From patchwork Wed Feb 1 09:05:58 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Johansen X-Patchwork-Id: 722406 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) by ozlabs.org (Postfix) with ESMTP id 3vCy2C6m7Fz9snk; Wed, 1 Feb 2017 20:07:31 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.76) (envelope-from ) id 1cYqsz-00014b-9r; Wed, 01 Feb 2017 09:07:29 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from ) id 1cYqsV-0000YB-02 for kernel-team@lists.ubuntu.com; Wed, 01 Feb 2017 09:06:59 +0000 Received: from static-50-53-52-155.bvtn.or.frontiernet.net ([50.53.52.155] helo=canonical.com) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from ) id 1cYqsU-0003f7-BQ for kernel-team@lists.ubuntu.com; Wed, 01 Feb 2017 09:06:58 +0000 From: John Johansen To: kernel-team@lists.ubuntu.com Subject: [PATCH 06/14] UBUNTU: SAUCE: apparmor: fix oops in bind_mnt when dev_path lookup fails Date: Wed, 1 Feb 2017 01:05:58 -0800 Message-Id: <20170201090606.22422-7-john.johansen@canonical.com> X-Mailer: git-send-email 2.9.3 In-Reply-To: <20170201090606.22422-1-john.johansen@canonical.com> References: <20170201090606.22422-1-john.johansen@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.14 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: kernel-team-bounces@lists.ubuntu.com Bind mounts can oops when devname lookup fails because the devname is uninitialized and used in auditing the denial. BugLink: http://bugs.launchpad.net/bugs/1660840 Signed-off-by: John Johansen --- security/apparmor/mount.c | 1 + 1 file changed, 1 insertion(+) diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c index 907d3f0..e780181 100644 --- a/security/apparmor/mount.c +++ b/security/apparmor/mount.c @@ -335,6 +335,7 @@ static int match_mnt_path_str(struct aa_profile *profile, const struct path *mnt goto audit; if (IS_ERR(devname)) { error = PTR_ERR(devname); + devname = NULL; info = devinfo; goto audit; }