ACK: [SRU][Artful][v3][PATCH 0/2] Fixes for LP:1734327

Kleber Souza kleber.souza at canonical.com
Tue Mar 27 12:52:06 UTC 2018 

On 03/12/18 20:07, Joseph Salisbury wrote:
> BugLink: http://bugs.launchpad.net/bugs/1734327
> 
> == SRU Justification ==
> The following commit introduced a regression identified in bug 1734327:
> ac8f82a0b6d9 ("UBUNTU: SAUCE: LSM stacking: LSM: Infrastructure management of the remaining blobs")
> 
> The regression causes a kernel panic to occur after multiple TCP connection 
> creations/closures to the localhost.  The bug was found using STAF RPC calls, 
> but is easily reproducible with SSH.    
> 
> A revert of commit ac8f82a0b6d9 is needed to resolve this bug.  However, commit 4ae2508f0bed
> also needs to be reverted because it depend on commit ac8f82a0b6d9.
> 
> This has already been reverted in Bionic.
> 
> == Fix ==
> Revert 4ae2508f0bed ("UBUNTU: SAUCE: LSM stacking: add stacking support to apparmor network hooks")
> Revert ac8f82a0b6d9 ("UBUNTU: SAUCE: LSM stacking: LSM: Infrastructure management of the remaining blobs")
> 
> == Test Case ==
> A test kernel was built with these two commits reverted and tested by the original bug reporter.
> The bug reporter states the test kernel resolved the bug.
> 
> Joseph Salisbury (2):
>   Revert "UBUNTU: SAUCE: LSM stacking: add stacking support to apparmor
>     network hooks"
>   Revert "UBUNTU: SAUCE: LSM stacking: LSM: Infrastructure management of
>     the remaining blobs"
> 
>  include/linux/lsm_hooks.h         |   8 -
>  security/apparmor/include/net.h   |  12 +-
>  security/apparmor/lsm.c           |  15 +-
>  security/security.c               | 259 +---------------------------
>  security/selinux/hooks.c          | 333 ++++++++++++++++++++++++------------
>  security/selinux/include/objsec.h |  65 +-------
>  security/selinux/netlabel.c       |  15 +-
>  security/selinux/selinuxfs.c      |   4 +-
>  security/selinux/ss/services.c    |   3 +-
>  security/smack/smack.h            |  61 +------
>  security/smack/smack_lsm.c        | 343 +++++++++++++++++++++++++++-----------
>  security/smack/smack_netfilter.c  |   8 +-
>  12 files changed, 510 insertions(+), 616 deletions(-)
> 

Given that the original author of the patches is fine with these reverts
and they fix the issue reported by the user, it seems reasonable.

Acked-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>

More information about the kernel-team mailing list