| Message ID | 20221025035930.2151976-1-cuigaosheng1@huawei.com (mailing list archive) |
|---|---|
| State | Handled Elsewhere |
| Headers | show |
| Series | [-next] apparmor: fix a memleak in free_ruleset() | expand |
On 10/24/22 20:59, Gaosheng Cui wrote: > When the aa_profile is released, we will call free_ruleset to > release aa_ruleset, but we don't free the memory of aa_ruleset, > so there will be memleak, fix it. > > unreferenced object 0xffff8881475df800 (size 1024): > comm "apparmor_parser", pid 883, jiffies 4294899650 (age 9114.088s) > hex dump (first 32 bytes): > 00 f8 5d 47 81 88 ff ff 00 f8 5d 47 81 88 ff ff ..]G......]G.... > 00 00 00 00 00 00 00 00 00 dc 65 47 81 88 ff ff ..........eG.... > backtrace: > [<00000000370e658e>] __kmem_cache_alloc_node+0x182/0x700 > [<00000000f2f5a6d2>] kmalloc_trace+0x2c/0x130 > [<00000000c5c905b3>] aa_alloc_profile+0x1bc/0x5c0 > [<00000000bc4fa72b>] unpack_profile+0x319/0x30c0 > [<00000000eab791e9>] aa_unpack+0x307/0x1450 > [<000000002c3a6ee1>] aa_replace_profiles+0x1b8/0x3790 > [<00000000d0c3fd54>] policy_update+0x35a/0x890 > [<00000000d04fed90>] profile_replace+0x1d1/0x260 > [<00000000cba0c0a7>] vfs_write+0x283/0xd10 > [<000000006bae64a5>] ksys_write+0x134/0x260 > [<00000000b2fd8f31>] __x64_sys_write+0x78/0xb0 > [<00000000f3c8a015>] do_syscall_64+0x5c/0x90 > [<00000000a242b1db>] entry_SYSCALL_64_after_hwframe+0x63/0xcd > > Fixes: 217af7e2f4de ("apparmor: refactor profile rules and attachments") > Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com> Acked-by: John Johansen <john.johansen@canonical.com> I have pulled this into apparmor-next > --- > security/apparmor/policy.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c > index 6f4cc8bfe03d..ebb99a12929b 100644 > --- a/security/apparmor/policy.c > +++ b/security/apparmor/policy.c > @@ -215,6 +215,7 @@ static void free_ruleset(struct aa_ruleset *rules) > for (i = 0; i < rules->secmark_count; i++) > kfree_sensitive(rules->secmark[i].label); > kfree_sensitive(rules->secmark); > + kfree_sensitive(rules); > } > > struct aa_ruleset *aa_alloc_ruleset(gfp_t gfp)
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index 6f4cc8bfe03d..ebb99a12929b 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -215,6 +215,7 @@ static void free_ruleset(struct aa_ruleset *rules) for (i = 0; i < rules->secmark_count; i++) kfree_sensitive(rules->secmark[i].label); kfree_sensitive(rules->secmark); + kfree_sensitive(rules); } struct aa_ruleset *aa_alloc_ruleset(gfp_t gfp)
When the aa_profile is released, we will call free_ruleset to release aa_ruleset, but we don't free the memory of aa_ruleset, so there will be memleak, fix it. unreferenced object 0xffff8881475df800 (size 1024): comm "apparmor_parser", pid 883, jiffies 4294899650 (age 9114.088s) hex dump (first 32 bytes): 00 f8 5d 47 81 88 ff ff 00 f8 5d 47 81 88 ff ff ..]G......]G.... 00 00 00 00 00 00 00 00 00 dc 65 47 81 88 ff ff ..........eG.... backtrace: [<00000000370e658e>] __kmem_cache_alloc_node+0x182/0x700 [<00000000f2f5a6d2>] kmalloc_trace+0x2c/0x130 [<00000000c5c905b3>] aa_alloc_profile+0x1bc/0x5c0 [<00000000bc4fa72b>] unpack_profile+0x319/0x30c0 [<00000000eab791e9>] aa_unpack+0x307/0x1450 [<000000002c3a6ee1>] aa_replace_profiles+0x1b8/0x3790 [<00000000d0c3fd54>] policy_update+0x35a/0x890 [<00000000d04fed90>] profile_replace+0x1d1/0x260 [<00000000cba0c0a7>] vfs_write+0x283/0xd10 [<000000006bae64a5>] ksys_write+0x134/0x260 [<00000000b2fd8f31>] __x64_sys_write+0x78/0xb0 [<00000000f3c8a015>] do_syscall_64+0x5c/0x90 [<00000000a242b1db>] entry_SYSCALL_64_after_hwframe+0x63/0xcd Fixes: 217af7e2f4de ("apparmor: refactor profile rules and attachments") Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com> --- security/apparmor/policy.c | 1 + 1 file changed, 1 insertion(+)