Skip to content

Commit

Permalink
apparmor: delete the dentry in aafs_remove() to avoid a leak
Browse files Browse the repository at this point in the history 
Although the apparmorfs dentries are always dropped from the dentry cache
when the usage count drops to zero, there is no guarantee that this will
happen in aafs_remove(), as another thread might still be using it. In
this scenario, this means that the dentry will temporarily continue to
appear in the results of lookups, even after the call to aafs_remove().

In the case of removal of a profile - it also causes simple_rmdir()
on the profile directory to fail, as the directory won't be empty until
the usage counts of all child dentries have decreased to zero. This
results in the dentry for the profile directory leaking and appearing
empty in the file system tree forever.

Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
  • Loading branch information
Chris Coulson authored and John Johansen committed Mar 12, 2019
1 parent 43aa09f commit 201218e
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions security/apparmor/apparmorfs.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -356,6 +356,7 @@ static void aafs_remove(struct dentry *dentry)
simple_rmdir(dir, dentry);
else
simple_unlink(dir, dentry);
d_delete(dentry);
dput(dentry);
}
inode_unlock(dir);
Expand Down

0 comments on commit 201218e

Please sign in to comment.