[PATCH] apparmor: Fix two bugs of aa_setup_dfa_engine's fail handling
GONG Ruiqi
gongruiqi1 at huawei.com
Thu Apr 23 01:52:29 UTC 2026
Hi Georgia,
On 4/23/2026 5:51 AM, Georgia Garcia wrote:
> ...
>> @@ -2486,7 +2487,6 @@ static int __init aa_setup_dfa_engine(void)
>>
>> fail:
>> aa_put_pdb(nullpdb);
>> - aa_put_dfa(nulldfa);
>
> This isn't right. aa_dfa_unpack does kref_init(&dfa->count), and later
> we have nullpdb->dfa = aa_get_dfa(nulldfa);
> So the second is put on aa_put_pdb but the first, from the init, does
> need to be put too.
Thanks for the feedback, and yes you're right. I didn't notice there's a
kref_init in aa_dfa_unpack...
I will submit a patch that only contains the first fix.
BR,
Ruiqi
>
>> nullpdb = NULL;
>> nulldfa = NULL;
>> stacksplitdfa = NULL;
>
More information about the Linux-security-module-archive
mailing list