[apparmor] Pidgin, 4.14, and App Armor Oops.
Zephaniah E. Loss-Cutler-Hull
warp-spam_kernel at aehallh.com
Thu Nov 23 01:50:00 UTC 2017
On 11/22/2017 07:57 AM, John Johansen wrote:
>
> Can you verify the following patch fixes the problem for you
Confirmed, this does the trick nicely.
Tested-by: Zephaniah E. Loss-Cutler-Hull.
>
> ---
>
> From 6ba06322267ea931be5f1f559965120d1e09b030 Mon Sep 17 00:00:00 2001
> From: John Johansen <john.johansen at canonical.com>
> Date: Wed, 22 Nov 2017 07:33:38 -0800
> Subject: [PATCH] apparmor: fix oops in audit_signal_cb hook
>
> The apparmor_audit_data struct ordering got messed up during a merge
> conflict, resulting in the signal integer and peer pointer being in
> a union instead of a struct together.
>
> For most of the 4.13 and 4.14 life cycle, this was hidden by commit
> 651e28c5537abb39076d3949fb7618536f1d242e which fixed the
> apparmor_audit_data struct when its data was added. When that commit
> was reverted in -rc7 the signal audit bug was exposed, and
> unfortunately it never showed up in any of the testing until after
> 4.14 was released, and Shaun Khan, Zephaniah E. Loss-Cutler-Hull filed
> nearly simultaneous bug reports (with different oopes, the smaller of
> which is included below).
>
> Full credit goes to Tetsuo Handa for jumping on this as well and
> noticing the audit data struct problem and reporting it.
>
> Alright, trying again, this time with my mail settings to actually send
> as plain text, and with some more detail.
>
> I am running Ubuntu 16.04, with a mainline 4.14 kernel.
>
> [ 76.178568] BUG: unable to handle kernel paging request at
> ffffffff0eee3bc0
> [ 76.178579] IP: audit_signal_cb+0x6c/0xe0
> [ 76.178581] PGD 1a640a067 P4D 1a640a067 PUD 0
> [ 76.178586] Oops: 0000 [#1] PREEMPT SMP
> [ 76.178589] Modules linked in: fuse rfcomm bnep usblp uvcvideo btusb
> btrtl btbcm btintel bluetooth ecdh_generic ip6table_filter ip6_tables
> xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack
> iptable_filter ip_tables x_tables intel_rapl joydev wmi_bmof serio_raw
> iwldvm iwlwifi shpchp kvm_intel kvm irqbypass autofs4 algif_skcipher
> nls_iso8859_1 nls_cp437 crc32_pclmul ghash_clmulni_intel
> [ 76.178620] CPU: 0 PID: 10675 Comm: pidgin Not tainted
> 4.14.0-f1-dirty #135
> [ 76.178623] Hardware name: Hewlett-Packard HP EliteBook Folio
> 9470m/18DF, BIOS 68IBD Ver. F.62 10/22/2015
> [ 76.178625] task: ffff9c7a94c31dc0 task.stack: ffffa09b02a4c000
> [ 76.178628] RIP: 0010:audit_signal_cb+0x6c/0xe0
> [ 76.178631] RSP: 0018:ffffa09b02a4fc08 EFLAGS: 00010292
> [ 76.178634] RAX: ffffa09b02a4fd60 RBX: ffff9c7aee0741f8 RCX:
> 0000000000000000
> [ 76.178636] RDX: ffffffffee012290 RSI: 0000000000000006 RDI:
> ffff9c7a9493d800
> [ 76.178638] RBP: ffffa09b02a4fd40 R08: 000000000000004d R09:
> ffffa09b02a4fc46
> [ 76.178641] R10: ffffa09b02a4fcb8 R11: ffff9c7ab44f5072 R12:
> ffffa09b02a4fd40
> [ 76.178643] R13: ffffffff9e447be0 R14: ffff9c7a94c31dc0 R15:
> 0000000000000001
> [ 76.178646] FS: 00007f8b11ba2a80(0000) GS:ffff9c7afea00000(0000)
