
/**
* aa_strneq - compare null terminated @str to a non null terminated substring
@@ -72,14 +72,15 @@ void aa_info_message(const char *str)
/**
* kvmalloc - do allocation preferring kmalloc but falling back to vmalloc
- * @size: size of allocation
+ * @size: how many bytes of memory are required
+ * @flags: the type of memory to allocate (see kmalloc).
*
* Return: allocated buffer or NULL if failed
*
* It is possible that policy being loaded from the user is larger than
* what can be allocated by kmalloc, in those cases fall back to vmalloc.
*/
-void *kvmalloc(size_t size)
+void *kvmalloc(size_t size, gfp_t flags)
{
void *buffer = NULL;
@@ -88,7 +89,7 @@ void *kvmalloc(size_t size)
/* do not attempt kmalloc if we need more than 16 pages at once */
if (size <= (16*PAGE_SIZE))
- buffer = kmalloc(size, GFP_NOIO | __GFP_NOWARN);
+ buffer = kmalloc(size, flags | GFP_NOIO | __GFP_NOWARN);
if (!buffer) {
/* see kvfree for why size must be at least work_struct size
* when allocated via vmalloc
@@ -64,7 +64,7 @@ static struct table_header *unpack_table(char *blob, size_t bsize)
if (th.td_id == YYTD_ID_NXT || th.td_id == YYTD_ID_CHK)
tsize += 256 * th.td_flags;
- table = kvmalloc(tsize);
+ table = kvmalloc(tsize, 0);
if (table) {
/* ensure the pad is clear, else there will be errors */
memset(table, 0, tsize);
Signed-off-by: John Johansen <john.johansen@canonical.com> --- security/apparmor/apparmorfs.c | 2 +- security/apparmor/include/apparmor.h | 12 +++++++++++- security/apparmor/lib.c | 7 ++++--- security/apparmor/match.c | 2 +- 4 files changed, 17 insertions(+), 6 deletions(-)