@@ -1611,6 +1611,7 @@ static inline void security_audit_rule_free(void *lsmrule)
#ifdef CONFIG_SECURITYFS
extern int securityfs_pin_fs(void);
+extern void securityfs_release_fs(void);
extern int __securityfs_setup_d_inode(struct inode *dir, struct dentry *dentry,
umode_t mode, void *data,
const struct file_operations *fops,
@@ -1630,7 +1631,9 @@ static inline int securityfs_pin_fs(void)
{
return -ENODEV;
}
-
+static inline void securityfs_release_fs(void)
+{
+}
static inline int __securityfs_setup_d_inode(struct inode *dir,
struct dentry *dentry,
umode_t mode, void *data,
@@ -1057,7 +1057,7 @@ static int ns_mkdir_op(struct inode *dir, struct dentry *dentry, umode_t mode)
error = __securityfs_setup_d_inode(dir, dentry, mode | S_IFDIR, NULL,
NULL, NULL);
if (error)
- goto out;
+ goto out_pin;
ns = aa_create_ns(parent, ACCESS_ONCE(dentry->d_name.name), dentry);
if (IS_ERR(ns)) {
@@ -1066,6 +1066,8 @@ static int ns_mkdir_op(struct inode *dir, struct dentry *dentry, umode_t mode)
}
aa_put_ns(ns); /* list ref remains */
+out_pin:
+ securityfs_release_fs();
out:
aa_put_ns(parent);
@@ -51,6 +51,11 @@ int securityfs_pin_fs(void)
return simple_pin_fs(&fs_type, &mount, &mount_count);
}
+void securityfs_release_fs(void)
+{
+ simple_release_fs(&mount, &mount_count);
+}
+
int __securityfs_setup_d_inode(struct inode *dir, struct dentry *dentry,
umode_t mode, void *data,
const struct file_operations *fops,
apparmor is leaking pinfs refcoutn when inode setup fails. BugLink: http://bugs.launchpad.net/bugs/1660846 Signed-off-by: John Johansen <john.johansen@canonical.com> --- include/linux/security.h | 5 ++++- security/apparmor/apparmorfs.c | 4 +++- security/inode.c | 5 +++++ 3 files changed, 12 insertions(+), 2 deletions(-)