apparmor: make it so work buffers can be allocated from atomic context In some situations AppArmor needs to be able to use its work buffers from atomic context. Add the ability to specify when in atomic context and hold a set of work buffers in reserve for atomic context to reduce the chance that a large work buffer allocation will need to be done. Fixes: df323337e507 ("apparmor: Use a memory pool instead per-CPU caches") Signed-off-by: John Johansen <john.johansen@canonical.com>

commit: 341c1fda5e17156619fb71acfc7082b2669b4b72 [log] [tgz]
author: John Johansen <john.johansen@canonical.com> Sat Sep 14 03:34:06 2019 -0700
committer: John Johansen <john.johansen@canonical.com> Fri Nov 22 16:41:08 2019 -0800
tree: e5fbbd464835c19aec5fa16ce4bd325a4667fa05
parent: bce4e7e9c45ef97ac1e30b9cb4adc25b5b5a7cfa [diff] [blame]
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 0da0b2b..51b3143 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c

@@ -896,7 +896,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
 		ctx->nnp = aa_get_label(label);
 
 	/* buffer freed below, name is pointer into buffer */
-	buffer = aa_get_buffer();
+	buffer = aa_get_buffer(false);
 	if (!buffer) {
 		error = -ENOMEM;
 		goto done;
commit	341c1fda5e17156619fb71acfc7082b2669b4b72	[log] [tgz]
author	John Johansen <john.johansen@canonical.com>	Sat Sep 14 03:34:06 2019 -0700
committer	John Johansen <john.johansen@canonical.com>	Fri Nov 22 16:41:08 2019 -0800
tree	e5fbbd464835c19aec5fa16ce4bd325a4667fa05
parent	bce4e7e9c45ef97ac1e30b9cb4adc25b5b5a7cfa [diff] [blame]