| 2021-08-13 18:11:53 |
Georgia Garcia |
bug |
|
|
added bug |
| 2021-08-18 13:29:23 |
Georgia Garcia |
description |
There's a memory leak in the kernel when removing a profile.
A simple reproducible example:
root@ubuntu:~# echo "profile foo {}" > profile
root@ubuntu:~# apparmor_parser profile
root@ubuntu:~# echo scan > /sys/kernel/debug/kmemleak
root@ubuntu:~# cat /sys/kernel/debug/kmemleak
unreferenced object 0xffff99bcf5128bb0 (size 16):
comm "apparmor_parser", pid 1318, jiffies 4295139856 (age 33.196s)
hex dump (first 16 bytes):
01 00 00 00 00 00 00 00 98 1f 01 fd bc 99 ff ff ................
backtrace:
[<00000000b1f68969>] kmem_cache_alloc_trace+0xd8/0x1e0
[<0000000086ca7bd9>] aa_alloc_proxy+0x30/0x60
[<000000000e34f34c>] aa_alloc_profile+0xd4/0x100
[<00000000c2e34769>] unpack_profile+0x16f/0xe10
[<0000000019033e2b>] aa_unpack+0x119/0x500
[<00000000a97520b2>] aa_replace_profiles+0x94/0xca0
[<000000001833f520>] policy_update+0x124/0x1e0
[<00000000992f950e>] profile_load+0x7d/0xa0
[<00000000db7852ce>] __vfs_write+0x1b/0x40
[<000000004e709f5d>] vfs_write+0xb9/0x1a0
[<00000000280db840>] SyS_write+0x5e/0xe0
[<0000000014c5ab5d>] do_syscall_64+0x79/0x130
[<00000000e962a389>] entry_SYSCALL_64_after_hwframe+0x41/0xa6
[<000000009d368497>] 0xffffffffffffffff
This issue was already fixed upstream 3622ad25d4d6 v5.8-rc1~102^2
It still needs to be applied on xenial, bionic and focal. |
There's a memory leak in the kernel when removing a profile.
A simple reproducible example:
root@ubuntu:~# echo "profile foo {}" > profile
root@ubuntu:~# apparmor_parser profile
root@ubuntu:~# apparmor_parser -R profile
root@ubuntu:~# echo scan > /sys/kernel/debug/kmemleak
root@ubuntu:~# cat /sys/kernel/debug/kmemleak
unreferenced object 0xffff99bcf5128bb0 (size 16):
comm "apparmor_parser", pid 1318, jiffies 4295139856 (age 33.196s)
hex dump (first 16 bytes):
01 00 00 00 00 00 00 00 98 1f 01 fd bc 99 ff ff ................
backtrace:
[<00000000b1f68969>] kmem_cache_alloc_trace+0xd8/0x1e0
[<0000000086ca7bd9>] aa_alloc_proxy+0x30/0x60
[<000000000e34f34c>] aa_alloc_profile+0xd4/0x100
[<00000000c2e34769>] unpack_profile+0x16f/0xe10
[<0000000019033e2b>] aa_unpack+0x119/0x500
[<00000000a97520b2>] aa_replace_profiles+0x94/0xca0
[<000000001833f520>] policy_update+0x124/0x1e0
[<00000000992f950e>] profile_load+0x7d/0xa0
[<00000000db7852ce>] __vfs_write+0x1b/0x40
[<000000004e709f5d>] vfs_write+0xb9/0x1a0
[<00000000280db840>] SyS_write+0x5e/0xe0
[<0000000014c5ab5d>] do_syscall_64+0x79/0x130
[<00000000e962a389>] entry_SYSCALL_64_after_hwframe+0x41/0xa6
[<000000009d368497>] 0xffffffffffffffff
This issue was already fixed upstream 3622ad25d4d6 v5.8-rc1~102^2
It still needs to be applied on xenial, bionic and focal. |
|
| 2021-08-19 07:25:59 |
Stefan Bader |
bug task added |
|
linux (Ubuntu) |
|
| 2021-08-19 07:26:24 |
Stefan Bader |
nominated for series |
|
Ubuntu Focal |
|
| 2021-08-19 07:26:24 |
Stefan Bader |
bug task added |
|
linux (Ubuntu Focal) |
|
| 2021-08-19 07:26:24 |
Stefan Bader |
nominated for series |
|
Ubuntu Bionic |
|
| 2021-08-19 07:26:24 |
Stefan Bader |
bug task added |
|
linux (Ubuntu Bionic) |
|
| 2021-08-19 07:26:24 |
Stefan Bader |
nominated for series |
|
Ubuntu Xenial |
|
| 2021-08-19 07:26:24 |
Stefan Bader |
bug task added |
|
linux (Ubuntu Xenial) |
|
| 2021-08-19 07:26:48 |
Stefan Bader |
linux (Ubuntu Xenial): importance |
Undecided |
Medium |
|
| 2021-08-19 07:26:48 |
Stefan Bader |
linux (Ubuntu Xenial): status |
New |
In Progress |
|
| 2021-08-19 07:27:00 |
Stefan Bader |
linux (Ubuntu Bionic): importance |
Undecided |
Medium |
|
| 2021-08-19 07:27:00 |
Stefan Bader |
linux (Ubuntu Bionic): status |
New |
In Progress |
|
| 2021-08-19 07:27:14 |
Stefan Bader |
linux (Ubuntu Focal): importance |
Undecided |
Medium |
|
| 2021-08-19 07:27:14 |
Stefan Bader |
linux (Ubuntu Focal): status |
New |
In Progress |
|
| 2021-08-19 07:27:35 |
Stefan Bader |
linux (Ubuntu): status |
New |
Fix Released |
|
| 2021-09-01 08:45:39 |
Kleber Sacilotto de Souza |
linux (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
| 2021-09-01 08:45:43 |
Kleber Sacilotto de Souza |
linux (Ubuntu Focal): status |
In Progress |
Fix Committed |
|
| 2021-09-02 15:36:16 |
Georgia Garcia |
description |
There's a memory leak in the kernel when removing a profile.
