UBUNTU: SAUCE: apparmor: Fix: update replacedby allocation to take a gfp parameter

BugLink: http://bugs.launchpad.net/bugs/1448912

The allocation of a replacedby in the label merge path needs to be
done using GFP_ATOMIC.

specifically aa_label_merge() is called from a context in file.c that
passes GFP_ATOMIC to aa_label_merge() which then is doing GFP_KERNEL
for the replacedby allocation.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>

security/apparmor/include/label.h

@@ -405,7 +405,7 @@ static inline void aa_put_label(struct aa_label *l)
 }
 
 
-struct aa_replacedby *aa_alloc_replacedby(struct aa_label *l);
+struct aa_replacedby *aa_alloc_replacedby(struct aa_label *l, gfp_t gfp);
 void aa_free_replacedby_kref(struct kref *kref);
 
 static inline struct aa_replacedby *aa_get_replacedby(struct aa_replacedby *r)

security/apparmor/label.c

@@ -59,11 +59,11 @@ void aa_free_replacedby_kref(struct kref *kref)
 	free_replacedby(r);
 }
 
-struct aa_replacedby *aa_alloc_replacedby(struct aa_label *l)
+struct aa_replacedby *aa_alloc_replacedby(struct aa_label *l, gfp_t gfp)
 {
 	struct aa_replacedby *r;
 
-	r = kzalloc(sizeof(struct aa_replacedby), GFP_KERNEL);
+	r = kzalloc(sizeof(struct aa_replacedby), gfp);
 	if (r) {
 		kref_init(&r->count);
 		rcu_assign_pointer(r->label, aa_get_label(l));
@@ -1134,7 +1134,7 @@ struct aa_label *aa_label_merge(struct aa_label *a, struct aa_label *b,
 		new = aa_label_alloc(a->size + b->size, gfp);
 		if (!new)
 			goto out;
-		r = aa_alloc_replacedby(new);
+		r = aa_alloc_replacedby(new, gfp);
 		if (!r) {
 			aa_label_free(new);
 			goto out;
@@ -1814,7 +1814,7 @@ static struct aa_label *__label_update(struct aa_label *label)
 		return NULL;
 
 	if (!label->replacedby) {
-		struct aa_replacedby *r = aa_alloc_replacedby(l);
+		struct aa_replacedby *r = aa_alloc_replacedby(l, GFP_KERNEL);
 		if (!r) {
 			aa_put_label(l);
 			return NULL;

security/apparmor/policy.c

@@ -300,7 +300,7 @@ static struct aa_namespace *alloc_namespace(const char *prefix,
 	ns->unconfined = aa_alloc_profile("unconfined");
 	if (!ns->unconfined)
 		goto fail_unconfined;
-	ns->unconfined->label.replacedby = aa_alloc_replacedby(NULL);
+	ns->unconfined->label.replacedby = aa_alloc_replacedby(NULL, GFP_KERNEL);
 	if (!ns->unconfined->label.replacedby)
 		goto fail_replacedby;
 
@@ -716,7 +716,7 @@ struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat)
 	if (!profile)
 		goto fail;
 
-	profile->label.replacedby = aa_alloc_replacedby(NULL);
+	profile->label.replacedby = aa_alloc_replacedby(NULL, GFP_KERNEL);
 	if (!profile->label.replacedby)
 		goto fail;
 
@@ -757,7 +757,7 @@ struct aa_label *aa_setup_default_label(void)
 	profile->ns = aa_get_namespace(root_ns);
 
 	/* replacedby being set needed by fs interface */
-	profile->label.replacedby = aa_alloc_replacedby(&profile->label);
+	profile->label.replacedby = aa_alloc_replacedby(&profile->label, GFP_KERNEL);
 	if (!profile->label.replacedby) {
 		aa_free_profile(profile);
 		return NULL;
@@ -1232,7 +1232,7 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
 
 	/* create new fs entries for introspection if needed */
 	list_for_each_entry(ent, &lh, list) {
-		struct aa_replacedby *r = aa_alloc_replacedby(&ent->new->label);
+		struct aa_replacedby *r = aa_alloc_replacedby(&ent->new->label, GFP_KERNEL);
 		if (!r) {
 			info = "failed to create";
 			error = -ENOMEM;