apparmor: pass gfp_t parameter into profile allocation
Signed-off-by: John Johansen <john.johansen@canonical.com>
diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
index 1573cad..b44eaea 100644
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -172,7 +172,7 @@ void aa_add_profile(struct aa_policy *common, struct aa_profile *profile);
void aa_free_proxy_kref(struct kref *kref);
-struct aa_profile *aa_alloc_profile(const char *name);
+struct aa_profile *aa_alloc_profile(const char *name, gfp_t gfp);
struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat);
void aa_free_profile(struct aa_profile *profile);
void aa_free_profile_kref(struct kref *kref);
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index e02ab20..e310f3b 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -255,24 +255,25 @@ void aa_free_profile_kref(struct kref *kref)
/**
* aa_alloc_profile - allocate, initialize and return a new profile
* @hname: name of the profile (NOT NULL)
+ * @gfp: allocation type
*
* Returns: refcount profile or NULL on failure
*/
-struct aa_profile *aa_alloc_profile(const char *hname)
+struct aa_profile *aa_alloc_profile(const char *hname, gfp_t gfp)
{
struct aa_profile *profile;
/* freed by free_profile - usually through aa_put_profile */
- profile = kzalloc(sizeof(*profile), GFP_KERNEL);
+ profile = kzalloc(sizeof(*profile), gfp);
if (!profile)
return NULL;
- profile->proxy = kzalloc(sizeof(struct aa_proxy), GFP_KERNEL);
+ profile->proxy = kzalloc(sizeof(struct aa_proxy), gfp);
if (!profile->proxy)
goto fail;
kref_init(&profile->proxy->count);
- if (!aa_policy_init(&profile->base, NULL, hname, GFP_KERNEL))
+ if (!aa_policy_init(&profile->base, NULL, hname, gfp))
goto fail;
kref_init(&profile->count);
@@ -312,7 +313,7 @@ struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat)
goto fail;
sprintf(name, "%s//null-%x", parent->base.hname, uniq);
- profile = aa_alloc_profile(name);
+ profile = aa_alloc_profile(name, GFP_KERNEL);
kfree(name);
if (!profile)
goto fail;
diff --git a/security/apparmor/policy_ns.c b/security/apparmor/policy_ns.c
index f6cdc73..1e19bd3 100644
--- a/security/apparmor/policy_ns.c
+++ b/security/apparmor/policy_ns.c
@@ -102,7 +102,7 @@ static struct aa_ns *alloc_ns(const char *prefix, const char *name)
mutex_init(&ns->lock);
/* released by aa_free_ns() */
- ns->unconfined = aa_alloc_profile("unconfined");
+ ns->unconfined = aa_alloc_profile("unconfined", GFP_KERNEL);
if (!ns->unconfined)
goto fail_unconfined;
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 1381206..9ddc6b2 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -486,7 +486,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
if (!unpack_str(e, &name, NULL))
goto fail;
- profile = aa_alloc_profile(name);
+ profile = aa_alloc_profile(name, GFP_KERNEL);
if (!profile)
return ERR_PTR(-ENOMEM);