| From 04fdc099f9c80c7775dbac388fc97e156d4d47e7 Mon Sep 17 00:00:00 2001 |
| From: John Johansen <john.johansen@canonical.com> |
| Date: Tue, 28 Jun 2011 15:06:38 +0100 |
| Subject: AppArmor: Fix reference to rcu protected pointer outside of |
| rcu_read_lock |
| |
| From: John Johansen <john.johansen@canonical.com> |
| |
| commit 04fdc099f9c80c7775dbac388fc97e156d4d47e7 upstream. |
| |
| The pointer returned from tracehook_tracer_task() is only valid inside |
| the rcu_read_lock. However the tracer pointer obtained is being passed |
| to aa_may_ptrace outside of the rcu_read_lock critical section. |
| |
| Mover the aa_may_ptrace test into the rcu_read_lock critical section, to |
| fix this. |
| |
| Kernels affected: 2.6.36 - 3.0 |
| |
| Reported-by: Oleg Nesterov <oleg@redhat.com> |
| Signed-off-by: John Johansen <john.johansen@canonical.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| security/apparmor/domain.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- a/security/apparmor/domain.c |
| +++ b/security/apparmor/domain.c |
| @@ -73,7 +73,6 @@ static int may_change_ptraced_domain(str |
| cred = get_task_cred(tracer); |
| tracerp = aa_cred_profile(cred); |
| } |
| - rcu_read_unlock(); |
| |
| /* not ptraced */ |
| if (!tracer || unconfined(tracerp)) |
| @@ -82,6 +81,7 @@ static int may_change_ptraced_domain(str |
| error = aa_may_ptrace(tracer, tracerp, to_profile, PTRACE_MODE_ATTACH); |
| |
| out: |
| + rcu_read_unlock(); |
| if (cred) |
| put_cred(cred); |
| |
