From 2053c4727c5a891bf182397e425b6cb87b2ae613 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Thu, 8 Dec 2011 16:25:48 -0800 Subject: apparmor: add missing rcu_dereference() Adds a missed rcu_dereference() around real_parent. Signed-off-by: Kees Cook Acked-by: John Johansen Signed-off-by: James Morris --- security/apparmor/audit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security/apparmor') diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c index 96502b22b268..f3fafedd798a 100644 --- a/security/apparmor/audit.c +++ b/security/apparmor/audit.c @@ -133,7 +133,7 @@ static void audit_pre(struct audit_buffer *ab, void *ca) struct aa_profile *profile = sa->aad.profile; pid_t pid; rcu_read_lock(); - pid = tsk->real_parent->pid; + pid = rcu_dereference(tsk->real_parent)->pid; rcu_read_unlock(); audit_log_format(ab, " parent=%d", pid); if (profile->ns != root_ns) { -- cgit v1.2.3-59-g8ed1b From b8aa09fd880eb4c2881b9f3c8a8d09c0404cd4eb Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Thu, 15 Dec 2011 13:41:32 +1030 Subject: apparmor: fix module parameter handling The 'aabool' wrappers actually pass off to the 'bool' parse functions, so you should use the same check function. Similarly for aauint and uint. (Note that 'bool' module parameters also allow 'int', which is why you got away with this, but that's changing very soon.) Cc: linux-security-module@vger.kernel.org Signed-off-by: Rusty Russell Acked-by: John Johansen Signed-off-by: James Morris --- security/apparmor/lsm.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'security/apparmor') diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 37832026e58a..41ae0c6cb903 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -671,7 +671,7 @@ static struct security_operations apparmor_ops = { static int param_set_aabool(const char *val, const struct kernel_param *kp); static int param_get_aabool(char *buffer, const struct kernel_param *kp); -#define param_check_aabool(name, p) __param_check(name, p, int) +#define param_check_aabool param_check_bool static struct kernel_param_ops param_ops_aabool = { .set = param_set_aabool, .get = param_get_aabool @@ -679,7 +679,7 @@ static struct kernel_param_ops param_ops_aabool = { static int param_set_aauint(const char *val, const struct kernel_param *kp); static int param_get_aauint(char *buffer, const struct kernel_param *kp); -#define param_check_aauint(name, p) __param_check(name, p, int) +#define param_check_aauint param_check_uint static struct kernel_param_ops param_ops_aauint = { .set = param_set_aauint, .get = param_get_aauint @@ -687,7 +687,7 @@ static struct kernel_param_ops param_ops_aauint = { static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp); static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp); -#define param_check_aalockpolicy(name, p) __param_check(name, p, int) +#define param_check_aalockpolicy param_check_bool static struct kernel_param_ops param_ops_aalockpolicy = { .set = param_set_aalockpolicy, .get = param_get_aalockpolicy -- cgit v1.2.3-59-g8ed1b