1. 16 10月, 2013 1 次提交
    • J
      apparmor: fix memleak of the profile hash · 5cb3e91e
      John Johansen 提交于
      BugLink: http://bugs.launchpad.net/bugs/1235523
      
      This fixes the following kmemleak trace:
      unreferenced object 0xffff8801e8c35680 (size 32):
        comm "apparmor_parser", pid 691, jiffies 4294895667 (age 13230.876s)
        hex dump (first 32 bytes):
          e0 d3 4e b5 ac 6d f4 ed 3f cb ee 48 1c fd 40 cf  ..N..m..?..H..@.
          5b cc e9 93 00 00 00 00 00 00 00 00 00 00 00 00  [...............
        backtrace:
          [<ffffffff817a97ee>] kmemleak_alloc+0x4e/0xb0
          [<ffffffff811ca9f3>] __kmalloc+0x103/0x290
          [<ffffffff8138acbc>] aa_calc_profile_hash+0x6c/0x150
          [<ffffffff8138074d>] aa_unpack+0x39d/0xd50
          [<ffffffff8137eced>] aa_replace_profiles+0x3d/0xd80
          [<ffffffff81376937>] profile_replace+0x37/0x50
          [<ffffffff811e9f2d>] vfs_write+0xbd/0x1e0
          [<ffffffff811ea96c>] SyS_write+0x4c/0xa0
          [<ffffffff817ccb1d>] system_call_fastpath+0x1a/0x1f
          [<ffffffffffffffff>] 0xffffffffffffffff
      Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
      Signed-off-by: NJames Morris <james.l.morris@oracle.com>
      5cb3e91e
  2. 30 9月, 2013 1 次提交
    • J
      apparmor: fix suspicious RCU usage warning in policy.c/policy.h · 4cd4fc77
      John Johansen 提交于
      The recent 3.12 pull request for apparmor was missing a couple rcu _protected
      access modifiers. Resulting in the follow suspicious RCU usage
      
