APPLIED: [SRU][Artful][v3][PATCH 0/2] Fixes for LP:1734327
Stefan Bader
stefan.bader at canonical.com
Tue Apr 3 13:30:10 UTC 2018
On 03.04.2018 14:33, Joseph Salisbury wrote:
> On 04/03/2018 06:08 AM, Tetsuo Handa wrote:
>> Kleber Souza wrote:
>>> On 03/12/18 20:07, Joseph Salisbury wrote:
>>>> BugLink: http://bugs.launchpad.net/bugs/1734327
>>>>
>>>> == SRU Justification ==
>>>> The following commit introduced a regression identified in bug 1734327:
>>>> ac8f82a0b6d9 ("UBUNTU: SAUCE: LSM stacking: LSM: Infrastructure management of the remaining blobs")
>>>>
>>>> The regression causes a kernel panic to occur after multiple TCP connection
>>>> creations/closures to the localhost. The bug was found using STAF RPC calls,
>>>> but is easily reproducible with SSH.
>>>>
>>>> A revert of commit ac8f82a0b6d9 is needed to resolve this bug. However, commit 4ae2508f0bed
>>>> also needs to be reverted because it depend on commit ac8f82a0b6d9.
>>>>
>>>> This has already been reverted in Bionic.
>>>>
>>>> == Fix ==
>>>> Revert 4ae2508f0bed ("UBUNTU: SAUCE: LSM stacking: add stacking support to apparmor network hooks")
>>>> Revert ac8f82a0b6d9 ("UBUNTU: SAUCE: LSM stacking: LSM: Infrastructure management of the remaining blobs")
>>>>
>>>> == Test Case ==
>>>> A test kernel was built with these two commits reverted and tested by the original bug reporter.
>>>> The bug reporter states the test kernel resolved the bug.
>>>>
>>>> Joseph Salisbury (2):
>>>> Revert "UBUNTU: SAUCE: LSM stacking: add stacking support to apparmor
>>>> network hooks"
>>>> Revert "UBUNTU: SAUCE: LSM stacking: LSM: Infrastructure management of
>>>> the remaining blobs"
>>>>
>>>> include/linux/lsm_hooks.h | 8 -
>>>> security/apparmor/include/net.h | 12 +-
>>>> security/apparmor/lsm.c | 15 +-
>>>> security/security.c | 259 +---------------------------
>>>> security/selinux/hooks.c | 333 ++++++++++++++++++++++++------------
>>>> security/selinux/include/objsec.h | 65 +-------
>>>> security/selinux/netlabel.c | 15 +-
>>>> security/selinux/selinuxfs.c | 4 +-
>>>> security/selinux/ss/services.c | 3 +-
>>>> security/smack/smack.h | 61 +------
>>>> security/smack/smack_lsm.c | 343 +++++++++++++++++++++++++++-----------
>>>> security/smack/smack_netfilter.c | 8 +-
>>>> 12 files changed, 510 insertions(+), 616 deletions(-)
>>>>
>>> Applied to artful/master-next branch.
>>>
>> OK. Then, please also apply
>>
>> ----------
>> diff -ur linux-4.13.0-17.20.orig/security/apparmor/lsm.c linux-4.13.0-17.20/security/apparmor/lsm.c
>> --- linux-4.13.0-17.20.orig/security/apparmor/lsm.c
>> +++ linux-4.13.0-17.20/security/apparmor/lsm.c
>> @@ -1562,6 +1562,8 @@
>> security_module_enable("apparmor",
>> IS_ENABLED(CONFIG_SECURITY_APPARMOR_STACKED)))
>> security_add_blobs(&apparmor_blob_sizes);
>> + else
>> + apparmor_enabled = 0;
>> finish = 1;
>> return 0;
>> }
>> ----------
>>
>> because, without this fix, using security= parameter other than security=apparmor
>> causes kernel panic unless apparmor=0 is explicitly specified.
>
> We are performing a revert, so putting things back to before those
> commits were applied. Due to that, I would suggest adding this
> additional change as a new patch. Thoughts?
Sounds reasonable. But makes me wonder a little whether this is not actually a
different bug (and at least should be checked whether it might be around even
before).
-Stefan
>
>>> Thanks,
>>> Kleber
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20180403/545d2d02/attachment.sig>
More information about the kernel-team
mailing list