Re: [Patch 0/12] AppArmor security module

From: Tetsuo Handa
Date: Thu Nov 05 2009 - 00:49:49 EST


I browsed using lxr.

> static int aa_audit_caps(struct aa_profile *profile, struct aa_audit_caps *sa)
> ent = &get_cpu_var(audit_cache);
> if (sa->base.task == ent->task && cap_raised(ent->caps, sa->cap)) {

put_cpu_var(audit_cache); ?

> if (PROFILE_COMPLAIN(profile))
> return 0;
> return sa->base.error;
> } else {
> ent->task = sa->base.task;
> cap_raise(ent->caps, sa->cap);
> }
> put_cpu_var(audit_cache);

Regarding unpack_*(), I'm not sure, but e seems to be no longer used after once
unpack_*() failed. If so, we can remove

> void *pos = e->pos;


> fail:
> e->pos = pos;

Also, please add comments regarding

memory allocated here is released by ...

refcount obtained here is released by ...

the caller of this function need to hold ... lock

as it is difficult for me to track memleak/refcounter/locking bugs.
For example, in function apparmor_dentry_open(), from

fcxt->profile = aa_get_profile(profile);

to something like

/* released by ... */
fcxt->profile = aa_get_profile(profile);

(Oh, is it correct to get refcount even if aa_path_perm() failed?)

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at