diff options
| author | Matthew Wilcox <willy@infradead.org> | 2022-06-06 21:23:22 +0100 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2022-07-13 17:16:02 -0700 |
| commit | df4390934da48e0462d1e77fba3e15f080e2c2a0 (patch) | |
| tree | e3059606b4e74c466263aabc28b5defd04fcdff2 /security/apparmor/include/secid.h | |
| parent | 95c0581f9bfdfbe97126ba1c7f5650a9dd064dda (diff) | |
| download | linux-df4390934da48e0462d1e77fba3e15f080e2c2a0.tar.gz linux-df4390934da48e0462d1e77fba3e15f080e2c2a0.tar.bz2 linux-df4390934da48e0462d1e77fba3e15f080e2c2a0.zip | |
apparmor: Convert secid mapping to XArrays instead of IDR
XArrays are a better match than IDR for how AppArmor is mapping
secids. Specifically AppArmor is trying to keep the allocation
dense. XArrays also have the advantage of avoiding the complexity IDRs
preallocation.
In addition this avoids/fixes a lockdep issue raised in the LKML thread
"Linux 5.18-rc4"
where there is a report of an interaction between apparmor and IPC,
this warning may have been spurious as the reported issue is in a
per-cpu local lock taken by the IDR. With the one side in the IPC id
allocation and the other in AppArmor's secid allocation.
Description by John Johansen <john.johansen@canonical.com>
Message-Id: <226cee6a-6ca1-b603-db08-8500cd8f77b7@gnuweeb.org>
Signed-off-by: Matthew Wilcox <willy@infradead.org>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/include/secid.h')
| -rw-r--r-- | security/apparmor/include/secid.h | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/security/apparmor/include/secid.h b/security/apparmor/include/secid.h index 48ff1ddecad5..278dff5ecd1f 100644 --- a/security/apparmor/include/secid.h +++ b/security/apparmor/include/secid.h @@ -31,6 +31,4 @@ int aa_alloc_secid(struct aa_label *label, gfp_t gfp); void aa_free_secid(u32 secid); void aa_secid_update(u32 secid, struct aa_label *label); -void aa_secids_init(void); - #endif /* __AA_SECID_H */ |