Verification done on "Disco" (linux-hwe-5.0)
---
# uname -rv
5.0.0-58-generic #62~18.04.1-Ubuntu SMP Tue Jul 14 03:37:30 UTC 2020
For some other reason the kprobes module is not picking up on accept,
only on release. This is unrelated to this patchset.
I used kprobe events instead, which is working, and reveals the ref
counter does not leak (stable increase/decrease on accept/release.)
On the example below, it varies between 0x64b and 0x64c, correctly.
# ./aa-refcnt-af_alg &
# echo 'p af_alg_accept sk=%di count=+0x0(+0x0(+0x278(%di))):x32' >
/sys/kernel/debug/tracing/kprobe_events
# echo 'p af_alg_release_parent sk=%di count=+0x0(+0x0(+0x278(%di))):x32' >>
/sys/kernel/debug/tracing/kprobe_events
# echo 1 > /sys/kernel/debug/tracing/events/kprobes/enable
# cat /sys/kernel/debug/tracing/trace_pipe
...
aa-refcnt-af_al-21362 [002] .... 77023.869615: p_af_alg_accept_0:
(af_alg_accept+0x0/0x1c0 [af_alg]) sk=0xffff9138b54c2400 count=0x64b
aa-refcnt-af_al-21362 [002] .... 77023.869619: p_af_alg_release_parent_0:
(af_alg_release_parent+0x0/0xc0 [af_alg]) sk=0xffff9138b5e27800 count=0x64c
aa-refcnt-af_al-21362 [002] .... 77023.869623: p_af_alg_accept_0:
(af_alg_accept+0x0/0x1c0 [af_alg]) sk=0xffff9138b54c2400 count=0x64b
aa-refcnt-af_al-21362 [002] .... 77023.869626: p_af_alg_release_parent_0:
(af_alg_release_parent+0x0/0xc0 [af_alg]) sk=0xffff9138b5e27800 count=0x64c
aa-refcnt-af_al-21362 [002] .... 77023.869630: p_af_alg_accept_0:
(af_alg_accept+0x0/0x1c0 [af_alg]) sk=0xffff9138b54c2400 count=0x64b
aa-refcnt-af_al-21362 [002] .... 77023.869633: p_af_alg_release_parent_0:
(af_alg_release_parent+0x0/0xc0 [af_alg]) sk=0xffff9138b5e27800 count=0x64c
...
ctrl-c
# echo 0 > /sys/kernel/debug/tracing/events/kprobes/enable
# echo > /sys/kernel/debug/tracing/kprobe_events
# killall aa-refcnt-af_alg
Details:
-------
We want this value from 'struct sock *sk':
kref_read(&SK_CTX(sk)->label->count)
With:
#define SK_CTX(X) apparmor_sock(X)
static inline struct aa_sk_ctx *apparmor_sock(const struct sock *sk)
...
return sk->sk_security + apparmor_blob_sizes->lbs_sock;
...
Checking the value for lbs_sock w/ a kernel module:
[76604.268403] apparmor_blob_sizes->lbs_sock: 0
And struct member offsets:
$ pahole --hex -C sock usr/lib/debug/boot/vmlinux-5.0.0-58-generic |
grep sk_security
void * sk_security; /* 0x278 0x8
*/
$ pahole --hex -C aa_sk_ctx usr/lib/debug/boot/vmlinux-5.0.0-58-generic
| grep -w label
struct aa_label * label; /* 0 0x8
*/
$ pahole --hex -C aa_label usr/lib/debug/boot/vmlinux-5.0.0-58-generic
| grep -w count
struct kref count; /* 0 0x4
*/
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1883962
Title:
apparmor reference leak causes refcount_t overflow with
af_alg_accept()
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883962/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
