Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp742941ybz; Wed, 15 Apr 2020 18:00:17 -0700 (PDT) X-Google-Smtp-Source: APiQypJgnIM4yCy4gEUdxOeDiPmcy1E8rS7VQZ4I/9EUI+06YKZfFEUuShSjN+CRtHUqWSdpJIa1 X-Received: by 2002:a17:906:560b:: with SMTP id f11mr7032861ejq.264.1586998817108; Wed, 15 Apr 2020 18:00:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586998817; cv=none; d=google.com; s=arc-20160816; b=Pa8zOtbm2Wn94JFWK03DDHeaXa8h7AzAbGpRRp9zsd9GjpPzh2W5S3FPdDJoCsWAPQ /P3dnWqc+7SiCsp6U4LGcLqXsZhSxgiaCvELrJTrJM674CKnRBIUIKb/qnW2S0kyzXUv JUznpQVYIdz0thCNxRWH6hqy9MVQC69LHwDb8DllxxdoS2jr4Nl+ZPcqopeHl4yU2fzr ULmueDbx2mdOu2cq/n3pEAhbjY+tZdQ/AJb/YXwcQSQ2WNnvQFzg5OOD7KXpzLAg70U8 5f0GdsQQuZv+PGQ1XhGMgjtIBt3gLiJyLh49TCKWG6jt3GriDd/7tYIx98L5hTCUJpKP CAjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:organization:autocrypt:from:references:cc:to:subject; bh=6hJCaDY6F8q/1jt9ckNeKYpvoAHyL3pQeJbqGKNd1+Q=; b=E0ub/XpAqNS4TcEUn1MO66xu+gzBbnNqrGoUt/lfKsv18DiLZA72t/jEZhsoTZK/c1 9RK0iVxCPQInzzdnKgfxnK5tjaKjjCqQwttIDJwvk02HaGerCHV7xXnkDN8FmdsVtov/ 4z8anaGPkt+kb4BWNb17+ErS91RVTWDzPlKSDA6ZbJ10dD2XZch83flSvM94AsT60Sda S4G28epZvkz63ilbiKfaL/TxEJXqK3TivDk1odSQaP0bJg+2DqBTZJSWLX1BLej/iFk2 TTSqKtXjNaoE2fkTALH4YAmeW+GmbrVtTqWQfzqhhf5P6QPxOUC+Dr1azWahgQkQ0mFk oV0w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x17si10971296edi.378.2020.04.15.17.59.54; Wed, 15 Apr 2020 18:00:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2411847AbgDOTLR (ORCPT + 99 others); Wed, 15 Apr 2020 15:11:17 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:46959 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1416844AbgDOSlm (ORCPT ); Wed, 15 Apr 2020 14:41:42 -0400 Received: from static-50-53-47-111.bvtn.or.frontiernet.net ([50.53.47.111] helo=[192.168.192.153]) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jOmyY-0001iJ-0w; Wed, 15 Apr 2020 18:41:30 +0000 Subject: Re: [PATCH v2] apparmor: fix potential label refcnt leak in aa_change_profile To: Markus Elfring , Xiyu Yang , Xin Tan , linux-security-module@vger.kernel.org Cc: linux-kernel@vger.kernel.org, James Morris , Kangjie Lu , "Serge E. Hallyn" , Yuan Zhang References: From: John Johansen Autocrypt: addr=john.johansen@canonical.com; prefer-encrypt=mutual; keydata= xsFNBE5mrPoBEADAk19PsgVgBKkImmR2isPQ6o7KJhTTKjJdwVbkWSnNn+o6Up5knKP1f49E BQlceWg1yp/NwbR8ad+eSEO/uma/K+PqWvBptKC9SWD97FG4uB4/caomLEU97sLQMtnvGWdx rxVRGM4anzWYMgzz5TZmIiVTZ43Ou5VpaS1Vz1ZSxP3h/xKNZr/TcW5WQai8u3PWVnbkjhSZ PHv1BghN69qxEPomrJBm1gmtx3ZiVmFXluwTmTgJOkpFol7nbJ0ilnYHrA7SX3CtR1upeUpM a/WIanVO96WdTjHHIa43fbhmQube4txS3FcQLOJVqQsx6lE9B7qAppm9hQ10qPWwdfPy/+0W 6AWtNu5ASiGVCInWzl2HBqYd/Zll93zUq+NIoCn8sDAM9iH+wtaGDcJywIGIn+edKNtK72AM gChTg/j1ZoWH6ZeWPjuUfubVzZto1FMoGJ/SF4MmdQG1iQNtf4sFZbEgXuy9cGi2bomF0zvy BJSANpxlKNBDYKzN6Kz09HUAkjlFMNgomL/cjqgABtAx59L+dVIZfaF281pIcUZzwvh5+JoG eOW5uBSMbE7L38nszooykIJ5XrAchkJxNfz7k+FnQeKEkNzEd2LWc3QF4BQZYRT6PHHga3Rg ykW5+1wTMqJILdmtaPbXrF3FvnV0LRPcv4xKx7B3fGm7ygdoowARAQABzR1Kb2huIEpvaGFu c2VuIDxqb2huQGpqbXgubmV0PsLBegQTAQoAJAIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIX gAUCTo0YVwIZAQAKCRAFLzZwGNXD2LxJD/9TJZCpwlncTgYeraEMeDfkWv8c1IsM1j0AmE4V