From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B4110C432C0 for ; Fri, 22 Nov 2019 05:54:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 7EDDB20659 for ; Fri, 22 Nov 2019 05:54:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1574402045; bh=LblJZ/hDggYRNLdYlwjonAHuue8tQ0vAk81anousPrs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=jMR9d8xNv2VcQp1P+vqKUAFUE5oycgf36xLTkvtXSFzu5hNvB2RusMBg0X86kBGNM p0qkrrhiDr15VFaqZXW5FMa7nZLrcaKh8VLBWMTRVFAFLh7x2e5FpaG2/VQm82HTXO dxeCq5CbHkFQF+ovvSJcWOUj6LhmIGXV3oa9qdUY= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728820AbfKVFxR (ORCPT ); Fri, 22 Nov 2019 00:53:17 -0500 Received: from mail.kernel.org ([198.145.29.99]:59098 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726018AbfKVFxH (ORCPT ); Fri, 22 Nov 2019 00:53:07 -0500 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 1066B20854; Fri, 22 Nov 2019 05:53:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1574401986; bh=LblJZ/hDggYRNLdYlwjonAHuue8tQ0vAk81anousPrs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=tIs7zTB7DvSRyVgrFREfrKdQN7YHjVwQYgbZDVA9K1GhR57QJmLF60QwDrxNR18Kk mINECowYaNX/pfXY+Tu4JXsLcdN/U1ybXEXxgXwvxlkt9d39LgC7I89GxnqI5Z8nhK Vp2JxwJOP/h8C4okbXQBMA79vizeH/earcccWrx0= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Chris Coulson , John Johansen , Sasha Levin , linux-security-module@vger.kernel.org Subject: [PATCH AUTOSEL 4.19 205/219] apparmor: delete the dentry in aafs_remove() to avoid a leak Date: Fri, 22 Nov 2019 00:48:56 -0500 Message-Id: <20191122054911.1750-197-sashal@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191122054911.1750-1-sashal@kernel.org> References: <20191122054911.1750-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Chris Coulson [ Upstream commit 201218e4d3dfa1346e30997f48725acce3f26d01 ] Although the apparmorfs dentries are always dropped from the dentry cache when the usage count drops to zero, there is no guarantee that this will happen in aafs_remove(), as another thread might still be using it. In this scenario, this means that the dentry will temporarily continue to appear in the results of lookups, even after the call to aafs_remove(). In the case of removal of a profile - it also causes simple_rmdir() on the profile directory to fail, as the directory won't be empty until the usage counts of all child dentries have decreased to zero. This results in the dentry for the profile directory leaking and appearing empty in the file system tree forever. Signed-off-by: Chris Coulson Signed-off-by: John Johansen Signed-off-by: Sasha Levin --- security/apparmor/apparmorfs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 40e3a098f6fb5..d95a7e41a29d4 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -361,6 +361,7 @@ static void aafs_remove(struct dentry *dentry) simple_rmdir(dir, dentry); else simple_unlink(dir, dentry); + d_delete(dentry); dput(dentry); } inode_unlock(dir); -- 2.20.1