kernel-packages team mailing list archive

Thread
Date

[Bug 1308765] Re: refcount bug in apparmor pivotroot handling

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Andy Whitcroft <apw@xxxxxxxxxxxxx>
Date: Wed, 28 May 2014 11:46:36 -0000
Reply-to: Bug 1308765 <1308765@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: linux (Ubuntu Utopic)
   Importance: Undecided
     Assignee: John Johansen (jjohansen)
       Status: Confirmed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1308765

Title:
  refcount bug in apparmor pivotroot handling

Status in “linux” package in Ubuntu:
  Confirmed
Status in “linux” source package in Trusty:
  Confirmed
Status in “linux” source package in Utopic:
  Confirmed

Bug description:
  There is a profile refcount bug in apparmor pivot_root mediation.

  The code increments the profile refcount in one function and
  decrements the refcount in another. However the code refactoring made
  it so the target profile, that has its refcount incremented is not
  returned to the fn that is putting the reference. This results in the
  put always being done on NULL, so that the reference is never actually
  decremented.

  This bug will result in the memory associated with the profile leaking
  if the profile is ever replaced or removed.

  This bug was discovered in auditing of the code

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1308765/+subscriptions

References

[Bug 1308765] [NEW] refcount bug in apparmor pivotroot handling
From: John Johansen, 2014-04-16