memory leaking when removing a profile
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
New
|
Undecided
|
Unassigned | ||
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Committed
|
Medium
|
Unassigned | ||
Bionic |
Fix Released
|
Medium
|
Unassigned | ||
Focal |
Fix Released
|
Medium
|
Unassigned |
Bug Description
There's a memory leak in the kernel when removing a profile.
A simple reproducible example:
root@ubuntu:~# echo "profile foo {}" > profile
root@ubuntu:~# apparmor_parser profile
root@ubuntu:~# apparmor_parser -R profile
root@ubuntu:~# echo scan > /sys/kernel/
root@ubuntu:~# cat /sys/kernel/
unreferenced object 0xffff99bcf5128bb0 (size 16):
comm "apparmor_parser", pid 1318, jiffies 4295139856 (age 33.196s)
hex dump (first 16 bytes):
01 00 00 00 00 00 00 00 98 1f 01 fd bc 99 ff ff ................
backtrace:
[<00000000b
[<000000008
[<000000000
[<00000000c
[<000000001
[<00000000a
[<000000001
[<000000009
[<00000000d
[<000000004
[<000000002
[<000000001
[<00000000e
[<000000009
This issue was already fixed upstream 3622ad25d4d6 v5.8-rc1~102^2
It still needs to be applied on xenial, bionic and focal.
This issue could lead to a OOM and eventually DoS. We could see this
issue happening during a test in which snaps were disconnected and
reconnected, causing the leak every time the profile was removed.
Since it is a refcount issue, there could be a lot of memory involved
because the whole profile would be leaked.
Note that only privileged users can remove a profile.
description: | updated |
Changed in linux (Ubuntu Xenial): | |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in linux (Ubuntu Bionic): | |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in linux (Ubuntu Focal): | |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in linux (Ubuntu): | |
status: | New → Fix Released |
Changed in linux (Ubuntu Bionic): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
description: | updated |
Changed in linux (Ubuntu Xenial): | |
status: | In Progress → Fix Committed |
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification- needed- focal' to 'verification- done-focal' . If the problem still exists, change the tag 'verification- needed- focal' to 'verification- failed- focal'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Thank you!