[PATCH] apparmor: fix reference count leak in aa_pivotroot()

John Johansen john.johansen at canonical.com
Thu May 19 08:58:11 UTC 2022


On 4/27/22 20:39, Xin Xiong wrote:
> The aa_pivotroot() function has a reference counting bug in a specific
> path. When aa_replace_current_label() returns on success, the function
> forgets to decrement the reference count of “target”, which is
> increased earlier by build_pivotroot(), causing a reference leak.
> 
> Fix it by decreasing the refcount of “target” in that path.
> 
> Fixes: 2ea3ffb7782a ("apparmor: add mount mediation")
> Co-developed-by: Xiyu Yang <xiyuyang19 at fudan.edu.cn>
> Signed-off-by: Xiyu Yang <xiyuyang19 at fudan.edu.cn>
> Co-developed-by: Xin Tan <tanxin.ctf at gmail.com>
> Signed-off-by: Xin Tan <tanxin.ctf at gmail.com>
> Signed-off-by: Xin Xiong <xiongx18 at fudan.edu.cn>

thanks I have pulled it into my tree

Acked-by: John Johansen <john.johansen at canonical.com>


> ---
>  security/apparmor/mount.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c
> index aa6fcfde3051..d0b19ab9137d 100644
> --- a/security/apparmor/mount.c
> +++ b/security/apparmor/mount.c
> @@ -718,6 +718,7 @@ int aa_pivotroot(struct aa_label *label, const struct path *old_path,
>  			aa_put_label(target);
>  			goto out;
>  		}
> +		aa_put_label(target);
>  	} else
>  		/* already audited error */
>  		error = PTR_ERR(target);



More information about the Linux-security-module-archive mailing list