On 2026-05-02 13:37:14, Zygmunt Krynicki wrote: > aa_getprocattr() allocates the output string before rendering the label > into it. If the second aa_label_snxprint() call fails, the function > returned without freeing that allocation. > > Free and clear the output pointer on the uncommon formatting failure path > before dropping the namespace reference. > > Signed-off-by: Zygmunt Krynicki <[email protected]> > --- > security/apparmor/procattr.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c > index ce40f15d4952d..c07b6e8fd9c93 100644 > --- a/security/apparmor/procattr.c > +++ b/security/apparmor/procattr.c > @@ -54,6 +54,8 @@ int aa_getprocattr(struct aa_label *label, char **string, > bool newline) > FLAG_SHOW_MODE | FLAG_VIEW_SUBNS | > FLAG_HIDDEN_UNCONFINED); > if (len < 0) { > + kfree(*string); > + *string = NULL;
Upstream doesn't have this call to kfree(). Did you create this patch from an Ubuntu kernel tree? Tyler > aa_put_ns(current_ns); > return len; > } > -- > 2.53.0 > >
