UBUNTU: SAUCE: apparmor: fix leak on securityfs pin count

author John Johansen <john.johansen@canonical.com>

Thu, 8 Dec 2016 02:56:31 +0000 (18:56 -0800)

committer Tim Gardner <tim.gardner@canonical.com>

Mon, 20 Feb 2017 03:57:58 +0000 (20:57 -0700)
author John Johansen <john.johansen@canonical.com>
Thu, 8 Dec 2016 02:56:31 +0000 (18:56 -0800)
committer Tim Gardner <tim.gardner@canonical.com>
Mon, 20 Feb 2017 03:57:58 +0000 (20:57 -0700)
diff --git a/include/linux/security.h b/include/linux/security.h

index 7864d10eb29a4e96a6a5b7d01d76225099ca56a0..8bedff634c24840384f7dd2629f06df9df47aa46 100644 (file)
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1634,6 +1634,7 @@ static inline void security_audit_rule_free(void *lsmrule)
  
  #ifdef CONFIG_SECURITYFS
  extern int securityfs_pin_fs(void);
+extern void securityfs_release_fs(void);
  extern int __securityfs_setup_d_inode(struct inode *dir, struct dentry *dentry,
                                       umode_t mode, void *data,
                                       const struct file_operations *fops,
@@ -1653,7 +1654,9 @@ static inline int securityfs_pin_fs(void)
  {
         return -ENODEV;
  }
-
+static inline void securityfs_release_fs(void)
+{
+}
  static inline int __securityfs_setup_d_inode(struct inode *dir,
                                         struct dentry *dentry,
                                         umode_t mode, void *data,
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c

index ee0f998c9e3ff4636f8db5f1f2bedda8c7405ec6..2ded4188773127ec6a044ba9cf5e88f82c1f068a 100644 (file)
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -1057,7 +1057,7 @@ static int ns_mkdir_op(struct inode *dir, struct dentry *dentry, umode_t mode)
         error = __securityfs_setup_d_inode(dir, dentry, mode | S_IFDIR,  NULL,
                                            NULL, NULL);
         if (error)
-               goto out;
+               goto out_pin;
  
         ns = aa_create_ns(parent, ACCESS_ONCE(dentry->d_name.name), dentry);
         if (IS_ERR(ns)) {
@@ -1066,6 +1066,8 @@ static int ns_mkdir_op(struct inode *dir, struct dentry *dentry, umode_t mode)
         }
  
         aa_put_ns(ns);          /* list ref remains */
+out_pin:
+       securityfs_release_fs();
  out:
         aa_put_ns(parent);
  
diff --git a/security/inode.c b/security/inode.c

index 7a8793d9efd8b2fe26807173c8907237c89d6416..6a9643a49289a408f48e552e56e8e32d2dabe953 100644 (file)
--- a/security/inode.c
+++ b/security/inode.c
@@ -51,6 +51,11 @@ int securityfs_pin_fs(void)
         return simple_pin_fs(&fs_type, &mount, &mount_count);
  }
  
+void securityfs_release_fs(void)
+{
+       simple_release_fs(&mount, &mount_count);
+}
+
  int __securityfs_setup_d_inode(struct inode *dir, struct dentry *dentry,
                                umode_t mode, void *data,
                                const struct file_operations *fops,
author	John Johansen <john.johansen@canonical.com>
	Thu, 8 Dec 2016 02:56:31 +0000 (18:56 -0800)
committer	Tim Gardner <tim.gardner@canonical.com>
	Mon, 20 Feb 2017 03:57:58 +0000 (20:57 -0700)
include/linux/security.h		patch \| blob \| blame \| history
security/apparmor/apparmorfs.c		patch \| blob \| blame \| history
security/inode.c		patch \| blob \| blame \| history