A simple reproducible example:
root@ubuntu:~# echo "profile foo {}" > profile
root@ubuntu:~# apparmor_parser profile
root@ubuntu:~# apparmor_parser -R profile
root@ubuntu:~# echo scan > /sys/kernel/debug/kmemleak
root@ubuntu:~# cat /sys/kernel/debug/kmemleak
unreferenced object 0xffff99bcf5128bb0 (size 16):
comm "apparmor_parser", pid 1318, jiffies 4295139856 (age 33.196s)
hex dump (first 16 bytes):
01 00 00 00 00 00 00 00 98 1f 01 fd bc 99 ff ff ................
backtrace:
[<00000000b1f68969>] kmem_cache_alloc_trace+0xd8/0x1e0
[<0000000086ca7bd9>] aa_alloc_proxy+0x30/0x60
[<000000000e34f34c>] aa_alloc_profile+0xd4/0x100
[<00000000c2e34769>] unpack_profile+0x16f/0xe10
[<0000000019033e2b>] aa_unpack+0x119/0x500
[<00000000a97520b2>] aa_replace_profiles+0x94/0xca0
[<000000001833f520>] policy_update+0x124/0x1e0
[<00000000992f950e>] profile_load+0x7d/0xa0
[<00000000db7852ce>] __vfs_write+0x1b/0x40
[<000000004e709f5d>] vfs_write+0xb9/0x1a0
[<00000000280db840>] SyS_write+0x5e/0xe0
[<0000000014c5ab5d>] do_syscall_64+0x79/0x130
[<00000000e962a389>] entry_SYSCALL_64_after_hwframe+0x41/0xa6
[<000000009d368497>] 0xffffffffffffffff
This issue was already fixed upstream 3622ad25d4d6 v5.8-rc1~102^2
It still needs to be applied on xenial, bionic and focal. |
There's a memory leak in the kernel when removing a profile.
A simple reproducible example:
root@ubuntu:~# echo "profile foo {}" > profile
root@ubuntu:~# apparmor_parser profile
root@ubuntu:~# apparmor_parser -R profile
root@ubuntu:~# echo scan > /sys/kernel/debug/kmemleak
root@ubuntu:~# cat /sys/kernel/debug/kmemleak
unreferenced object 0xffff99bcf5128bb0 (size 16):
comm "apparmor_parser", pid 1318, jiffies 4295139856 (age 33.196s)
hex dump (first 16 bytes):
01 00 00 00 00 00 00 00 98 1f 01 fd bc 99 ff ff ................
backtrace:
[<00000000b1f68969>] kmem_cache_alloc_trace+0xd8/0x1e0
[<0000000086ca7bd9>] aa_alloc_proxy+0x30/0x60
[<000000000e34f34c>] aa_alloc_profile+0xd4/0x100
[<00000000c2e34769>] unpack_profile+0x16f/0xe10
[<0000000019033e2b>] aa_unpack+0x119/0x500
[<00000000a97520b2>] aa_replace_profiles+0x94/0xca0
[<000000001833f520>] policy_update+0x124/0x1e0
[<00000000992f950e>] profile_load+0x7d/0xa0
[<00000000db7852ce>] __vfs_write+0x1b/0x40
[<000000004e709f5d>] vfs_write+0xb9/0x1a0
[<00000000280db840>] SyS_write+0x5e/0xe0
[<0000000014c5ab5d>] do_syscall_64+0x79/0x130
[<00000000e962a389>] entry_SYSCALL_64_after_hwframe+0x41/0xa6
[<000000009d368497>] 0xffffffffffffffff
This issue was already fixed upstream 3622ad25d4d6 v5.8-rc1~102^2
It still needs to be applied on xenial, bionic and focal.
This issue could lead to a OOM and eventually DoS. We could see this
issue happening during a test in which snaps were disconnected and
reconnected, causing the leak every time the profile was removed.
Since it is a refcount issue, there could be a lot of memory involved
because the whole profile would be leaked.
Note that only privileged users can remove a profile. |
|
| 2021-09-07 09:28:56 |
Kleber Sacilotto de Souza |
linux (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
| 2021-09-07 17:01:33 |
Ubuntu Kernel Bot |
tags |
|
verification-needed-focal |
|
| 2021-09-07 21:57:26 |
Ubuntu Kernel Bot |
tags |
verification-needed-focal |
verification-needed-bionic verification-needed-focal |
|
| 2021-09-09 13:26:08 |
Georgia Garcia |
tags |
verification-needed-bionic verification-needed-focal |
verification-done-bionic verification-done-focal |
|
| 2021-09-27 10:20:54 |
Launchpad Janitor |
linux (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
| 2021-09-28 15:16:53 |
Launchpad Janitor |
linux (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
