On Wed, Apr 20, 2016 at 11:52:57PM -0700, John Johansen wrote: > When finding a child profile via an rcu critical section, the profile > may be put and scheduled for deletion after the child is found but > before its refcount is incremented. > > Protect against this by repeating the lookup if the profiles refcount > is 0 and is one its way to deletion. > > Signed-off-by: John Johansen <[email protected]>
Acked-by: Seth Arnold <[email protected]> THanks > --- > security/apparmor/policy.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c > index ca402d0..7807125 100644 > --- a/security/apparmor/policy.c > +++ b/security/apparmor/policy.c > @@ -766,7 +766,9 @@ struct aa_profile *aa_find_child(struct aa_profile > *parent, const char *name) > struct aa_profile *profile; > > rcu_read_lock(); > - profile = aa_get_profile(__find_child(&parent->base.profiles, name)); > + do { > + profile = __find_child(&parent->base.profiles, name); > + } while (profile && !aa_get_profile_not0(profile)); > rcu_read_unlock(); > > /* refcount released by caller */
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
