[PATCH 4/5] UBUNTU: SAUCE: AppArmor: Fix refcounting bug causing leak of creds
John Johansen
john.johansen at canonical.com
Thu Nov 12 16:24:59 UTC 2009
Andy Whitcroft wrote:
> On Tue, Nov 10, 2009 at 10:29:12AM -0800, John Johansen wrote:
>> BugLink: http://bugs.launchpad.net/bugs/479115
>>
>> SRU Justification: Failure to put the cred causes a memory leak that is
>> larger than the cred struct, as it leaks everything it references. This
>> happens for every unconfined processes that does an exec, change_hat or
>> change_profile and passes through this function.
>>
>> AppArmor when doing ptrace check for domain changes, fails to drop
>> the ref count on the task creds when it is unconfined.
>>
>> Signed-off-by: John Johansen <john.johansen at canonical.com>
>> ---
>> ubuntu/apparmor/domain.c | 3 ++-
>> 1 files changed, 2 insertions(+), 1 deletions(-)
>>
>> diff --git a/ubuntu/apparmor/domain.c b/ubuntu/apparmor/domain.c
>> index 128e527..fe89ddc 100644
>> --- a/ubuntu/apparmor/domain.c
>> +++ b/ubuntu/apparmor/domain.c
>> @@ -65,9 +65,10 @@ static int aa_may_change_ptraced_domain(struct task_struct *task,
>> rcu_read_unlock();
>>
>> if (!tracerp)
>> - return error;
>> + goto out;
>>
>> error = aa_may_ptrace(tracer, tracerp, to_profile, PTRACE_MODE_ATTACH);
>> +out:
>> put_cred(cred);
>>
>> return error;
>
> Ok, the change itself looks fine if we have taken the cred reference we
> should return it.
>
> I just want to confirm that aa_get_task_policy() cannot return a valid
> tracerp but a null cred? Else the put_cred() might oops. A quick look
> at that seems to say its ok. Assuming that is true:
>
Well you have already, seen Patch 5 so know that it might oops. The reason
for the split is I was trying to treat the as distinct bugs, and keep the
fixes distinct and minimal.
john
More information about the kernel-team
mailing list