I am able to reproduce this issue on 5.15.0-52-generic. However, it seems to be hidden in 5.15.0-53-generic by this commit:
39cce16cfeed UBUNTU: SAUCE: LSM: Change Landlock from LSMBLOB_NEEDED to LSMBLOB_NOT_NEEDED
Applying this commit on its own on top of 5.15.0-52-generic stops the memory leak in the test case described by Matthew in #8. This is coincidental, since now with apparmor=0 no lsmblob slots are assigned. Thus as JianlinLv mentions in #12, lsm_multiple_contexts() will return false, and audit_log_lsm() will exit before any memory is allocated.
Before this commit, landlock was assigned 3 lsmblob slots that did not use the task_getsecid_obj hook (from dmesg with lsm.debug=1):
[ 0.155733] LSM: landlock assigned lsmblob slot 0
[ 0.155733] LSM: landlock assigned lsmblob slot 1
[ 0.155733] LSM: landlock assigned lsmblob slot 2
Thus, before 5.15.0-53, lsm_multiple_contexts() would return true and there would be no early exit before memory allocation. With apparmor disabled, the only LSM modules registered to use lsmblob slots would be ones that did not implement the task_getsecid_subj hook, so the localblob variable would not get set by anyone. Hence, there would be this other early exit (post-allocation) in audit_log_lsm()...
if (blob == NULL) { security_task_getsecid_subj(current, &localblob);
if (!lsmblob_is_set(&localblob))
return;
...
}
... which is one of the two locations addressed by the patch.
The above commit introduced in 5.15.0-53 does not fix the underlying problem, but the underlying problem is resolved by JianlinLv's patch. The patch has received its two ACKs on the SRU mailing list and is pending application.
I am able to reproduce this issue on 5.15.0-52-generic. However, it seems to be hidden in 5.15.0-53-generic by this commit:
39cce16cfeed UBUNTU: SAUCE: LSM: Change Landlock from LSMBLOB_NEEDED to LSMBLOB_NOT_NEEDED
Applying this commit on its own on top of 5.15.0-52-generic stops the memory leak in the test case described by Matthew in #8. This is coincidental, since now with apparmor=0 no lsmblob slots are assigned. Thus as JianlinLv mentions in #12, lsm_multiple_ contexts( ) will return false, and audit_log_lsm() will exit before any memory is allocated.
Before this commit, landlock was assigned 3 lsmblob slots that did not use the task_getsecid_obj hook (from dmesg with lsm.debug=1):
[ 0.155733] LSM: landlock assigned lsmblob slot 0
[ 0.155733] LSM: landlock assigned lsmblob slot 1
[ 0.155733] LSM: landlock assigned lsmblob slot 2
Thus, before 5.15.0-53, lsm_multiple_ contexts( ) would return true and there would be no early exit before memory allocation. With apparmor disabled, the only LSM modules registered to use lsmblob slots would be ones that did not implement the task_getsecid_subj hook, so the localblob variable would not get set by anyone. Hence, there would be this other early exit (post-allocation) in audit_log_lsm()...
if (blob == NULL) {
security_ task_getsecid_ subj(current, &localblob); is_set( &localblob) )
if (!lsmblob_
return;
...
}
... which is one of the two locations addressed by the patch.
The above commit introduced in 5.15.0-53 does not fix the underlying problem, but the underlying problem is resolved by JianlinLv's patch. The patch has received its two ACKs on the SRU mailing list and is pending application.