tL+fE780ZVP9gkjgkdYSxt7ecETPTKMaZSisrl1RwqU0oogXdXQSpxrGH01icu/2n0jcYSqY KggPxy78BGs2LZq4XPfJTZmHZGnXGq/eDr/mSnj0aavBJmMZ6jbiPz6yHtBYPZ9fdo8btczw P41YeWoIu26/8II6f0Xm3VC5oAa8v7Rd+RWZa8TMwlhzHExxel3jtI7IzzOsnmE9/8Dm0ARD 5iTLCXwR1cwI/J9BF/S1Xv8PN1huT3ItCNdatgp8zqoJkgPVjmvyL64Q3fEkYbfHOWsaba9/ kAVtBNz9RTFh7IHDfECVaToujBd7BtPqr+qIjWFadJD3I5eLCVJvVrrolrCATlFtN3YkQs6J n1AiIVIU3bHR8Gjevgz5Ll6SCGHgRrkyRpnSYaU/uLgn37N6AYxi/QAL+by3CyEFLjzWAEvy Q8bq3Iucn7JEbhS/J//dUqLoeUf8tsGi00zmrITZYeFYARhQMtsfizIrVDtz1iPf/ZMp5gRB niyjpXn131cm3M3gv6HrQsAGnn8AJru8GDi5XJYIco/1+x/qEiN2nClaAOpbhzN2eUvPDY5W 0q3bA/Zp2mfG52vbRI+tQ0Br1Hd/vsntUHO903mMZep2NzN3BZ5qEvPvG4rW5Zq2DpybWc7B TQROZqz6ARAAoqw6kkBhWyM1fvgamAVjeZ6nKEfnRWbkC94L1EsJLup3Wb2X0ABNOHSkbSD4 pAuC2tKF/EGBt5CP7QdVKRGcQzAd6b2c1Idy9RLw6w4gi+nn/d1Pm1kkYhkSi5zWaIg0m5RQ Uk+El8zkf5tcE/1N0Z5OK2JhjwFu5bX0a0l4cFGWVQEciVMDKRtxMjEtk3SxFalm6ZdQ2pp2 822clnq4zZ9mWu1d2waxiz+b5Ia4weDYa7n41URcBEUbJAgnicJkJtCTwyIxIW2KnVyOrjvk QzIBvaP0FdP2vvZoPMdlCIzOlIkPLgxE0IWueTXeBJhNs01pb8bLqmTIMlu4LvBELA/veiaj j5s8y542H/aHsfBf4MQUhHxO/BZV7h06KSUfIaY7OgAgKuGNB3UiaIUS5+a9gnEOQLDxKRy/ a7Q1v9S+Nvx+7j8iH3jkQJhxT6ZBhZGRx0gkH3T+F0nNDm5NaJUsaswgJrqFZkUGd2Mrm1qn KwXiAt8SIcENdq33R0KKKRC80Xgwj8Jn30vXLSG+NO1GH0UMcAxMwy/pvk6LU5JGjZR73J5U LVhH4MLbDggD3mPaiG8+fotTrJUPqqhg9hyUEPpYG7sqt74Xn79+CEZcjLHzyl6vAFE2W0kx lLtQtUZUHO36afFv8qGpO3ZqPvjBUuatXF6tvUQCwf3H6XMAEQEAAcLBXwQYAQoACQUCTmas +gIbDAAKCRAFLzZwGNXD2D/XD/0ddM/4ai1b+Tl1jznKajX3kG+MeEYeI4f40vco3rOLrnRG FOcbyyfVF69MKepie4OwoI1jcTU0ADecnbWnDNHpr0SczxBMro3bnrLhsmvjunTYIvssBZtB 4aVJjuLILPUlnhFqa7fbVq0ZQjbiV/rt2jBENdm9pbJZ6GjnpYIcAbPCCa/ffL4/SQRSYHXo hGiiS4y5jBTmK5ltfewLOw02fkexH+IJFrrGBXDSg6n2Sgxnn++NF34fXcm9piaw3mKsICm+ 0hdNh4afGZ6IWV8PG2teooVDp4dYih++xX/XS8zBCc1O9w4nzlP2gKzlqSWbhiWpifRJBFa4 WtAeJTdXYd37j/BI4RWWhnyw7aAPNGj33ytGHNUf6Ro2/jtj4tF1y/QFXqjJG/wGjpdtRfbt UjqLHIsvfPNNJq/958p74ndACidlWSHzj+Op26KpbFnmwNO0psiUsnhvHFwPO/vAbl3RsR5+ 0Ro+hvs2cEmQuv9r/bDlCfpzp2t3cK+rhxUqisOx8DZfz1BnkaoCRFbvvvk+7L/fomPntGPk qJciYE8TGHkZw1hOku+4OoM2GB5nEDlj+2TF/jLQ+EipX9PkPJYvxfRlC6dK8PKKfX9KdfmA IcgHfnV1jSn+8yH2djBPtKiqW0J69aIsyx7iV/03paPCjJh7Xq9vAzydN5U/UA== Organization: Canonical Message-ID: Date: Wed, 15 Apr 2020 11:41:27 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 4/15/20 4:27 AM, Markus Elfring wrote: >> According to the comment of aa_get_current_label(), … > > I suggest to make this wording clearer. > Would you like to refer to any software documentation here? > > >> However, when the original object pointed by "label" becomes >> unreachable because aa_change_profile() returns or a new object >> is assigned to "label", reference count increased by >> aa_get_current_label() is not decreased, causing a refcnt leak. > > How do you think about to reduce abbreviations in the commit message? > > Would you like to add the tag “Fixes” to the change description? > Fixes tags are always nice to have filled out, but some times its hard to determine or the patch submitter doesn't know how or ... If the fixes tags aren't there I will add them before I push them up. In this case its Fixes: 9fcf78cca198 ("apparmor: update domain transitions that are subsets of confinement at nnp") > Regards, > Markus >