apparmor: fix IRQ stack overflow during free_profile
authorJohn Johansen <john.johansen@canonical.com>
Wed, 24 Oct 2012 13:27:32 +0000 (06:27 -0700)
committerJames Morris <james.l.morris@oracle.com>
Wed, 24 Oct 2012 15:12:50 +0000 (02:12 +1100)
commit2e680dd61e80592385338bfbeb86833d1c60546c
treea62b80465dd15a7fddb34367ccb7c94e47951dc5
parent0e9e3e306c7e472bdcffa34c4c4584301eda03b3
apparmor: fix IRQ stack overflow during free_profile

BugLink: http://bugs.launchpad.net/bugs/1056078

Profile replacement can cause long chains of profiles to build up when
the profile being replaced is pinned. When the pinned profile is finally
freed, it puts the reference to its replacement, which may in turn nest
another call to free_profile on the stack. Because this may happen for
each profile in the replacedby chain this can result in a recusion that
causes the stack to overflow.

Break this nesting by directly walking the chain of replacedby profiles
(ie. use iteration instead of recursion to free the list). This results
in at most 2 levels of free_profile being called, while freeing a
replacedby chain.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
security/apparmor/policy.c