← Back to branch summary

~apparmor-dev/apparmor/master

« back to all changes in this revision

Viewing changes to kernel-patches/v4.13/0014-apparmor-fix-race-condition-in-null-profile-creation.patch

  • Committer: Steve Beattie
  • Date: 2019-02-19 09:38:13 UTC
  • Revision ID: sbeattie@ubuntu.com-20190219093813-ud526ee6hwn8nljz
The AppArmor project has been converted to git and is now hosted on
gitlab.

To get the converted repository, please do
  git clone https://gitlab.com/apparmor/apparmor

Show diffs side-by-side

added added

removed removed

Lines of Context:
kernel-patches/v4.13/0014-apparmor-fix-race-condition-in-null-profile-creation.patch
1
 
From ab3b869791b6122c7be7e68ca4c08e2c2e8815ac Mon Sep 17 00:00:00 2001
2
 
From: John Johansen <john.johansen@canonical.com>
3
 
Date: Wed, 16 Aug 2017 05:40:49 -0700
4
 
Subject: [PATCH 14/17] apparmor: fix race condition in null profile creation
5
 
 
6
 
There is a race when null- profile is being created between the
7
 
initial lookup/creation of the profile and lock/addition of the
8
 
profile. This could result in multiple version of a profile being
9
 
added to the list which need to be removed/replaced.
10
 
 
11
 
Since these are learning profile their is no affect on mediation.
12
 
 
13
 
Signed-off-by: John Johansen <john.johansen@canonical.com>
14
 
(cherry picked from commit 3aa3de2a4fb8f33ec62b00998bc6b6c6850d41b1)
15
 
---
16
 
 security/apparmor/policy.c | 14 +++++++++++---
17
 
 1 file changed, 11 insertions(+), 3 deletions(-)
18
 
 
19
 
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
20
 
index a81a384a63b1..4243b0c3f0e4 100644
21
 
--- a/security/apparmor/policy.c
22
 
+++ b/security/apparmor/policy.c
23
 
@@ -500,7 +500,8 @@ struct aa_profile *aa_fqlookupn_profile(struct aa_label *base,
24
 
 struct aa_profile *aa_new_null_profile(struct aa_profile *parent, bool hat,
25
 
                                       const char *base, gfp_t gfp)
26
 
 {
27
 
-       struct aa_profile *profile;
28
 
+       struct aa_profile *p, *profile;
29
 
+       const char *bname;
30
 
        char *name;
31
 
 
32
 
        AA_BUG(!parent);
33
 
@@ -523,7 +524,8 @@ struct aa_profile *aa_new_null_profile(struct aa_profile *parent, bool hat,
34
 
 
35
 
 name:
36
 
        /* lookup to see if this is a dup creation */
37
 
-       profile = aa_find_child(parent, basename(name));
38
 
+       bname = basename(name);
39
 
+       profile = aa_find_child(parent, bname);
40
 
        if (profile)
41
 
                goto out;
42
 
 
43
 
@@ -544,7 +546,13 @@ struct aa_profile *aa_new_null_profile(struct aa_profile *parent, bool hat,
44
 
        profile->policy.dfa = aa_get_dfa(nulldfa);
45
 
 
46
 
        mutex_lock(&profile->ns->lock);
47
 
-       __add_profile(&parent->base.profiles, profile);
48
 
+       p = __find_child(&parent->base.profiles, bname);
49
 
+       if (p) {
50
 
+               aa_free_profile(profile);
51
 
+               profile = aa_get_profile(p);
52
 
+       } else {
53
 
+               __add_profile(&parent->base.profiles, profile);
54
 
+       }
55
 
        mutex_unlock(&profile->ns->lock);
56
 
 
57
 
        /* refcount released by caller */
58
 
2.11.0
59