From: John Johansen <john.johansen@canonical.com>
To: Xin Xiong <xiongx18@fudan.edu.cn>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Seth Arnold <seth.arnold@canonical.com>,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Cc: yuanxzhang@fudan.edu.cn, Xiyu Yang <xiyuyang19@fudan.edu.cn>,
Xin Tan <tanxin.ctf@gmail.com>
Subject: Re: [PATCH] apparmor: fix reference count leak in aa_pivotroot()
Date: Thu, 19 May 2022 01:58:11 -0700 [thread overview]
Message-ID: <b217377a-8675-f17f-05d6-695e424b3d4b@canonical.com> (raw)
In-Reply-To: <20220428033907.1658-1-xiongx18@fudan.edu.cn>
On 4/27/22 20:39, Xin Xiong wrote:
> The aa_pivotroot() function has a reference counting bug in a specific
> path. When aa_replace_current_label() returns on success, the function
> forgets to decrement the reference count of “target”, which is
> increased earlier by build_pivotroot(), causing a reference leak.
>
> Fix it by decreasing the refcount of “target” in that path.
>
> Fixes: 2ea3ffb7782a ("apparmor: add mount mediation")
> Co-developed-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
> Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
> Co-developed-by: Xin Tan <tanxin.ctf@gmail.com>
> Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
> Signed-off-by: Xin Xiong <xiongx18@fudan.edu.cn>
thanks I have pulled it into my tree
Acked-by: John Johansen <john.johansen@canonical.com>
> ---
> security/apparmor/mount.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c
> index aa6fcfde3051..d0b19ab9137d 100644
> --- a/security/apparmor/mount.c
> +++ b/security/apparmor/mount.c
> @@ -718,6 +718,7 @@ int aa_pivotroot(struct aa_label *label, const struct path *old_path,
> aa_put_label(target);
> goto out;
> }
> + aa_put_label(target);
> } else
> /* already audited error */
> error = PTR_ERR(target);
prev parent reply other threads:[~2022-05-19 8:58 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-28 3:39 [PATCH] apparmor: fix reference count leak in aa_pivotroot() Xin Xiong
2022-05-19 8:58 ` John Johansen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b217377a-8675-f17f-05d6-695e424b3d4b@canonical.com \
--to=john.johansen@canonical.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=seth.arnold@canonical.com \
--cc=tanxin.ctf@gmail.com \
--cc=xiongx18@fudan.edu.cn \
--cc=xiyuyang19@fudan.edu.cn \
--cc=yuanxzhang@fudan.edu.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.