kernel/linux.git/security/apparmor/lib.c, branch v6.6.40Linux kernel stable tree (mirror)https://git.radix-linux.su/kernel/linux.git/atom?h=v6.6.402024-01-25T23:35:54+00:00apparmor: fix possible memory leak in unpack_trans_table2024-01-25T23:35:54+00:00Fedor Pchelkinpchelkin@ispras.ru2023-12-04T18:19:44+00:00urn:sha1:337c86dc8af9ee6d80f6720a4d71ab6425b033f2
[ Upstream commit 1342ad786073e96fa813ad943c19f586157ae297 ]
If we fail to unpack the transition table then the table elements which
have been already allocated are not freed on error path.
unreferenced object 0xffff88802539e000 (size 128):
comm "apparmor_parser", pid 903, jiffies 4294914938 (age 35.085s)
hex dump (first 32 bytes):
20 73 6f 6d 65 20 6e 61 73 74 79 20 73 74 72 69 some nasty stri
6e 67 20 73 6f 6d 65 20 6e 61 73 74 79 20 73 74 ng some nasty st
backtrace:
[<ffffffff81ddb312>] __kmem_cache_alloc_node+0x1e2/0x2d0
[<ffffffff81c47194>] __kmalloc_node_track_caller+0x54/0x170
[<ffffffff81c225b9>] kmemdup+0x29/0x60
[<ffffffff83e1ee65>] aa_unpack_strdup+0xe5/0x1b0
[<ffffffff83e20808>] unpack_pdb+0xeb8/0x2700
[<ffffffff83e23567>] unpack_profile+0x1507/0x4a30
[<ffffffff83e27bfa>] aa_unpack+0x36a/0x1560
[<ffffffff83e194c3>] aa_replace_profiles+0x213/0x33c0
[<ffffffff83de9461>] policy_update+0x261/0x370
[<ffffffff83de978e>] profile_replace+0x20e/0x2a0
[<ffffffff81eac8bf>] vfs_write+0x2af/0xe00
[<ffffffff81eaddd6>] ksys_write+0x126/0x250
[<ffffffff88f34fb6>] do_syscall_64+0x46/0xf0
[<ffffffff890000ea>] entry_SYSCALL_64_after_hwframe+0x6e/0x76
Call aa_free_str_table() on error path as was done before the blamed
commit. It implements all necessary checks, frees str_table if it is
available and nullifies the pointers.
Found by Linux Verification Center (linuxtesting.org).
Fixes: a0792e2ceddc ("apparmor: make transition table unpack generic so it can be reused")
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
apparmor: rename audit_data->label to audit_data->subj_label2023-11-28T17:20:07+00:00John Johansenjohn.johansen@canonical.com2022-09-19T07:46:09+00:00urn:sha1:30b3669d40ad2400dfac75d1250596b5b0cb241b
[ Upstream commit d20f5a1a6e792d22199c9989ec7ab9e95c48d60c ]
rename audit_data's label field to subj_label to better reflect its
use. Also at the same time drop unneeded assignments to ->subj_label
as the later call to aa_check_perms will do the assignment if needed.
Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Stable-dep-of: 157a3537d6bc ("apparmor: Fix regression in mount mediation")
Signed-off-by: Sasha Levin <sashal@kernel.org>
apparmor: combine common_audit_data and apparmor_audit_data2023-11-28T17:20:07+00:00John Johansenjohn.johansen@canonical.com2022-09-14T07:20:12+00:00urn:sha1:c57bc80f4508acd8c52bd89b01d324889065320d
[ Upstream commit bd7bd201ca46c211c3ab251ca9854787d1331a2f ]
Everywhere where common_audit_data is used apparmor audit_data is also
used. We can simplify the code and drop the use of the aad macro
everywhere by combining the two structures.
Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Stable-dep-of: 157a3537d6bc ("apparmor: Fix regression in mount mediation")
Signed-off-by: Sasha Levin <sashal@kernel.org>
apparmor: Fix kernel-doc warnings in apparmor/lib.c2023-11-28T17:20:07+00:00Gaosheng Cuicuigaosheng1@huawei.com2023-06-25T01:13:44+00:00urn:sha1:73221ebe13d90d1d5ad96c1ef1825f84e961a02e
[ Upstream commit 8921482286116af193980f04f2f2755775a410a5 ]
Fix kernel-doc warnings:
security/apparmor/lib.c:33: warning: Excess function parameter
'str' description in 'aa_free_str_table'
security/apparmor/lib.c:33: warning: Function parameter or member
't' not described in 'aa_free_str_table'
security/apparmor/lib.c:94: warning: Function parameter or
member 'n' not described in 'skipn_spaces'
security/apparmor/lib.c:390: warning: Excess function parameter
'deny' description in 'aa_check_perms'
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Stable-dep-of: 157a3537d6bc ("apparmor: Fix regression in mount mediation")
Signed-off-by: Sasha Levin <sashal@kernel.org>
apparmor: rework profile->rules to be a list2022-10-03T21:49:04+00:00John Johansenjohn.johansen@canonical.com2022-09-06T03:47:36+00:00urn:sha1:1ad22fcc4d0d2fb2e0f35aed555a86d016d5e590
Convert profile->rules to a list as the next step towards supporting
multiple rulesets in a profile. For this step only support a single
list entry item. The logic for iterating the list will come as a
separate step.
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: refactor profile rules and attachments2022-10-03T21:49:04+00:00John Johansenjohn.johansen@canonical.com2022-07-30T00:17:31+00:00urn:sha1:217af7e2f4deb629aaa49622685ccfee923898ca
In preparation for moving from a single set of rules and a single
attachment to multiple rulesets and attachments separate from the
profile refactor attachment information and ruleset info into their
own structures.
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: cleanup: move perm accumulation into perms.h2022-10-03T21:49:04+00:00John Johansenjohn.johansen@canonical.com2022-09-06T06:57:51+00:00urn:sha1:3dfd16ab697ff23973b6fbb89808372bcd008dd1
Perm accumulation is going to be used much more frequently so let
the compiler figure out if it can be optimized when used.
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: make sure perm indexes are accumulated2022-10-03T21:49:04+00:00John Johansenjohn.johansen@canonical.com2022-09-06T06:53:29+00:00urn:sha1:0bece4fa97a2bd397da66d4fced78f76eb214a3e
accumulate permission indexes on a first encountered basis. This
favors original rulesets so that new ones can not override without
profile replacement.
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: add user mode flag2022-10-03T21:49:03+00:00John Johansenjohn.johansen@canonical.com2019-12-17T23:40:41+00:00urn:sha1:22fac8a051191113becc0da62bf88b0ba8ce6c08
Allow the profile to contain a user mode prompt flag. This works similar
to complain mode but will try to send messages to a userspace daemon.
If the daemon is not present or timesout regular informent will occur.
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: add mediation class information to auditing2022-10-03T21:49:03+00:00John Johansenjohn.johansen@canonical.com2022-04-19T23:25:55+00:00urn:sha1:8c4b785a86be1219f7d50f7b38266c454d6a9bbc
Audit messages currently don't contain the mediation class which can
make them less clear than they should be in some circumstances. With
newer mediation classes coming this potential confusion will become
worse.
Fix this by adding the mediatin class to the messages.
Signed-off-by: John Johansen <john.johansen@canonical.com>