[apparmor] [PATCH 34/43] apparmor: temp fix refcount on null-profiles
John Johansen
john.johansen at canonical.com
Fri Feb 8 21:01:10 UTC 2013
null profiles are supposed to be auto removed from the profile list
when their last reference is put. However removing a profile from the
profile list in the free path is not yet supported due to locking
issue.
as such it is possible that the null profile will go through the free
cycle without being freed from the list. Which will result in an oops
or BUG()
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
security/apparmor/policy.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index 249d278..720b952 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -757,6 +757,8 @@ struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat)
profile->ns = aa_get_namespace(parent->ns);
mutex_lock(&profile->ns->lock);
+ /* add list ref */
+ aa_get_profile(profile);
__list_add_profile(&parent->base.profiles, profile);
mutex_unlock(&profile->ns->lock);
--
1.7.10.4
More information about the AppArmor
mailing list