UBUNTU: SAUCE: apparmor: fix leak on securityfs pin count

author John Johansen <john.johansen@canonical.com>

Wed, 1 Feb 2017 09:06:01 +0000 (01:06 -0800)

committer Thadeu Lima de Souza Cascardo <cascardo@canonical.com>

Wed, 8 Mar 2017 13:35:44 +0000 (10:35 -0300)
author John Johansen <john.johansen@canonical.com>
Wed, 1 Feb 2017 09:06:01 +0000 (01:06 -0800)
committer Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Wed, 8 Mar 2017 13:35:44 +0000 (10:35 -0300)
diff --git a/include/linux/security.h b/include/linux/security.h

index 32a40430732eb2d5df349a967fcefbcf8b5b60dc..a31c1db91178b6b16e865de14ba9b18eb42e485a 100644 (file)
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1587,6 +1587,7 @@ static inline void security_audit_rule_free(void *lsmrule)
  
  #ifdef CONFIG_SECURITYFS
  extern int securityfs_pin_fs(void);
+extern void securityfs_release_fs(void);
  extern int __securityfs_setup_d_inode(struct inode *dir, struct dentry *dentry,
                                       umode_t mode, void *data,
                                       const struct file_operations *fops,
@@ -1606,7 +1607,9 @@ static inline int securityfs_pin_fs(void)
  {
         return -ENODEV;
  }
-
+static inline void securityfs_release_fs(void)
+{
+}
  static inline int __securityfs_setup_d_inode(struct inode *dir,
                                         struct dentry *dentry,
                                         umode_t mode, void *data,
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c

index 3f1dd678ff60015bb0066c79f2f9332062e35012..ee9a780b0d720a7b5d73e27c14dc3eb01f619ce7 100644 (file)
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -1057,7 +1057,7 @@ static int ns_mkdir_op(struct inode *dir, struct dentry *dentry, umode_t mode)
         error = __securityfs_setup_d_inode(dir, dentry, mode | S_IFDIR,  NULL,
                                            NULL, NULL);
         if (error)
-               goto out;
+               goto out_pin;
  
         ns = aa_create_ns(parent, ACCESS_ONCE(dentry->d_name.name), dentry);
         if (IS_ERR(ns)) {
@@ -1066,6 +1066,8 @@ static int ns_mkdir_op(struct inode *dir, struct dentry *dentry, umode_t mode)
         }
  
         aa_put_ns(ns);          /* list ref remains */
+out_pin:
+       securityfs_release_fs();
  out:
         aa_put_ns(parent);
  
diff --git a/security/inode.c b/security/inode.c

index 692b284038601529cbb72099353b5fdc46839d10..e7018203a294d5c0caaeb2c16d147684ab4e06ff 100644 (file)
--- a/security/inode.c
+++ b/security/inode.c
@@ -51,6 +51,11 @@ int securityfs_pin_fs(void)
         return simple_pin_fs(&fs_type, &mount, &mount_count);
  }
  
+void securityfs_release_fs(void)
+{
+       simple_release_fs(&mount, &mount_count);
+}
+
  int __securityfs_setup_d_inode(struct inode *dir, struct dentry *dentry,
                                umode_t mode, void *data,
                                const struct file_operations *fops,
author	John Johansen <john.johansen@canonical.com>
	Wed, 1 Feb 2017 09:06:01 +0000 (01:06 -0800)
committer	Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
	Wed, 8 Mar 2017 13:35:44 +0000 (10:35 -0300)
include/linux/security.h		patch \| blob \| blame \| history
security/apparmor/apparmorfs.c		patch \| blob \| blame \| history
security/inode.c		patch \| blob \| blame \| history