Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp747451ybl; Wed, 4 Dec 2019 10:11:30 -0800 (PST) X-Google-Smtp-Source: APXvYqyoI4obwl697vD51PlkoV0h7TtNYQ+u/KsDqXuf50hIF5j3tMFHgKAHa6qNAwgdBcwybCM8 X-Received: by 2002:aca:6144:: with SMTP id v65mr3579484oib.150.1575483090849; Wed, 04 Dec 2019 10:11:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1575483090; cv=none; d=google.com; s=arc-20160816; b=orPGGfcPpbA7QLHz/T9/L/d9ivmf0RvSBg8soCilDkhbdUKqCFnLoHCUucKZpuuAoh 0iiGf4UmZJehnmHx7UOU9moyUSY0//XBvNt6V7kEcyaMqRL/0okov5Yo6D1ggDGzfG/u RS++b39O7QhHyZkL66I3LMmRiZ0h+qjAWdm4HgvsXH0RMmetX8Hx6GEu7/GJ7b9hEqyk Z+9DZ9SracUOyD9wNsmkuTv9dE1f38nve1t3mbbpd24qsbqP+6NQedwbHXbqFQ6yyUjb M3U6tmvRtV3hhwP8gXTSMc4eWajwn0FKqoliOULxKTOETp6YLmUSdKhQHye6q29NTCVX 9NoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=+2mvpi3cVDsTcP32b0SVdradnoBNDzEUDASw9kov1TY=; b=0LphPLR+mLWaab3xyrXWLDVVmSfIn65Xv/0bBNdxY/kttkH4YbFTEN7JEDf/TRFSJH KmVWWpj0Zc3Uq469zI7h99f8xaZ5WS+1Z4Nw8k9KtYSNrtBzDOuLj+seLRJA6RCjpFJf I0QDYck6xNBfGRHkQCQv+lkxxAgQ/hidzU9LgNDUa2xJHkfSO7SYqY3yXPx5lqqsCsVF GhrqSaw0/lyc9eyDKL1mgRizwJtR+JLKB8PeXx69769SE9Di5EbbHe+Rp3yv0SW9t50p HgTf+8VDGcE8VsK323UwrmReALZGeog9NjRKSLdJqSfRoa4VLXhrnbPXj0gB4API6UD6 fxqg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="C/791GsZ"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n5si3292265otr.35.2019.12.04.10.11.17; Wed, 04 Dec 2019 10:11:30 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="C/791GsZ"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730995AbfLDSI7 (ORCPT + 99 others); Wed, 4 Dec 2019 13:08:59 -0500 Received: from mail.kernel.org ([198.145.29.99]:33470 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730966AbfLDSIv (ORCPT ); Wed, 4 Dec 2019 13:08:51 -0500 Received: from localhost (unknown [217.68.49.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 0989620674; Wed, 4 Dec 2019 18:08:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1575482930; bh=Bem4WhKsnLL+Ib474HsvJfup41+lAtVmwSQHdCk7+NM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=C/791GsZ5k/T3+/fMliJsn0PT0rYlZPvR1J+s+ZHi41X61OmQoB+LRxWeQGDaFknB 641AVV96jc70W5vCQVQWZ+0GSw5hW8DjzVNYcRQEmmcCRyDIINJeOhFb+kj5/5TSsN iZocjRIhsf+fJJH1w+ZmYvGeCPF3jZ6uXJ/tXTEo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Chris Coulson , John Johansen , Sasha Levin Subject: [PATCH 4.14 148/209] apparmor: delete the dentry in aafs_remove() to avoid a leak Date: Wed, 4 Dec 2019 18:56:00 +0100 Message-Id: <20191204175333.701301646@linuxfoundation.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191204175321.609072813@linuxfoundation.org> References: <20191204175321.609072813@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Chris Coulson [ Upstream commit 201218e4d3dfa1346e30997f48725acce3f26d01 ] Although the apparmorfs dentries are always dropped from the dentry cache when the usage count drops to zero, there is no guarantee that this will happen in aafs_remove(), as another thread might still be using it. In this scenario, this means that the dentry will temporarily continue to appear in the results of lookups, even after the call to aafs_remove(). In the case of removal of a profile - it also causes simple_rmdir() on the profile directory to fail, as the directory won't be empty until the usage counts of all child dentries have decreased to zero. This results in the dentry for the profile directory leaking and appearing empty in the file system tree forever. Signed-off-by: Chris Coulson Signed-off-by: John Johansen Signed-off-by: Sasha Levin --- security/apparmor/apparmorfs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index dd746bd69a9b2..c106988c1b254 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -363,6 +363,7 @@ static void aafs_remove(struct dentry *dentry) simple_rmdir(dir, dentry); else simple_unlink(dir, dentry); + d_delete(dentry); dput(dentry); } inode_unlock(dir); -- 2.20.1