apparmor: increase left match history buffer size

There have been cases reported where a history buffer size of 8 was not enough to resolve conflict overlaps. Increase the buffer to and get rid of the size element which is currently just storing the constant WB_HISTORY_SIZE. Signed-off-by: John Johansen <john.johansen@canonical.com>
2019-05-31 06:54:54 -07:00 · 2019-05-31 06:54:54 -07:00 · 136db99485
parent 8ac2ca328e
commit 136db99485
2 changed files with 4 additions and 5 deletions
--- a/security/apparmor/include/match.h
+++ b/security/apparmor/include/match.h
@ -138,7 +138,7 @@ unsigned int aa_dfa_matchn_until(struct aa_dfa *dfa, unsigned int start,

 void aa_dfa_free_kref(struct kref *kref);

-#define WB_HISTORY_SIZE 8
+#define WB_HISTORY_SIZE 24
 struct match_workbuf {
 	unsigned int count;
 	unsigned int pos;
@ -151,7 +151,6 @@ struct match_workbuf N = {		\
 	.count = 0,			\
 	.pos = 0,			\
 	.len = 0,			\
-	.size = WB_HISTORY_SIZE,			\
 }

 unsigned int aa_dfa_leftmatch(struct aa_dfa *dfa, unsigned int start,
--- a/security/apparmor/match.c
+++ b/security/apparmor/match.c
@ -620,8 +620,8 @@ unsigned int aa_dfa_matchn_until(struct aa_dfa *dfa, unsigned int start,

 #define inc_wb_pos(wb)						\
 do {								\
-	wb->pos = (wb->pos + 1) & (wb->size - 1);		\
-	wb->len = (wb->len + 1) & (wb->size - 1);		\
+	wb->pos = (wb->pos + 1) & (WB_HISTORY_SIZE - 1);		\
+	wb->len = (wb->len + 1) & (WB_HISTORY_SIZE - 1);		\
 } while (0)

 /* For DFAs that don't support extended tagging of states */
@ -640,7 +640,7 @@ static bool is_loop(struct match_workbuf *wb, unsigned int state,
 			return true;
 		}
 		if (pos == 0)
-			pos = wb->size;
+			pos = WB_HISTORY_SIZE;
 		pos--;
 	}