apparmor: fix label can not be immediately before a declaration

Fix error reported by kernel test robot

security/apparmor/policy.c:1381:2: error: a label can only be part of
a statement and a declaration is not a statement

All errors (new ones prefixed by >>):

   security/apparmor/policy.c: In function 'aa_replace_profiles':
>> security/apparmor/policy.c:1381:2: error: a label can only be part
   of a statement and a declaration is not a statement
     ssize_t udata_sz = udata->size;
     ^~~~~

Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202606150525.npax8WiH-lkp@intel.com/
Fixes: 7b42f95813dc9 ("apparmor: fix potential UAF in aa_replace_profiles")
Signed-off-by: John Johansen <john.johansen@canonical.com>

diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index b59e827747dad01be3e558d74ae2bc68d3c29d50..94b4a7e727cc1d7e1e5dbcbf2277a4a98bf40f21 100644 (file)
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -1397,9 +1397,10 @@ ssize_t aa_replace_profiles(struct aa_ns *policy_ns, struct aa_label *label,
        mutex_unlock(&ns->lock);
 
 out:
+       aa_put_ns(ns);
+
        ssize_t udata_sz = udata->size;
 
-       aa_put_ns(ns);
        aa_put_profile_loaddata(udata);
        kfree(ns_name);