diff mbox series

[-next] apparmor: fix a memleak in free_ruleset()

Message ID 20221025035930.2151976-1-cuigaosheng1@huawei.com (mailing list archive)
State Handled Elsewhere
Headers show
Series [-next] apparmor: fix a memleak in free_ruleset() | expand

Commit Message

cuigaosheng Oct. 25, 2022, 3:59 a.m. UTC
When the aa_profile is released, we will call free_ruleset to
release aa_ruleset, but we don't free the memory of aa_ruleset,
so there will be memleak, fix it.

unreferenced object 0xffff8881475df800 (size 1024):
  comm "apparmor_parser", pid 883, jiffies 4294899650 (age 9114.088s)
  hex dump (first 32 bytes):
    00 f8 5d 47 81 88 ff ff 00 f8 5d 47 81 88 ff ff  ..]G......]G....
    00 00 00 00 00 00 00 00 00 dc 65 47 81 88 ff ff  ..........eG....
  backtrace:
    [<00000000370e658e>] __kmem_cache_alloc_node+0x182/0x700
    [<00000000f2f5a6d2>] kmalloc_trace+0x2c/0x130
    [<00000000c5c905b3>] aa_alloc_profile+0x1bc/0x5c0
    [<00000000bc4fa72b>] unpack_profile+0x319/0x30c0
    [<00000000eab791e9>] aa_unpack+0x307/0x1450
    [<000000002c3a6ee1>] aa_replace_profiles+0x1b8/0x3790
    [<00000000d0c3fd54>] policy_update+0x35a/0x890
    [<00000000d04fed90>] profile_replace+0x1d1/0x260
    [<00000000cba0c0a7>] vfs_write+0x283/0xd10
    [<000000006bae64a5>] ksys_write+0x134/0x260
    [<00000000b2fd8f31>] __x64_sys_write+0x78/0xb0
    [<00000000f3c8a015>] do_syscall_64+0x5c/0x90
    [<00000000a242b1db>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

Fixes: 217af7e2f4de ("apparmor: refactor profile rules and attachments")
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
---
 security/apparmor/policy.c | 1 +
 1 file changed, 1 insertion(+)

Comments

John Johansen Oct. 25, 2022, 5:46 a.m. UTC | #1
On 10/24/22 20:59, Gaosheng Cui wrote:
> When the aa_profile is released, we will call free_ruleset to
> release aa_ruleset, but we don't free the memory of aa_ruleset,
> so there will be memleak, fix it.
> 
> unreferenced object 0xffff8881475df800 (size 1024):
>    comm "apparmor_parser", pid 883, jiffies 4294899650 (age 9114.088s)
>    hex dump (first 32 bytes):
>      00 f8 5d 47 81 88 ff ff 00 f8 5d 47 81 88 ff ff  ..]G......]G....
>      00 00 00 00 00 00 00 00 00 dc 65 47 81 88 ff ff  ..........eG....
>    backtrace:
>      [<00000000370e658e>] __kmem_cache_alloc_node+0x182/0x700
>      [<00000000f2f5a6d2>] kmalloc_trace+0x2c/0x130
>      [<00000000c5c905b3>] aa_alloc_profile+0x1bc/0x5c0
>      [<00000000bc4fa72b>] unpack_profile+0x319/0x30c0
>      [<00000000eab791e9>] aa_unpack+0x307/0x1450
>      [<000000002c3a6ee1>] aa_replace_profiles+0x1b8/0x3790
>      [<00000000d0c3fd54>] policy_update+0x35a/0x890
>      [<00000000d04fed90>] profile_replace+0x1d1/0x260
>      [<00000000cba0c0a7>] vfs_write+0x283/0xd10
>      [<000000006bae64a5>] ksys_write+0x134/0x260
>      [<00000000b2fd8f31>] __x64_sys_write+0x78/0xb0
>      [<00000000f3c8a015>] do_syscall_64+0x5c/0x90
>      [<00000000a242b1db>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
> 
> Fixes: 217af7e2f4de ("apparmor: refactor profile rules and attachments")
> Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>

Acked-by: John Johansen <john.johansen@canonical.com>

I have pulled this into apparmor-next

> ---
>   security/apparmor/policy.c | 1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
> index 6f4cc8bfe03d..ebb99a12929b 100644
> --- a/security/apparmor/policy.c
> +++ b/security/apparmor/policy.c
> @@ -215,6 +215,7 @@ static void free_ruleset(struct aa_ruleset *rules)
>   	for (i = 0; i < rules->secmark_count; i++)
>   		kfree_sensitive(rules->secmark[i].label);
>   	kfree_sensitive(rules->secmark);
> +	kfree_sensitive(rules);
>   }
>   
>   struct aa_ruleset *aa_alloc_ruleset(gfp_t gfp)
diff mbox series

Patch

diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index 6f4cc8bfe03d..ebb99a12929b 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -215,6 +215,7 @@  static void free_ruleset(struct aa_ruleset *rules)
 	for (i = 0; i < rules->secmark_count; i++)
 		kfree_sensitive(rules->secmark[i].label);
 	kfree_sensitive(rules->secmark);
+	kfree_sensitive(rules);
 }
 
 struct aa_ruleset *aa_alloc_ruleset(gfp_t gfp)