diff options
author | John Johansen <john.johansen@canonical.com> | 2019-05-31 06:54:54 -0700 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2019-06-20 10:33:31 -0700 |
commit | 136db994852a9b405ac1074de0e7a1c4c840b8ee (patch) | |
tree | 361f1d713b06407ebb105a8ee0ea7edb9e36cfdb /security | |
parent | 8ac2ca328ec9356f56d0dad3aa350d9600db951a (diff) | |
download | talos-op-linux-136db994852a9b405ac1074de0e7a1c4c840b8ee.tar.gz talos-op-linux-136db994852a9b405ac1074de0e7a1c4c840b8ee.zip |
apparmor: increase left match history buffer size
There have been cases reported where a history buffer size of 8 was
not enough to resolve conflict overlaps. Increase the buffer to and
get rid of the size element which is currently just storing the
constant WB_HISTORY_SIZE.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/apparmor/include/match.h | 3 | ||||
-rw-r--r-- | security/apparmor/match.c | 6 |
2 files changed, 4 insertions, 5 deletions
diff --git a/security/apparmor/include/match.h b/security/apparmor/include/match.h index 958d2b52a7b7..90fc050a6c2d 100644 --- a/security/apparmor/include/match.h +++ b/security/apparmor/include/match.h @@ -138,7 +138,7 @@ unsigned int aa_dfa_matchn_until(struct aa_dfa *dfa, unsigned int start, void aa_dfa_free_kref(struct kref *kref); -#define WB_HISTORY_SIZE 8 +#define WB_HISTORY_SIZE 24 struct match_workbuf { unsigned int count; unsigned int pos; @@ -151,7 +151,6 @@ struct match_workbuf N = { \ .count = 0, \ .pos = 0, \ .len = 0, \ - .size = WB_HISTORY_SIZE, \ } unsigned int aa_dfa_leftmatch(struct aa_dfa *dfa, unsigned int start, diff --git a/security/apparmor/match.c b/security/apparmor/match.c index 55f2ee505a01..21fad8f48bc3 100644 --- a/security/apparmor/match.c +++ b/security/apparmor/match.c @@ -620,8 +620,8 @@ unsigned int aa_dfa_matchn_until(struct aa_dfa *dfa, unsigned int start, #define inc_wb_pos(wb) \ do { \ - wb->pos = (wb->pos + 1) & (wb->size - 1); \ - wb->len = (wb->len + 1) & (wb->size - 1); \ + wb->pos = (wb->pos + 1) & (WB_HISTORY_SIZE - 1); \ + wb->len = (wb->len + 1) & (WB_HISTORY_SIZE - 1); \ } while (0) /* For DFAs that don't support extended tagging of states */ @@ -640,7 +640,7 @@ static bool is_loop(struct match_workbuf *wb, unsigned int state, return true; } if (pos == 0) - pos = wb->size; + pos = WB_HISTORY_SIZE; pos--; } |