summaryrefslogtreecommitdiffstats
path: root/security/apparmor
diff options
context:
space:
mode:
authorChris Coulson <chris.coulson@canonical.com>2019-02-04 11:21:23 +0100
committerJohn Johansen <john.johansen@canonical.com>2019-03-12 11:48:02 +0100
commit201218e4d3dfa1346e30997f48725acce3f26d01 (patch)
tree9f375de24babb88d6b14e42f2824adb232798873 /security/apparmor
parentapparmor: Fix warning about unused function apparmor_ipv6_postroute (diff)
downloadlinux-201218e4d3dfa1346e30997f48725acce3f26d01.tar.xz
linux-201218e4d3dfa1346e30997f48725acce3f26d01.zip
apparmor: delete the dentry in aafs_remove() to avoid a leak
Although the apparmorfs dentries are always dropped from the dentry cache when the usage count drops to zero, there is no guarantee that this will happen in aafs_remove(), as another thread might still be using it. In this scenario, this means that the dentry will temporarily continue to appear in the results of lookups, even after the call to aafs_remove(). In the case of removal of a profile - it also causes simple_rmdir() on the profile directory to fail, as the directory won't be empty until the usage counts of all child dentries have decreased to zero. This results in the dentry for the profile directory leaking and appearing empty in the file system tree forever. Signed-off-by: Chris Coulson <chris.coulson@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor')
-rw-r--r--security/apparmor/apparmorfs.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 8963203319ea..3b0d31fdf81b 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -356,6 +356,7 @@ static void aafs_remove(struct dentry *dentry)
simple_rmdir(dir, dentry);
else
simple_unlink(dir, dentry);
+ d_delete(dentry);
dput(dentry);
}
inode_unlock(dir);