]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit
projects / mirror_ubuntu-bionic-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a4f3e1a) | patch
apparmor: delete the dentry in aafs_remove() to avoid a leak
authorChris Coulson <chris.coulson@canonical.com>
Mon, 4 Feb 2019 10:21:23 +0000 (10:21 +0000)
committerMarcelo Henrique Cerri <marcelo.cerri@canonical.com>
Fri, 17 Jan 2020 17:21:41 +0000 (14:21 -0300)
commit831f7c37ed1d0ac948087838a021f5155f52579f
treece548b7d04544559b5e43d40f4165f7977a629catree
parenta4f3e1adb8ea1006728a58d1d58f0d4e3445670bcommit | diff
apparmor: delete the dentry in aafs_remove() to avoid a leak

BugLink: https://bugs.launchpad.net/bugs/1855787
[ Upstream commit 201218e4d3dfa1346e30997f48725acce3f26d01 ]

Although the apparmorfs dentries are always dropped from the dentry cache
when the usage count drops to zero, there is no guarantee that this will
happen in aafs_remove(), as another thread might still be using it. In
this scenario, this means that the dentry will temporarily continue to
appear in the results of lookups, even after the call to aafs_remove().

In the case of removal of a profile - it also causes simple_rmdir()
on the profile directory to fail, as the directory won't be empty until
the usage counts of all child dentries have decreased to zero. This
results in the dentry for the profile directory leaking and appearing
empty in the file system tree forever.

Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
security/apparmor/apparmorfs.c diff | blob | blame | history
ubuntu-bionic-kernel mirror