brain-hackers_pepepper-mirror
/
linux-brain
mirror of https://github.com/brain-hackers/linux-brain.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux-brain/security
History
Chris Coulson 01dbfb2c74 apparmor: delete the dentry in aafs_remove() to avoid a leak 
[ Upstream commit 201218e4d3 ]

Although the apparmorfs dentries are always dropped from the dentry cache
when the usage count drops to zero, there is no guarantee that this will
happen in aafs_remove(), as another thread might still be using it. In
this scenario, this means that the dentry will temporarily continue to
appear in the results of lookups, even after the call to aafs_remove().

In the case of removal of a profile - it also causes simple_rmdir()
on the profile directory to fail, as the directory won't be empty until
the usage counts of all child dentries have decreased to zero. This
results in the dentry for the profile directory leaking and appearing
empty in the file system tree forever.

Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2019-12-05 15:38:01 +01:00
..
apparmor apparmor: delete the dentry in aafs_remove() to avoid a leak 2019-12-05 15:38:01 +01:00
integrity ima: always return negative code for error 2019-10-11 18:18:37 +02:00
keys keys: Fix missing null pointer check in request_key_auth_describe() 2019-09-21 07:15:45 +02:00
loadpin security: mark LSM hooks as __ro_after_init 2017-03-06 11:00:15 +11:00
selinux selinux: fix memory leak in policydb_init() 2019-08-06 19:05:26 +02:00
smack smack: use GFP_NOFS while holding inode_smack::smk_lock 2019-10-07 18:55:22 +02:00
tomoyo License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
yama Yama: Check for pid death before checking ancestry 2019-01-23 08:09:48 +01:00
Kconfig /dev/mem: Add bounce buffer for copy-out 2018-03-24 11:01:24 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
commoncap.c cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias() 2018-09-09 19:56:01 +02:00
device_cgroup.c device_cgroup: fix RCU imbalance in error case 2019-04-27 09:35:40 +02:00
inode.c securityfs: fix use-after-free on symlink traversal 2019-05-25 18:25:34 +02:00
lsm_audit.c missing barriers in some of unix_sock ->addr and ->path accesses 2019-03-19 13:13:24 +01:00
min_addr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
security.c LSM: Check for NULL cred-security on free 2019-01-23 08:09:50 +01:00