Ubuntu
linux package

AppArmor leaks kernel memory during profile reloads

Bug #1375416 reported by Jamie Strandboge
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Confirmed
Medium
Tyler Hicks

Bug Description

The kmemleak kernel debugging system indicates that AppArmor leaks kernel memory during profile reloads.

I've attached a script (test.sh) that I can consistently reproduce the kmemleak report with.

I've also attached the output of the script, which includes the kmemleak report.

These leaks can be reproduced with debug kernel builds of Ubuntu-3.16.0-16.22 and Ubuntu-3.16.0-19.26, meaning that it is present before and after the apparmor 3 RC 1 sync.

See original description
Tags: apparmor
Jamie Strandboge (jdstrand)
tags: added: apparmor
Jamie Strandboge (jdstrand)
tags: added: ota-2
Revision history for this message
Tyler Hicks (tyhicks) wrote :

I've looked into this more and have determined that it is an old bug and was not introduced by apparmor 3 RC1. There may be new leaks in apparmor 3 RC1 but there is a basic, fundamental leak on profile reloading present in the kernel released just before apparmor 3 RC1 landed.

I'll adjust the title and description to include the details.

Revision history for this message
Tyler Hicks (tyhicks) wrote :

Test script to be used for reproducing. (I'm not sure why I have to kick off the kmemleak scan twice)

description: updated
Revision history for this message
Tyler Hicks (tyhicks) wrote :

Output of test.sh script, which includes the kmemleak report.

summary: - fix some small kmemleaks in apparmor 3 RC1
+ AppArmor leaks kernel memory during profile reloads
Tyler Hicks (tyhicks)
description: updated
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I'm curious how far back this goes. Does it exist in trusty? precise? lucid?

Revision history for this message
John Johansen (jjohansen) wrote :

possibly trusty, though I did do a kmemleak check at the time and didn't notice anything. There where leaks during its dev cycle but I got at least most of them.

Lucid and precise are very different in their code base, and while I won't claim there aren't leaks, they are much less likely. The list management and reference counting are simpler, nor do they have the rcu changes etc.

Revision history for this message
Tyler Hicks (tyhicks) wrote :

The reproducer triggers the leak on Trusty (Ubuntu-3.13.0-37.64) but not Precise (Ubuntu-3.2.0-70.105). I didn't test Lucid.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I'm going to reduce the priority of this to Medium since it exists on trusty and noone has reported it yet. We still need to fix it, but there are likely others things we want to get to first.

Changed in linux (Ubuntu):
importance: High → Medium
milestone: ubuntu-14.10 → none
tags: removed: ota-2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.