John Johansen 8e135b8aee apparmor: fix race between freeing data and fs accessing it ... AppArmor was putting the reference to i_private data on its end after removing the original entry from the file system. However the inode can aand does live beyond that point and it is possible that some of the fs call back functions will be invoked after the reference has been put, which results in a race between freeing the data and accessing it through the fs. While the rawdata/loaddata is the most likely candidate to fail the race, as it has the fewest references. If properly crafted it might be possible to trigger a race for the other types stored in i_private. Fix this by moving the put of i_private referenced data to the correct place which is during inode eviction. Fixes: c961ee5f21 ("apparmor: convert from securityfs to apparmorfs for policy ns files") Reported-by: Qualys Security Advisory <qsa@qualys.com> Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Reviewed-by: Maxime Bélair <maxime.belair@canonical.com> Reviewed-by: Cengiz Can <cengiz.can@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>		2026-03-09 16:05:44 -07:00
..
include	apparmor: fix race between freeing data and fs accessing it	2026-03-09 16:05:44 -07:00
.gitignore	.gitignore: add SPDX License Identifier	2020-03-25 11:50:48 +01:00
.kunitconfig	apparmor: add .kunitconfig	2026-02-01 12:01:19 -08:00
Kconfig	Revert "apparmor: use SHA-256 library API instead of crypto_shash API"	2025-07-15 22:39:22 -07:00
Makefile	apparmor: make all generated string array headers const char *const	2025-05-25 20:15:01 -07:00
af_unix.c	apparmor: split xxx_in_ns into its two separate semantic use cases	2026-01-29 01:27:55 -08:00
apparmorfs.c	apparmor: fix race between freeing data and fs accessing it	2026-03-09 16:05:44 -07:00
audit.c	treewide: Replace kmalloc with kmalloc_obj for non-scalar types	2026-02-21 01:02:28 -08:00
capability.c	apparmor: transition from a list of rules to a vector of rules	2025-07-20 02:31:06 -07:00
crypto.c	apparmor: move initcalls to the LSM framework	2025-10-22 19:24:27 -04:00
domain.c	apparmor: split xxx_in_ns into its two separate semantic use cases	2026-01-29 01:27:55 -08:00
file.c	apparmor: fix fast path cache check for unix sockets	2026-01-29 01:27:54 -08:00
ipc.c	apparmor: transition from a list of rules to a vector of rules	2025-07-20 02:31:06 -07:00
label.c	apparmor: fix race between freeing data and fs accessing it	2026-03-09 16:05:44 -07:00
lib.c	treewide: Replace kmalloc with kmalloc_obj for non-scalar types	2026-02-21 01:02:28 -08:00
lsm.c	Convert 'alloc_obj' family to use the new default GFP_KERNEL argument	2026-02-21 17:09:51 -08:00
match.c	apparmor: fix differential encoding verification	2026-03-09 16:05:43 -07:00
mount.c	apparmor: transition from a list of rules to a vector of rules	2025-07-20 02:31:06 -07:00
net.c	apparmor: fix NULL sock in aa_sock_file_perm	2026-01-22 04:51:55 -08:00
nulldfa.in	apparmor: cleanup add proper line wrapping to nulldfa.in	2018-02-09 11:30:01 -08:00
path.c	apparmor: Replace deprecated strcpy in d_namespace_path	2026-01-18 06:53:18 -08:00
policy.c	apparmor: fix race on rawdata dereference	2026-03-09 16:05:44 -07:00
policy_compat.c	Convert 'alloc_obj' family to use the new default GFP_KERNEL argument	2026-02-21 17:09:51 -08:00
policy_ns.c	apparmor: fix: limit the number of levels of policy namespaces	2026-03-09 16:05:43 -07:00
policy_unpack.c	apparmor: fix race between freeing data and fs accessing it	2026-03-09 16:05:44 -07:00
policy_unpack_test.c	+ Features	2025-08-04 08:17:28 -07:00
procattr.c	apparmor: Improve debug print infrastructure	2025-01-18 06:47:11 -08:00
resource.c	apparmor: fix rlimit for posix cpu timers	2026-01-29 01:27:54 -08:00
secid.c	lsm: secctx provider check on release	2024-12-04 14:59:57 -05:00
stacksplitdfa.in	apparmor: use the dfa to do label parse string splitting	2018-02-09 11:30:01 -08:00
task.c	apparmor: userns: Add support for execpath in userns	2026-01-29 01:27:53 -08:00