1
From 6b0b8b91f454bd021e27abe0e611a6764e4806c1 Mon Sep 17 00:00:00 2001
2
From: John Johansen <john.johansen@canonical.com>
3
Date: Wed, 16 Dec 2015 18:09:10 -0800
4
Subject: [PATCH 15/27] apparmor: fix refcount race when finding a child
7
When finding a child profile via an rcu critical section, the profile
8
may be put and scheduled for deletion after the child is found but
9
before its refcount is incremented.
11
Protect against this by repeating the lookup if the profiles refcount
12
is 0 and is one its way to deletion.
14
Signed-off-by: John Johansen <john.johansen@canonical.com>
15
Acked-by: Seth Arnold <seth.arnold@canonical.com>
17
security/apparmor/policy.c | 4 +++-
18
1 file changed, 3 insertions(+), 1 deletion(-)
20
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
21
index ca402d0..7807125 100644
22
--- a/security/apparmor/policy.c
23
+++ b/security/apparmor/policy.c
24
@@ -766,7 +766,9 @@ struct aa_profile *aa_find_child(struct aa_profile *parent, const char *name)
25
struct aa_profile *profile;
28
- profile = aa_get_profile(__find_child(&parent->base.profiles, name));
30
+ profile = __find_child(&parent->base.profiles, name);
31
+ } while (profile && !aa_get_profile_not0(profile));
34
/* refcount released by caller */