apparmor: replace recursive profile removal with iterative approach - kernel

diff options

author	Massimiliano Pellizzer <massimiliano.pellizzer@canonical.com>	2026-01-13 09:09:43 +0100
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2026-03-13 17:23:29 +0100
commit	7eade846e013cbe8d2dc4a484463aa19e6515c7f (patch)
tree	5761184bb97651abf618375a186895a33b0d3f4c /include/net/aligned_data.h
parent	4f0889f2df1ab99224a5e1ac4e20437eea5fe38e (diff)

apparmor: replace recursive profile removal with iterative approach

commit ab09264660f9de5d05d1ef4e225aa447c63a8747 upstream. The profile removal code uses recursion when removing nested profiles, which can lead to kernel stack exhaustion and system crashes. Reproducer: $ pf='a'; for ((i=0; i<1024; i++)); do echo -e "profile $pf { \n }" | apparmor_parser -K -a; pf="$pf//x"; done $ echo -n a > /sys/kernel/security/apparmor/.remove Replace the recursive __aa_profile_list_release() approach with an iterative approach in __remove_profile(). The function repeatedly finds and removes leaf profiles until the entire subtree is removed, maintaining the same removal semantic without recursion. Fixes: c88d4c7b049e ("AppArmor: core policy routines") Reported-by: Qualys Security Advisory <qsa@qualys.com> Tested-by: Salvatore Bonaccorso <carnil@debian.org> Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Reviewed-by: Cengiz Can <cengiz.can@canonical.com> Signed-off-by: Massimiliano Pellizzer <massimiliano.pellizzer@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'include/net/aligned_data.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: