1
linux/security/apparmor
John Johansen 2e680dd61e apparmor: fix IRQ stack overflow during free_profile
BugLink: http://bugs.launchpad.net/bugs/1056078

Profile replacement can cause long chains of profiles to build up when
the profile being replaced is pinned. When the pinned profile is finally
freed, it puts the reference to its replacement, which may in turn nest
another call to free_profile on the stack. Because this may happen for
each profile in the replacedby chain this can result in a recusion that
causes the stack to overflow.

Break this nesting by directly walking the chain of replacedby profiles
(ie. use iteration instead of recursion to free the list). This results
in at most 2 levels of free_profile being called, while freeing a
replacedby chain.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2012-10-25 02:12:50 +11:00
..
include userns: Convert apparmor to use kuid and kgid where appropriate 2012-09-21 03:13:21 -07:00
.gitignore AppArmor: remove af_names.h from .gitignore 2012-09-01 08:35:34 -07:00
apparmorfs.c AppArmor: export known rlimit names/value mappings in securityfs 2012-02-27 11:38:19 -08:00
audit.c apparmor: move task from common_audit_data to apparmor_audit_data 2012-04-09 12:23:02 -04:00
capability.c LSM: do not initialize common_audit_data to 0 2012-04-09 12:23:04 -04:00
context.c AppArmor: contexts used in attaching policy to system objects 2010-08-02 15:35:12 +10:00
domain.c userns: Convert apparmor to use kuid and kgid where appropriate 2012-09-21 03:13:21 -07:00
file.c userns: Convert apparmor to use kuid and kgid where appropriate 2012-09-21 03:13:21 -07:00
ipc.c LSM: do not initialize common_audit_data to 0 2012-04-09 12:23:04 -04:00
Kconfig apparmor: depends on NET 2010-08-05 07:36:51 -04:00
lib.c LSM: do not initialize common_audit_data to 0 2012-04-09 12:23:04 -04:00
lsm.c userns: Teach security_path_chown to take kuids and kgids 2012-09-21 03:13:25 -07:00
Makefile apparmor: fix apparmor OOPS in audit_log_untrustedstring+0x1c/0x40 2012-10-17 16:29:46 -07:00
match.c AppArmor: Update dfa matching routines. 2012-03-14 06:15:24 -07:00
path.c apparmor: fix long path failure due to disconnected path 2012-05-18 11:09:52 -07:00
policy_unpack.c LSM: do not initialize common_audit_data to 0 2012-04-09 12:23:04 -04:00
policy.c apparmor: fix IRQ stack overflow during free_profile 2012-10-25 02:12:50 +11:00
procattr.c apparmor: sparse fix: include procattr.h in procattr.c 2011-09-09 16:56:29 -07:00
resource.c LSM: do not initialize common_audit_data to 0 2012-04-09 12:23:04 -04:00
sid.c AppArmor: core policy routines 2010-08-02 15:38:37 +10:00