       [   29.804534] [ INFO: suspicious RCU usage. ]
       [   29.804539] 3.11.0+ #5 Not tainted
       [   29.804541] -------------------------------
       [   29.804545] security/apparmor/include/policy.h:363 suspicious rcu_dereference_check() usage!
       [   29.804548]
       [   29.804548] other info that might help us debug this:
       [   29.804548]
       [   29.804553]
       [   29.804553] rcu_scheduler_active = 1, debug_locks = 1
       [   29.804558] 2 locks held by apparmor_parser/1268:
       [   29.804560]  #0:  (sb_writers#9){.+.+.+}, at: [<ffffffff81120a4c>] file_start_write+0x27/0x29
       [   29.804576]  #1:  (&ns->lock){+.+.+.}, at: [<ffffffff811f5d88>] aa_replace_profiles+0x166/0x57c
       [   29.804589]
       [   29.804589] stack backtrace:
       [   29.804595] CPU: 0 PID: 1268 Comm: apparmor_parser Not tainted 3.11.0+ #5
       [   29.804599] Hardware name: ASUSTeK Computer Inc.         UL50VT          /UL50VT    , BIOS 217     03/01/2010
       [   29.804602]  0000000000000000 ffff8800b95a1d90 ffffffff8144eb9b ffff8800b94db540
       [   29.804611]  ffff8800b95a1dc0 ffffffff81087439 ffff880138cc3a18 ffff880138cc3a18
       [   29.804619]  ffff8800b9464a90 ffff880138cc3a38 ffff8800b95a1df0 ffffffff811f5084
       [   29.804628] Call Trace:
       [   29.804636]  [<ffffffff8144eb9b>] dump_stack+0x4e/0x82
       [   29.804642]  [<ffffffff81087439>] lockdep_rcu_suspicious+0xfc/0x105
       [   29.804649]  [<ffffffff811f5084>] __aa_update_replacedby+0x53/0x7f
       [   29.804655]  [<ffffffff811f5408>] __replace_profile+0x11f/0x1ed
       [   29.804661]  [<ffffffff811f6032>] aa_replace_profiles+0x410/0x57c
       [   29.804668]  [<ffffffff811f16d4>] profile_replace+0x35/0x4c
       [   29.804674]  [<ffffffff81120fa3>] vfs_write+0xad/0x113
       [   29.804680]  [<ffffffff81121609>] SyS_write+0x44/0x7a
       [   29.804687]  [<ffffffff8145bfd2>] system_call_fastpath+0x16/0x1b
       [   29.804691]
       [   29.804694] ===============================
       [   29.804697] [ INFO: suspicious RCU usage. ]
       [   29.804700] 3.11.0+ #5 Not tainted
       [   29.804703] -------------------------------
       [   29.804706] security/apparmor/policy.c:566 suspicious rcu_dereference_check() usage!
       [   29.804709]
       [   29.804709] other info that might help us debug this:
       [   29.804709]
       [   29.804714]
       [   29.804714] rcu_scheduler_active = 1, debug_locks = 1
       [   29.804718] 2 locks held by apparmor_parser/1268:
       [   29.804721]  #0:  (sb_writers#9){.+.+.+}, at: [<ffffffff81120a4c>] file_start_write+0x27/0x29
       [   29.804733]  #1:  (&ns->lock){+.+.+.}, at: [<ffffffff811f5d88>] aa_replace_profiles+0x166/0x57c
       [   29.804744]
       [   29.804744] stack backtrace:
       [   29.804750] CPU: 0 PID: 1268 Comm: apparmor_parser Not tainted 3.11.0+ #5
       [   29.804753] Hardware name: ASUSTeK Computer Inc.         UL50VT          /UL50VT    , BIOS 217     03/01/2010
       [   29.804756]  0000000000000000 ffff8800b95a1d80 ffffffff8144eb9b ffff8800b94db540
       [   29.804764]  ffff8800b95a1db0 ffffffff81087439 ffff8800b95b02b0 0000000000000000
       [   29.804772]  ffff8800b9efba08 ffff880138cc3a38 ffff8800b95a1dd0 ffffffff811f4f94
       [   29.804779] Call Trace:
       [   29.804786]  [<ffffffff8144eb9b>] dump_stack+0x4e/0x82
       [   29.804791]  [<ffffffff81087439>] lockdep_rcu_suspicious+0xfc/0x105
       [   29.804798]  [<ffffffff811f4f94>] aa_free_replacedby_kref+0x4d/0x62
       [   29.804804]  [<ffffffff811f4f47>] ? aa_put_namespace+0x17/0x17
       [   29.804810]  [<ffffffff811f4f0b>] kref_put+0x36/0x40
       [   29.804816]  [<ffffffff811f5423>] __replace_profile+0x13a/0x1ed
       [   29.804822]  [<ffffffff811f6032>] aa_replace_profiles+0x410/0x57c
       [   29.804829]  [<ffffffff811f16d4>] profile_replace+0x35/0x4c
       [   29.804835]  [<ffffffff81120fa3>] vfs_write+0xad/0x113
       [   29.804840]  [<ffffffff81121609>] SyS_write+0x44/0x7a
       [   29.804847]  [<ffffffff8145bfd2>] system_call_fastpath+0x16/0x1b
      
      Reported-by: miles.lane@gmail.com
      CC: paulmck@linux.vnet.ibm.com
      Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
      Signed-off-by: NJames Morris <james.l.morris@oracle.com>
      4cd4fc77
  3. 15 8月, 2013 8 次提交
  4. 28 4月, 2013 3 次提交
  5. 24 10月, 2012 1 次提交
  6. 19 5月, 2012 1 次提交
  7. 10 4月, 2012 2 次提交
  8. 04 4月, 2012 1 次提交
  9. 15 3月, 2012 2 次提交
  10. 11 11月, 2010 1 次提交
  11. 08 9月, 2010 1 次提交
  12. 02 8月, 2010 1 次提交
    • J
      AppArmor: core policy routines · c88d4c7b
      John Johansen 提交于
      The basic routines and defines for AppArmor policy.  AppArmor policy
      is defined by a few basic components.
            profiles - the basic unit of confinement contain all the information
                       to enforce policy on a task
      
                       Profiles tend to be named after an executable that they
                       will attach to but this is not required.
            namespaces - a container for a set of profiles that will be used
                       during attachment and transitions between profiles.
            sids - which provide a unique id for each profile
      Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      c88d4c7b