UBUNTU: SAUCE: apparmor: debug: POISON label and replaceby pointer on free

And label and replacedby reference poisoning to make catching and debugging label refcount errors easier. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>

UBUNTU: SAUCE: apparmor: debug: POISON label and replaceby pointer on free
And label and replacedby reference poisoning to make catching and debugging label refcount errors easier. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
821951db · John Johansen · Tim Gardner · 68d119f3 · 821951db
Commit 821951db authored Jul 17, 2015 by John Johansen Committed by Tim Gardner Apr 06, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 4 deletions

security/apparmor/label.c security/apparmor/label.c +11 -4

No files found.
--- a/security/apparmor/label.c
+++ b/security/apparmor/label.c
@@ -38,12 +38,17 @@
 *
 */
+#define REPLACEDBY_POISON 97
+#define LABEL_POISON 100
 static void free_replacedby(struct aa_replacedby *r)
 {
 	if (r) {
 		/* r->label will not updated any more as r is dead */
 		aa_put_label(rcu_dereference_protected(r->label, true));
-		kzfree(r);
+		memset(r, 0, sizeof(*r));
+		r->label = REPLACEDBY_POISON;
+		kfree(r);
 	}
 }
@@ -209,12 +214,14 @@ void aa_label_destroy(struct aa_label *label)
 		aa_put_str(label->hname);
-		label_for_each(i, label, profile)
+		label_for_each(i, label, profile) {
 			aa_put_profile(profile);
+			label->ent[i.i] = LABEL_POISON + i.i;
+		}
 	}
 	aa_free_sid(label->sid);
 	aa_put_replacedby(label->replacedby);
+	label->replacedby = REPLACEDBY_POISON + 1;
 }
 void aa_label_free(struct aa_label *label)
@@ -224,7 +231,7 @@ void aa_label_free(struct aa_label *label)
 	aa_label_destroy(label);
 	labelstats_inc(freed);
-	kzfree(label);
+	kfree(label);
 }
 static void label_free_rcu(struct rcu_head *head)