> knlGS:0000000000000000
> [ 76.178648] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 76.178650] CR2: ffffffff0eee3bc0 CR3: 00000003d5209002 CR4:
> 00000000001606f0
> [ 76.178652] Call Trace:
> [ 76.178660] common_lsm_audit+0x1da/0x780
> [ 76.178665] ? d_absolute_path+0x60/0x90
> [ 76.178669] ? aa_check_perms+0xcd/0xe0
> [ 76.178672] aa_check_perms+0xcd/0xe0
> [ 76.178675] profile_signal_perm.part.0+0x90/0xa0
> [ 76.178679] aa_may_signal+0x16e/0x1b0
> [ 76.178686] apparmor_task_kill+0x51/0x120
> [ 76.178690] security_task_kill+0x44/0x60
> [ 76.178695] group_send_sig_info+0x25/0x60
> [ 76.178699] kill_pid_info+0x36/0x60
> [ 76.178703] SYSC_kill+0xdb/0x180
> [ 76.178707] ? preempt_count_sub+0x92/0xd0
> [ 76.178712] ? _raw_write_unlock_irq+0x13/0x30
> [ 76.178716] ? task_work_run+0x6a/0x90
> [ 76.178720] ? exit_to_usermode_loop+0x80/0xa0
> [ 76.178723] entry_SYSCALL_64_fastpath+0x13/0x94
> [ 76.178727] RIP: 0033:0x7f8b0e58b767
> [ 76.178729] RSP: 002b:00007fff19efd4d8 EFLAGS: 00000206 ORIG_RAX:
> 000000000000003e
> [ 76.178732] RAX: ffffffffffffffda RBX: 0000557f3e3c2050 RCX:
> 00007f8b0e58b767
> [ 76.178735] RDX: 0000000000000000 RSI: 0000000000000000 RDI:
> 000000000000263b
> [ 76.178737] RBP: 0000000000000000 R08: 0000557f3e3c2270 R09:
> 0000000000000001
> [ 76.178739] R10: 000000000000022d R11: 0000000000000206 R12:
> 0000000000000000
> [ 76.178741] R13: 0000000000000001 R14: 0000557f3e3c13c0 R15:
> 0000000000000000
> [ 76.178745] Code: 48 8b 55 18 48 89 df 41 b8 20 00 08 01 5b 5d 48 8b
> 42 10 48 8b 52 30 48 63 48 4c 48 8b 44 c8 48 31 c9 48 8b 70 38 e9 f4 fd
> 00 00 <48> 8b 14 d5 40 27 e5 9e 48 c7 c6 7d 07 19 9f 48 89 df e8 fd 35
> [ 76.178794] RIP: audit_signal_cb+0x6c/0xe0 RSP: ffffa09b02a4fc08
> [ 76.178796] CR2: ffffffff0eee3bc0
> [ 76.178799] ---[ end trace 514af9529297f1a3 ]---
>
> Fixes: cd1dbf76b23d ("apparmor: add the ability to mediate signals")
> Reported-by: Zephaniah E. Loss-Cutler-Hull <warp-spam_kernel at aehallh.com>
> Reported-by: Shuah Khan <shuahkh at osg.samsung.com>
> Reported-by: Tetsuo Handa <penguin-kernel at i-love.sakura.ne.jp>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> ---
> security/apparmor/include/audit.h | 12 +++++++-----
> 1 file changed, 7 insertions(+), 5 deletions(-)
>
> diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h
> index 620e81169659..4ac095118717 100644
> --- a/security/apparmor/include/audit.h
> +++ b/security/apparmor/include/audit.h
> @@ -121,17 +121,19 @@ struct apparmor_audit_data {
> /* these entries require a custom callback fn */
> struct {
> struct aa_label *peer;
> - struct {
> - const char *target;
> - kuid_t ouid;
> - } fs;
> + union {
> + struct {
> + const char *target;
> + kuid_t ouid;
> + } fs;
> + int signal;
> + };
> };
> struct {
> struct aa_profile *profile;
> const char *ns;
> long pos;
> } iface;
> - int signal;
> struct {
> int rlim;
> unsigned long max;
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20171122/e3cfab56/attachment-0001.sig>
More information about the AppArmor
mailing list