This is a note to let you know that I've just added the patch titled apparmor: Fix memleak in alloc_ns() to the 5.10-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: apparmor-fix-memleak-in-alloc_ns.patch and it can be found in the queue-5.10 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 90d93ecc73a025f4c3263be18142f8975d1a8d74 Author: Xiu Jianfeng <xiujianfeng@xxxxxxxxxx> Date: Fri Oct 28 20:33:20 2022 +0800 apparmor: Fix memleak in alloc_ns() [ Upstream commit e9e6fa49dbab6d84c676666f3fe7d360497fd65b ] After changes in commit a1bd627b46d1 ("apparmor: share profile name on replacement"), the hname member of struct aa_policy is not valid slab object, but a subset of that, it can not be freed by kfree_sensitive(), use aa_policy_destroy() to fix it. Fixes: a1bd627b46d1 ("apparmor: share profile name on replacement") Signed-off-by: Xiu Jianfeng <xiujianfeng@xxxxxxxxxx> Signed-off-by: John Johansen <john.johansen@xxxxxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/security/apparmor/policy_ns.c b/security/apparmor/policy_ns.c index 70921d95fb40..53d24cf63893 100644 --- a/security/apparmor/policy_ns.c +++ b/security/apparmor/policy_ns.c @@ -121,7 +121,7 @@ static struct aa_ns *alloc_ns(const char *prefix, const char *name) return ns; fail_unconfined: - kfree_sensitive(ns->base.hname); + aa_policy_destroy(&ns->base); fail_ns: kfree_sensitive(ns); return NULL;