]> git.ipfire.org Git - thirdparty/linux.git/commitdiff
apparmor: account for in_atomic removal in common_file_perm
authorRyan Lee <ryan.lee@canonical.com>
Wed, 7 Jan 2026 19:47:02 +0000 (11:47 -0800)
committerJohn Johansen <john.johansen@canonical.com>
Thu, 29 Jan 2026 09:27:54 +0000 (01:27 -0800)
If we are not in an atomic context in common_file_perm, then we don't have
to use the atomic versions, resulting in improved performance outside of
atomic contexts.

Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
security/apparmor/lsm.c

index e59e9bc7250bfc20d7f812a12b90461b67c14d4f..f47d60d8c40a28cbaa069580d6396d24e2e7ea5e 100644 (file)
@@ -524,15 +524,14 @@ static int common_file_perm(const char *op, struct file *file, u32 mask)
 {
        struct aa_label *label;
        int error = 0;
-       bool needput;
 
        /* don't reaudit files closed during inheritance */
        if (unlikely(file->f_path.dentry == aa_null.dentry))
                return -EACCES;
 
-       label = __begin_current_label_crit_section(&needput);
+       label = begin_current_label_crit_section();
        error = aa_file_perm(op, current_cred(), label, file, mask, false);
-       __end_current_label_crit_section(label, needput);
+       end_current_label_crit_section(label);
 
        return error;
 }