← Back to branch summary

~apparmor-dev/apparmor/master

« back to all changes in this revision

Viewing changes to kernel-patches/4.5/0015-apparmor-fix-refcount-race-when-finding-a-child-prof.patch

  • Committer: Steve Beattie
  • Date: 2019-02-19 09:38:13 UTC
  • Revision ID: sbeattie@ubuntu.com-20190219093813-ud526ee6hwn8nljz
The AppArmor project has been converted to git and is now hosted on
gitlab.

To get the converted repository, please do
  git clone https://gitlab.com/apparmor/apparmor

Show diffs side-by-side

added added

removed removed

Lines of Context:
kernel-patches/4.5/0015-apparmor-fix-refcount-race-when-finding-a-child-prof.patch
1
 
From 6b0b8b91f454bd021e27abe0e611a6764e4806c1 Mon Sep 17 00:00:00 2001
2
 
From: John Johansen <john.johansen@canonical.com>
3
 
Date: Wed, 16 Dec 2015 18:09:10 -0800
4
 
Subject: [PATCH 15/27] apparmor: fix refcount race when finding a child
5
 
 profile
6
 
 
7
 
When finding a child profile via an rcu critical section, the profile
8
 
may be put and scheduled for deletion after the child is found but
9
 
before its refcount is incremented.
10
 
 
11
 
Protect against this by repeating the lookup if the profiles refcount
12
 
is 0 and is one its way to deletion.
13
 
 
14
 
Signed-off-by: John Johansen <john.johansen@canonical.com>
15
 
Acked-by: Seth Arnold <seth.arnold@canonical.com>
16
 
---
17
 
 security/apparmor/policy.c | 4 +++-
18
 
 1 file changed, 3 insertions(+), 1 deletion(-)
19
 
 
20
 
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
21
 
index ca402d0..7807125 100644
22
 
--- a/security/apparmor/policy.c
23
 
+++ b/security/apparmor/policy.c
24
 
@@ -766,7 +766,9 @@ struct aa_profile *aa_find_child(struct aa_profile *parent, const char *name)
25
 
        struct aa_profile *profile;
26
 
 
27
 
        rcu_read_lock();
28
 
-       profile = aa_get_profile(__find_child(&parent->base.profiles, name));
29
 
+       do {
30
 
+               profile = __find_child(&parent->base.profiles, name);
31
 
+       } while (profile && !aa_get_profile_not0(profile));
32
 
        rcu_read_unlock();
33
 
 
34
 
        /* refcount released by caller */
35
 
2.7.4
36