[Bug 257748] New: AppArmor can cause kernel crash due to bug in rcu based profile replacement/removal
https://bugzilla.novell.com/show_bug.cgi?id=257748 Summary: AppArmor can cause kernel crash due to bug in rcu based profile replacement/removal Product: openSUSE 10.2 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: AppArmor AssignedTo: jjohansen@novell.com ReportedBy: jjohansen@novell.com QAContact: dreynolds@novell.com There is a very small race window that exists between obtaining a profile pointer and incrementing/decrementing its reference count. The race is as follows Task 1 Task 2 ptr = profile dec(profile ref) -> profile put on rcu callback list inc(profile ref) Depending on when Task 1 puts it reference to the profile it either - puts the profile on the rcu callback list again using the same rcu list head that is already in use (bad) - the profile gets freed while it is in use resulting in incorrect mediation, invalid memory references, or even double free of profile. (All very bad) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=257748 ------- Comment #1 from jjohansen@novell.com 2007-03-26 16:37 MST ------- I missed mentioning that this bug can only occur in profile replacement, removal or module removal. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=257748 jjohansen@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=257748#c2
Dominic Reynolds
https://bugzilla.novell.com/show_bug.cgi?id=257748#c3
--- Comment #3 from John Johansen
https://bugzilla.novell.com/show_bug.cgi?id=257748#c5
Stephan Kulow
https://bugzilla.novell.com/show_bug.cgi?id=257748
Michal Svec
https://bugzilla.novell.com/show_bug.cgi?id=257748
User jjohansen@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=257748#c6
John Johansen
participants (1)
-
bugzilla_noreply@novell.com