[apparmor] [PATCH] Initialize common_audit_data

Goldwyn Rodrigues rgoldwyn at suse.de
Mon May 2 17:23:33 UTC 2016


From: Goldwyn Rodrigues <rgoldwyn at suse.com>

We need to initialize common_audit_data so that no garbage comes
in the structure. This fixes the following crash:

BUG: unable to handle kernel paging request at 0000000000001808
IP: [<ffffffff815e2f0c>] _raw_spin_lock+0xc/0x20
PGD 22aa97067 PUD 223794067 PMD 0
Oops: 0002 [#1] SMP
Supported: No, Unsupported modules are loaded
CPU: 2 PID: 2291 Comm: changehat_twice Tainted: G            E   N  4.4.8-bsc972120+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.1-0-g4adadbd-20160215_151056-lamb14 04/01/2014
task: ffff8802102054c0 ti: ffff88021d694000 task.ti: ffff88021d694000
RIP: 0010:[<ffffffff815e2f0c>]  [<ffffffff815e2f0c>] _raw_spin_lock+0xc/0x20
RSP: 0018:ffff88021d697b20  EFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000001000 RCX: 0000000000000000
RDX: 0000000000000001 RSI: ffff88021d697b50 RDI: 0000000000001808
RBP: ffff880036478c40 R08: 000000000000000a R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000287 R12: ffff88021d697b50
R13: 0000000000001808 R14: 0000000000000001 R15: ffff8802301d3400
FS:  00007f785a37e700(0000) GS:ffff88023fd00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000001808 CR3: 0000000217720000 CR4: 00000000001406e0
Stack:
ffffffff81087f41 ffff880036478c40 0000000000000009 0000000000000000
0000000000000000 ffffffff81087fa5 0000000000000286 ffff88021d697b98
ffff880036478c40 0000000000000023 0000000000000000 ffffffff812ad000
Call Trace:
[<ffffffff81087f41>] __lock_task_sighand+0x41/0x80
[<ffffffff81087fa5>] do_send_sig_info+0x25/0x70
[<ffffffff812ad000>] aa_audit+0x130/0x170
[<ffffffff812b4c1a>] aa_audit_file+0xca/0x140
[<ffffffff812af558>] aa_change_hat+0x248/0x490
[<ffffffff812b2dcf>] aa_setprocattr_changehat+0xef/0x190
[<ffffffff812b372b>] apparmor_setprocattr+0x22b/0x2c0
[<ffffffff8128f5eb>] security_setprocattr+0x4b/0x60
[<ffffffff8125ca46>] proc_pid_attr_write+0xe6/0x110
[<ffffffff811f5863>] __vfs_write+0x23/0xf0
[<ffffffff811f5edd>] vfs_write+0x9d/0x190
[<ffffffff811f6ba2>] SyS_write+0x42/0xa0
[<ffffffff815e326e>] entry_SYSCALL_64_fastpath+0x12/0x71

Signed-off-by: Goldwyn Rodrigues <rgoldwyn at suse.com>

diff --git a/security/apparmor/file.c b/security/apparmor/file.c
index 913f377..6d4898c 100644
--- a/security/apparmor/file.c
+++ b/security/apparmor/file.c
@@ -108,10 +108,11 @@ int aa_audit_file(struct aa_profile *profile, struct file_perms *perms,
 		  const char *target, kuid_t ouid, const char *info, int error)
 {
 	int type = AUDIT_APPARMOR_AUTO;
-	struct common_audit_data sa;
 	struct apparmor_audit_data aad = {0,};
-	sa.type = LSM_AUDIT_DATA_NONE;
-	sa.aad = &aad;
+	struct common_audit_data sa = {
+		.type = LSM_AUDIT_DATA_NONE,
+		.aad = &aad
+	};
 	aad.op = op,
 	aad.fs.request = request;
 	aad.name = name;



More information about the AppArmor mailing list