This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed- bionic'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1939915 Title: memory leaking when removing a profile Status in AppArmor: New Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Fix Committed Status in linux source package in Bionic: Fix Committed Status in linux source package in Focal: Fix Committed Bug description: There's a memory leak in the kernel when removing a profile. A simple reproducible example: root@ubuntu:~# echo "profile foo {}" > profile root@ubuntu:~# apparmor_parser profile root@ubuntu:~# apparmor_parser -R profile root@ubuntu:~# echo scan > /sys/kernel/debug/kmemleak root@ubuntu:~# cat /sys/kernel/debug/kmemleak unreferenced object 0xffff99bcf5128bb0 (size 16): comm "apparmor_parser", pid 1318, jiffies 4295139856 (age 33.196s) hex dump (first 16 bytes): 01 00 00 00 00 00 00 00 98 1f 01 fd bc 99 ff ff ................ backtrace: [<00000000b1f68969>] kmem_cache_alloc_trace+0xd8/0x1e0 [<0000000086ca7bd9>] aa_alloc_proxy+0x30/0x60 [<000000000e34f34c>] aa_alloc_profile+0xd4/0x100 [<00000000c2e34769>] unpack_profile+0x16f/0xe10 [<0000000019033e2b>] aa_unpack+0x119/0x500 [<00000000a97520b2>] aa_replace_profiles+0x94/0xca0 [<000000001833f520>] policy_update+0x124/0x1e0 [<00000000992f950e>] profile_load+0x7d/0xa0 [<00000000db7852ce>] __vfs_write+0x1b/0x40 [<000000004e709f5d>] vfs_write+0xb9/0x1a0 [<00000000280db840>] SyS_write+0x5e/0xe0 [<0000000014c5ab5d>] do_syscall_64+0x79/0x130 [<00000000e962a389>] entry_SYSCALL_64_after_hwframe+0x41/0xa6 [<000000009d368497>] 0xffffffffffffffff This issue was already fixed upstream 3622ad25d4d6 v5.8-rc1~102^2 It still needs to be applied on xenial, bionic and focal. This issue could lead to a OOM and eventually DoS. We could see this issue happening during a test in which snaps were disconnected and reconnected, causing the leak every time the profile was removed. Since it is a refcount issue, there could be a lot of memory involved because the whole profile would be leaked. Note that only privileged users can remove a profile. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1939915/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
