[Bionic] [PATCH] UBUNTU: SAUCE: apparmor: fix memory leak when duplicate profile load

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bionic] [PATCH] UBUNTU: SAUCE: apparmor: fix memory leak when duplicate profile load

John Johansen-2
AppArmor is leaking the newly loaded profile and its proxy when
the profile is an exact match to the currently loaded version.

In this case the match check results in the profile being skipped
and put with out dealing with the proxy and forwarding thus creating
a circular refcount and a leak.

BugLink: http://bugs.launchpad.net/bugs/1750594
Signed-off-by: John Johansen <[hidden email]>
---
 security/apparmor/policy.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index b0b58848c248..a92c167c9249 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -1003,6 +1003,9 @@ ssize_t aa_replace_profiles(struct aa_ns *policy_ns, struct aa_label *label,
  audit_policy(label, op, ns_name, ent->new->base.hname,
      "same as current profile, skipping",
      error);
+ /* break refcount cycle with proxy. */
+ aa_put_proxy(ent->new->label.proxy);
+ ent->new->label.proxy = NULL;
  goto skip;
  }
 
--
2.14.1


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK: [Bionic] [PATCH] UBUNTU: SAUCE: apparmor: fix memory leak when duplicate profile load

Seth Forshee
On Fri, Apr 13, 2018 at 10:52:58PM -0700, John Johansen wrote:
> AppArmor is leaking the newly loaded profile and its proxy when
> the profile is an exact match to the currently loaded version.
>
> In this case the match check results in the profile being skipped
> and put with out dealing with the proxy and forwarding thus creating
> a circular refcount and a leak.
>
> BugLink: http://bugs.launchpad.net/bugs/1750594
> Signed-off-by: John Johansen <[hidden email]>

Acked-by: Seth Forshee <[hidden email]>

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK: [Bionic] [PATCH] UBUNTU: SAUCE: apparmor: fix memory leak when duplicate profile load

Tyler Hicks-2
In reply to this post by John Johansen-2
On 04/14/2018 12:52 AM, John Johansen wrote:
> AppArmor is leaking the newly loaded profile and its proxy when
> the profile is an exact match to the currently loaded version.
>
> In this case the match check results in the profile being skipped
> and put with out dealing with the proxy and forwarding thus creating
> a circular refcount and a leak.
>
> BugLink: http://bugs.launchpad.net/bugs/1750594
> Signed-off-by: John Johansen <[hidden email]>

This looks correct to me. aa_replace_profiles() calls aa_unpack() ->
unpack_profile() -> aa_alloc_profile() -> aa_get_proxy() so calling
aa_put_proxy() in this short circuit makes sense.

Acked-by: Tyler Hicks <[hidden email]>

Tyler

> ---
>  security/apparmor/policy.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
> index b0b58848c248..a92c167c9249 100644
> --- a/security/apparmor/policy.c
> +++ b/security/apparmor/policy.c
> @@ -1003,6 +1003,9 @@ ssize_t aa_replace_profiles(struct aa_ns *policy_ns, struct aa_label *label,
>   audit_policy(label, op, ns_name, ent->new->base.hname,
>       "same as current profile, skipping",
>       error);
> + /* break refcount cycle with proxy. */
> + aa_put_proxy(ent->new->label.proxy);
> + ent->new->label.proxy = NULL;
>   goto skip;
>   }
>  
>


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

APPLIED: [Bionic] [PATCH] UBUNTU: SAUCE: apparmor: fix memory leak when duplicate profile load

Seth Forshee
In reply to this post by John Johansen-2
On Fri, Apr 13, 2018 at 10:52:58PM -0700, John Johansen wrote:
> AppArmor is leaking the newly loaded profile and its proxy when
> the profile is an exact match to the currently loaded version.
>
> In this case the match check results in the profile being skipped
> and put with out dealing with the proxy and forwarding thus creating
> a circular refcount and a leak.
>
> BugLink: http://bugs.launchpad.net/bugs/1750594
> Signed-off-by: John Johansen <[hidden email]>

Applied to bionic/master-next, thanks!

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team