null profiles are supposed to be auto removed from the profile list when their last reference is put. However removing a profile from the profile list in the free path is not yet supported due to locking issue.
as such it is possible that the null profile will go through the free cycle without being freed from the list. Which will result in an oops or BUG() Signed-off-by: John Johansen <[email protected]> --- security/apparmor/policy.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index 249d278..720b952 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -757,6 +757,8 @@ struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat) profile->ns = aa_get_namespace(parent->ns); mutex_lock(&profile->ns->lock); + /* add list ref */ + aa_get_profile(profile); __list_add_profile(&parent->base.profiles, profile); mutex_unlock(&profile->ns->lock); -- 1.7.10.4 -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
