TononixOS/ubports_kernel_google_msm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

UBUNTU: SAUCE: (no-up) apparmor: fix apparmor refcount bug in apparmor_kill

Browse Source 
This is a fix to code that is not upstream.

There is a race window in the apparmor_kill hook, that may result in a
profile refcount being decremented without a previous increment. This
can result in the profile being freed, while references still exist and
can lead to an oops.

The race window exists for the time after the profile has been replaced
but before the task cred has been updated to the new profile.

BugLink: http://bugs.launchpad.net/bugs/1308764

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
This commit is contained in:
John Johansen
2014-05-15 07:43:00 -07:00
committed by Tim Gardner
parent 1b8dd160bb
commit f5131911fb
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
security/apparmor/lsm.c
View File

@@ -1114,7 +1114,7 @@ static int apparmor_task_kill(struct task_struct *target, struct siginfo *info,
* Dealing with USB IO specific behavior * Dealing with USB IO specific behavior
*/ */
return 0; return 0;
cl = __aa_current_label(); cl = __aa_get_current_label();
tl = aa_get_task_label(target); tl = aa_get_task_label(target);
error = aa_may_signal(cl, tl, sig); error = aa_may_signal(cl, tl, sig);
aa_put_label(tl); aa_put_label(tl);