[SRU][Artful][Bionic][PATCH 0/2] Fixed for LP:1734327

Tetsuo Handa penguin-kernel at I-love.SAKURA.ne.jp
Tue Feb 6 23:08:27 UTC 2018


Joseph Salisbury wrote:
> On 12/08/2017 06:02 PM, Tetsuo Handa wrote:
> > Seth Forshee wrote:
> >> On Fri, Dec 08, 2017 at 12:59:03PM -0500, Joseph Salisbury wrote:
> >>> BugLink: http://bugs.launchpad.net/bugs/1734327
> >>>
> >>> == SRU Justification ==
> >>> The following commit introduced a regression identified in bug 1734327:
> >>> ac8f82a0b6d9 ("UBUNTU: SAUCE: LSM stacking: LSM: Infrastructure management of the remaining blobs")
> >>>
> >>> The regression causes a kernel panic to occur after multiple TCP connection 
> >>> creations/closures to the localhost.  The bug was found using STAF RPC calls, 
> >>> but is easily reproducible with SSH.    
> >>>
> >>> A revert of commit ac8f82a0b6d9 is needed to resolve this bug.  However, commit 4ae2508f0bed
> >>> also needs to be reverted because it depend on commit ac8f82a0b6d9.
> >>> == Fix ==
> >>> Revert 4ae2508f0bed ("UBUNTU: SAUCE: LSM stacking: add stacking support to apparmor network hooks")
> >>> Revert ac8f82a0b6d9 ("UBUNTU: SAUCE: LSM stacking: LSM: Infrastructure management of the remaining blobs")
> >>>
> >>> == Test Case ==
> >>> A test kernel was built with these two commits reverted and tested by the original bug reporter.
> >>> The bug reporter states the test kernel resolved the bug.
> >> Two problems with the patches, they lack your s-o-b and they lack any
> >> information about why they're being reverted in the commit message.
> >>
> >> They also didn't apply cleanly on bionic/master-next (at least not the
> >> first one, I didn't try the second), so I just reverted them directly
> >> and pushed. I had to drop the whole series when rebasing to 4.15 so
> >> there's nothing to revert in unstable.
> > Isn't https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1734686 same bug where the patch
> > is at http://kernsec.org/pipermail/linux-security-module-archive/2017-December/004638.html ?
> Hi Tetsuo,
> 
> I don't see that your patch landed in mainline as of yet.? Did you ever
> receive any feedback from upstream?

LSM stacking is currently UBUNTU: SAUCE: patches. Since LSM stacking patchset has
not landed in mainline, neither my bugfix patch. But I got effectively-an-ACK from
author of LSM stacking patchset (Casey Schaufler):
http://kernsec.org/pipermail/linux-security-module-archive/2017-December/004645.html .




More information about the kernel-team mailing list