From patchwork Sat Apr 14 05:52:58 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Johansen X-Patchwork-Id: 898140 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) by ozlabs.org (Postfix) with ESMTP id 40NP2J4W0jz9s0x; Sat, 14 Apr 2018 15:53:12 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1f7E7S-0004ju-Kn; Sat, 14 Apr 2018 05:53:02 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1f7E7R-0004jE-4K for kernel-team@lists.ubuntu.com; Sat, 14 Apr 2018 05:53:01 +0000 Received: from static-50-53-54-67.bvtn.or.frontiernet.net ([50.53.54.67] helo=[192.168.192.153]) by youngberry.canonical.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1f7E7Q-0006bF-O6; Sat, 14 Apr 2018 05:53:00 +0000 To: Kernel team list From: John Johansen Subject: [Bionic] [PATCH] UBUNTU: SAUCE: apparmor: fix memory leak when duplicate profile load Organization: Canonical Message-ID: Date: Fri, 13 Apr 2018 22:52:58 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 Content-Language: en-GB X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" AppArmor is leaking the newly loaded profile and its proxy when the profile is an exact match to the currently loaded version. In this case the match check results in the profile being skipped and put with out dealing with the proxy and forwarding thus creating a circular refcount and a leak. BugLink: http://bugs.launchpad.net/bugs/1750594 Signed-off-by: John Johansen Acked-by: Seth Forshee Acked-by: Tyler Hicks --- security/apparmor/policy.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index b0b58848c248..a92c167c9249 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -1003,6 +1003,9 @@ ssize_t aa_replace_profiles(struct aa_ns *policy_ns, struct aa_label *label, audit_policy(label, op, ns_name, ent->new->base.hname, "same as current profile, skipping", error); + /* break refcount cycle with proxy. */ + aa_put_proxy(ent->new->label.proxy); + ent->new->label.proxy = NULL; goto skip; }