Verification done on Eoan. The apparmor label refcnt inc/dec-rements properly on accept()/release(), no leaks.
$ lsb_release -cs eoan
$ uname -rv 5.3.0-63-generic #57-Ubuntu SMP Thu Jul 2 10:38:35 UTC 2020
$ apt-cache policy linux-image-$(uname -r) linux-image-5.3.0-63-generic: ... *** 5.3.0-63.57 500 500 http://archive.ubuntu.com/ubuntu eoan-proposed/main amd64 Packages ...
$ gcc -o aa-refcnt-af_alg aa-refcnt-af_alg.c $ ./aa-refcnt-af_alg &
$ make $ sudo insmod kmod.ko &
$ dmesg ... [ 254.940413] accept() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a4 [ 254.941665] release() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a5 [ 254.942932] accept() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a4 [ 254.944187] release() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a5 [ 254.945484] accept() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a4 [ 254.946741] release() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a5 [ 254.948023] accept() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a4 [ 254.949282] release() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a5 [ 254.950572] accept() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a4 [ 254.952526] release() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a5 ...
$ sudo rmmod kmod
Verification done on Eoan.
The apparmor label refcnt inc/dec-rements properly on accept()/release(), no leaks.
$ lsb_release -cs
eoan
$ uname -rv
5.3.0-63-generic #57-Ubuntu SMP Thu Jul 2 10:38:35 UTC 2020
$ apt-cache policy linux-image-$(uname -r) 5.3.0-63- generic: archive. ubuntu. com/ubuntu eoan-proposed/main amd64 Packages
linux-image-
...
*** 5.3.0-63.57 500
500 http://
...
$ gcc -o aa-refcnt-af_alg aa-refcnt-af_alg.c
$ ./aa-refcnt-af_alg &
$ make
$ sudo insmod kmod.ko &
$ dmesg security- >label- >count = 0x6a4 security- >label- >count = 0x6a5 security- >label- >count = 0x6a4 security- >label- >count = 0x6a5 security- >label- >count = 0x6a4 security- >label- >count = 0x6a5 security- >label- >count = 0x6a4 security- >label- >count = 0x6a5 security- >label- >count = 0x6a4 security- >label- >count = 0x6a5
...
[ 254.940413] accept() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_
[ 254.941665] release() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_
[ 254.942932] accept() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_
[ 254.944187] release() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_
[ 254.945484] accept() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_
[ 254.946741] release() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_
[ 254.948023] accept() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_
[ 254.949282] release() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_
[ 254.950572] accept() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_
[ 254.952526] release() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_
...
$ sudo rmmod kmod