From patchwork Mon Aug 16 17:55:56 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Georgia Garcia X-Patchwork-Id: 1517282 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=BQtltEwt; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GpMKT1wBrz9sW8; Tue, 17 Aug 2021 03:56:13 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1mFgqH-0002vA-SU; Mon, 16 Aug 2021 17:56:09 +0000 Received: from smtp-relay-canonical-1.internal ([10.131.114.174] helo=smtp-relay-canonical-1.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1mFgqD-0002v3-5J for kernel-team@lists.ubuntu.com; Mon, 16 Aug 2021 17:56:05 +0000 Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-1.canonical.com (Postfix) with ESMTPS id E383D412CD for ; Mon, 16 Aug 2021 17:56:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1629136564; bh=l5pS6Yz7YArWGVH09uWNiuwlOQ7zGmhW8kEdLKtJQ+4=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=BQtltEwtA3cUoyIctO/4CSl11t0syhxjvznAmKSmZsWGZdzVi8aVX0xPXUiQqkYdu KbxFKeq5CMCqUCiurzkEsXwdq2bmzsctXO6y0PIJ+FDGK9YL/Uyv5SyQJEKz0e6coB rjUWKZR+omHNLGDD9b0HpgAdDZLihvxdKmL6W1pSSaEPV0PgpgmHhCnSN1xtKOH7tv yny7Cm2/fp5YlXNq4UcGQTWdyTNfMl6zoA/K+SgrvE/5XGy3aiHkMlcJDLYCygw82+ VH6yCjebyVV3tKxejJ1ucVZTURkdK3yWchUQ+21JYxtyTjb+YWm1nkCgnYGBBfSmqj +rDbYuidPUB4g== Received: by mail-ej1-f71.google.com with SMTP id u23-20020a1709064ad700b005bb12df6cb9so1889218ejt.20 for ; Mon, 16 Aug 2021 10:56:04 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=l5pS6Yz7YArWGVH09uWNiuwlOQ7zGmhW8kEdLKtJQ+4=; b=pyyHgCwyIc9RQTaepIruQbaHlrpUX47BMZBNSgiVx1dSJh5kfEWB8e7gJ/MqkVdH23 tZyybHF9jrxsPPURN7qYrD9qvbYSZqWUwyLjENuK8oiBPhHZ8W4OA2HAhqxRtTuAvOko dbehYisuT24w+W4VSEIDA3Wu3SZ7MTqHjZ9nWeBB6T80vJ8FVemFF7E1ml1KtQQKfK1n CP9+pFDwXPvaHx4Z3REEfq2V0eVJU6opsEAmrTLAan9IR7Hdh5vtpYQxtKZpbj7+Yq2v /m8QqZWXynLXjjgf0nhWIMBJg3SUXflWt2lJBvGkCJnkjDG111PliUtO5cBFC3kmf9vL FblQ== X-Gm-Message-State: AOAM531vgCndHrNHslvblorBbml4hF83yDPIDtY522mXWVSQlV1kI/7U EwcTkJdNb/pY1WonIRAz1VsYDksqs0vgEQ2wvDfAky3SqlnH+OuqrA5rmGNcEENIKMYhVOGKA1T PLMnYa6/4O0JBE2xDvtvON68zRrGrnD6uCk1XJt39xg== X-Received: by 2002:a17:906:ac1:: with SMTP id z1mr16979075ejf.261.1629136564371; Mon, 16 Aug 2021 10:56:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwPys+lSqEYr7Ihml4mRfzcncBbDX4FPtQibCXKW4uoF5uPIzIl0TkFvZOL5Wy9royORLyq2Q== X-Received: by 2002:a17:906:ac1:: with SMTP id z1mr16979058ejf.261.1629136564183; Mon, 16 Aug 2021 10:56:04 -0700 (PDT) Received: from localhost ([2001:67c:1562:8007::aac:4557]) by smtp.gmail.com with ESMTPSA id 8sm3927712ejz.88.2021.08.16.10.56.02 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 16 Aug 2021 10:56:03 -0700 (PDT) From: Georgia Garcia To: kernel-team@lists.ubuntu.com Subject: [SRU][B/F][PATCH v3 0/1] Fix memory leak on profile removal Date: Mon, 16 Aug 2021 14:55:56 -0300 Message-Id: <20210816175558.617474-1-georgia.garcia@canonical.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/1939915 SRU Justification: [Impact] There's a memory leak on AppArmor when removing a profile. When the proxy isn't replaced and the profile is removed, the proxy is leaked. [Fix] Upstream commit 3622ad25d4d fixes the leak by cleaning up the label structure within the profile when the profile is getting freed. The proxy is freed correctly when cleaning up the label. The backport for Bionic required the removal of duplicated code. The cherry-pick for Focal did not require changes - it applied cleanly. [Test Plan] /sys/kernel/debug/kmemleak should not return a memleak when removing a profile. root@ubuntu:~# echo "profile foo {}" > profile root@ubuntu:~# apparmor_parser profile root@ubuntu:~# echo scan > /sys/kernel/debug/kmemleak root@ubuntu:~# cat /sys/kernel/debug/kmemleak [Where problems could occur] Low probability of any problem. There's no longer a leak. John Johansen (1): apparmor: Fix memory leak of profile proxy security/apparmor/include/label.h | 1 + security/apparmor/label.c | 13 +++++++------ security/apparmor/policy.c | 1 + 3 files changed, 9 insertions(+), 6 deletions(-)