apparmor: replace recursive profile removal with iterative approach - kernel

diff options

author	Massimiliano Pellizzer <massimiliano.pellizzer@canonical.com>	2026-01-13 09:09:43 +0100
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2026-03-13 17:20:47 +0100
commit	999bd704b0b641527a5ed46f0d969deff8cfa68b (patch)
tree	96abf10c800fb52262b623f2967756c8617072cc /ipc
parent	786e2c2a87d9c505f33321d1fd23a176aa8ddeb1 (diff)

apparmor: replace recursive profile removal with iterative approach

commit ab09264660f9de5d05d1ef4e225aa447c63a8747 upstream. The profile removal code uses recursion when removing nested profiles, which can lead to kernel stack exhaustion and system crashes. Reproducer: $ pf='a'; for ((i=0; i<1024; i++)); do echo -e "profile $pf { \n }" | apparmor_parser -K -a; pf="$pf//x"; done $ echo -n a > /sys/kernel/security/apparmor/.remove Replace the recursive __aa_profile_list_release() approach with an iterative approach in __remove_profile(). The function repeatedly finds and removes leaf profiles until the entire subtree is removed, maintaining the same removal semantic without recursion. Fixes: c88d4c7b049e ("AppArmor: core policy routines") Reported-by: Qualys Security Advisory <qsa@qualys.com> Tested-by: Salvatore Bonaccorso <carnil@debian.org> Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Reviewed-by: Cengiz Can <cengiz.can@canonical.com> Signed-off-by: Massimiliano Pellizzer <massimiliano.pellizzer@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'ipc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: