We aren't expecting a null path mnt pointer here, and file_mnt_idmap
dereferences it without checking for null, leading to a null pointer
dereference BUG print. Instead, explicitly check for this via AA_BUG
line in order to get more useful diagnostics.
Signed-off-by: Ryan Lee <ryan....@canonical.com>
---
security/apparmor/lsm.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 45cc81234c0d..d0facedb1cfd 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -649,12 +649,23 @@ static int apparmor_file_open(struct file *file)
label = aa_get_newest_cred_label_condref(file->f_cred, &needput);
if (!unconfined(label)) {
- struct mnt_idmap *idmap = file_mnt_idmap(file);
- struct inode *inode = file_inode(file);
+ struct mnt_idmap *idmap;
+ struct inode *inode;
vfsuid_t vfsuid;
+ /* Set a dummy value to default-initialize the rest, and then
+ * write the correct value to mode once we have an inode ptr.
+ * Unfortunately, default-initializing everything with {} is
+ * only supported since C23.
+ */
struct path_cond cond = {
- .mode = inode->i_mode,
+ .mode = 0
};
+
+ AA_BUG(!(file->f_path.mnt));
+ idmap = file_mnt_idmap(file);
+ inode = file_inode(file);
+ cond.mode = inode->i_mode;
+
vfsuid = i_uid_into_vfsuid(idmap, inode);
cond.uid = vfsuid_into_kuid(vfsuid);
--
2.43.0
base-kernel: v6.14-rc6
