Re: WARNING in apparmor_cred_free
From: James Morris <jmorris@namei.org>
Date: 2019-01-16 21:14:55
Also in:
lkml
On Fri, 11 Jan 2019, Casey Schaufler wrote:
quoted
From 47134986133c822e1d88860fa2b108f92c97a7ff Mon Sep 17 00:00:00 2001From: Casey Schaufler <casey@schaufler-ca.com> Date: Fri, 11 Jan 2019 17:31:50 -0800 Subject: [PATCH 1/2] LSM: Check for NULL cred-security on free Check that the cred security blob has been set before trying to clean it up. There is a case during credential initialization that could result in this. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
JJ: does this fix the problem?
quoted hunk ↗ jump to hunk
--- security/security.c | 7 +++++++ 1 file changed, 7 insertions(+)diff --git a/security/security.c b/security/security.c index a618e22df5c6..7bffc86d4e87 100644 --- a/security/security.c +++ b/security/security.c@@ -1477,6 +1477,13 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp) void security_cred_free(struct cred *cred) { + /* + * There is a failure case in prepare_creds() that + * may result in a call here with ->security being NULL. + */ + if (unlikely(cred->security == NULL)) + return; + call_void_hook(cred_free, cred); kfree(cred->security);
-- James Morris [off-list ref]