From 136db994852a9b405ac1074de0e7a1c4c840b8ee Mon Sep 17 00:00:00 2001 From: John Johansen Date: Fri, 31 May 2019 06:54:54 -0700 Subject: apparmor: increase left match history buffer size There have been cases reported where a history buffer size of 8 was not enough to resolve conflict overlaps. Increase the buffer to and get rid of the size element which is currently just storing the constant WB_HISTORY_SIZE. Signed-off-by: John Johansen --- security/apparmor/include/match.h | 3 +-- security/apparmor/match.c | 6 +++--- 2 files changed, 4 insertions(+), 5 deletions(-) (limited to 'security') diff --git a/security/apparmor/include/match.h b/security/apparmor/include/match.h index 958d2b52a7b7..90fc050a6c2d 100644 --- a/security/apparmor/include/match.h +++ b/security/apparmor/include/match.h @@ -138,7 +138,7 @@ unsigned int aa_dfa_matchn_until(struct aa_dfa *dfa, unsigned int start, void aa_dfa_free_kref(struct kref *kref); -#define WB_HISTORY_SIZE 8 +#define WB_HISTORY_SIZE 24 struct match_workbuf { unsigned int count; unsigned int pos; @@ -151,7 +151,6 @@ struct match_workbuf N = { \ .count = 0, \ .pos = 0, \ .len = 0, \ - .size = WB_HISTORY_SIZE, \ } unsigned int aa_dfa_leftmatch(struct aa_dfa *dfa, unsigned int start, diff --git a/security/apparmor/match.c b/security/apparmor/match.c index 55f2ee505a01..21fad8f48bc3 100644 --- a/security/apparmor/match.c +++ b/security/apparmor/match.c @@ -620,8 +620,8 @@ unsigned int aa_dfa_matchn_until(struct aa_dfa *dfa, unsigned int start, #define inc_wb_pos(wb) \ do { \ - wb->pos = (wb->pos + 1) & (wb->size - 1); \ - wb->len = (wb->len + 1) & (wb->size - 1); \ + wb->pos = (wb->pos + 1) & (WB_HISTORY_SIZE - 1); \ + wb->len = (wb->len + 1) & (WB_HISTORY_SIZE - 1); \ } while (0) /* For DFAs that don't support extended tagging of states */ @@ -640,7 +640,7 @@ static bool is_loop(struct match_workbuf *wb, unsigned int state, return true; } if (pos == 0) - pos = wb->size; + pos = WB_HISTORY_SIZE; pos--; } -- cgit v1.2.1