[Bug 329489] Re: locks on unlinked files leak memory in apparmor

[Andy Whitcroft]

** Description changed:

  Apparmor is leaks memory when unlinked files are locked by confined
  processes.
  
  TEST CASE
  
  Confining the following program:
  
  #include <stdio.h>
  #include <unistd.h>
  
  int main(void)
  {
          int i;
          int fd = open("/tmp/.lockfile", O_RDWR|O_CREAT);
          unlink("/tmp/.lockfile");
          
          fork();
          fork();
          fork();
          fork();
  
          for (i = 0; i < 5000; i++) {
                  struct flock lock;
                  lock.l_type = F_WRLCK;
                  lock.l_start = 0;
                  lock.l_whence = SEEK_END;
                  lock.l_len = 0;
                  fcntl(fd,F_SETLKW, &lock);
                  lock.l_type = F_UNLCK;
                  fcntl(fd, F_SETLKW, &lock);
          }
  
          return 0;
  }
  
  with an apparmor policy similar to the following (place the policy in
  /etc/apparmor.d and then do 'sudo /etc/init.d/apparmor restart' to
  reload policy):
  
  #include <tunables/global>
  /PATH/TO/YOUR/COMPILED/BINARY flags=(audit) {
    #include <abstractions/base>
    #include <abstractions/mysql>
    #include <abstractions/nameservice>
  
    capability kill,
    capability net_bind_service,
    capability setgid,
    capability setuid,
  
    # Major libs
    /lib/ld-*.so mr,
    /lib/libc-*.so mr,
    /lib/libpthread-*.so mr,
    /lib/librt-*.so mr,
  
    /tmp/* rwk,
  
  }
  
  (You'll need to change /PATH/TO/YOUR/COMPILED/BINARY in the above
  profile to point the location of the compiled program.)
  
  While running slabtop in another terminal, run the program.
  Without the fix, slabtop should see an increase use of kernel memory, 
typically the kamlloc-256 slab.
  With the fix in place, there shouldn't be much change in slabtop's reported 
output.
  
  /var/log/messages should get a number of audit events (this confirms
  that confinement is applied to the binary in question).
+ 
+ 
+ ===
+ 
+ SRU Justification
+ 
+ Justification: apparmour will leak memory leading to OOM, hangs, or
+ crashes
+ 
+ Impact: certain workloads will cause memory to be leaked for each
+ operation, specifically any name check on removed files
+ 
+ Fix Description: free the memory earlier in the error path
+ 
+ Patch: http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-
+ jaunty.git;a=commit;h=537f85127f05d91f3a464cc3c1808fd8ea75c606
+ 
+ Risks: very well contained and obvious change so this should be low
+ risk.  patch is upstream (apparmour)
+ 
+ TEST CASE:  see above

-- 
locks on unlinked files leak memory in apparmor
https://bugs.launchpad.net/bugs/329489
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs