diff mbox

[09/14] UBUNTU: SAUCE: apparmor: fix leak on securityfs pin count

Message ID 20170201090606.22422-10-john.johansen@canonical.com
State New
Headers show

Commit Message

John Johansen Feb. 1, 2017, 9:06 a.m. UTC
apparmor is leaking pinfs refcoutn when inode setup fails.

BugLink: http://bugs.launchpad.net/bugs/1660846
Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 include/linux/security.h       | 5 ++++-
 security/apparmor/apparmorfs.c | 4 +++-
 security/inode.c               | 5 +++++
 3 files changed, 12 insertions(+), 2 deletions(-)
diff mbox

Patch

diff --git a/include/linux/security.h b/include/linux/security.h
index 32a4043..a31c1db 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1587,6 +1587,7 @@  static inline void security_audit_rule_free(void *lsmrule)
 
 #ifdef CONFIG_SECURITYFS
 extern int securityfs_pin_fs(void);
+extern void securityfs_release_fs(void);
 extern int __securityfs_setup_d_inode(struct inode *dir, struct dentry *dentry,
 				      umode_t mode, void *data,
 				      const struct file_operations *fops,
@@ -1606,7 +1607,9 @@  static inline int securityfs_pin_fs(void)
 {
 	return -ENODEV;
 }
-
+static inline void securityfs_release_fs(void)
+{
+}
 static inline int __securityfs_setup_d_inode(struct inode *dir,
 					struct dentry *dentry,
 					umode_t mode, void *data,
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 3f1dd67..ee9a780 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -1057,7 +1057,7 @@  static int ns_mkdir_op(struct inode *dir, struct dentry *dentry, umode_t mode)
 	error = __securityfs_setup_d_inode(dir, dentry, mode | S_IFDIR,  NULL,
 					   NULL, NULL);
 	if (error)
-		goto out;
+		goto out_pin;
 
 	ns = aa_create_ns(parent, ACCESS_ONCE(dentry->d_name.name), dentry);
 	if (IS_ERR(ns)) {
@@ -1066,6 +1066,8 @@  static int ns_mkdir_op(struct inode *dir, struct dentry *dentry, umode_t mode)
 	}
 
 	aa_put_ns(ns);		/* list ref remains */
+out_pin:
+	securityfs_release_fs();
 out:
 	aa_put_ns(parent);
 
diff --git a/security/inode.c b/security/inode.c
index 692b284..e701820 100644
--- a/security/inode.c
+++ b/security/inode.c
@@ -51,6 +51,11 @@  int securityfs_pin_fs(void)
 	return simple_pin_fs(&fs_type, &mount, &mount_count);
 }
 
+void securityfs_release_fs(void)
+{
+	simple_release_fs(&mount, &mount_count);
+}
+
 int __securityfs_setup_d_inode(struct inode *dir, struct dentry *dentry,
 			       umode_t mode, void *data,
 			       const struct file_operations *fops,