ACK/cmnt: [SRU][Artful][v3][PATCH 0/2] Fixes for LP:1734327

Stefan Bader stefan.bader at canonical.com
Wed Mar 28 12:25:32 UTC 2018 

On 12.03.2018 20:07, Joseph Salisbury wrote:
> BugLink: http://bugs.launchpad.net/bugs/1734327
> 
> == SRU Justification ==
> The following commit introduced a regression identified in bug 1734327:
> ac8f82a0b6d9 ("UBUNTU: SAUCE: LSM stacking: LSM: Infrastructure management of the remaining blobs")
> 
> The regression causes a kernel panic to occur after multiple TCP connection 
> creations/closures to the localhost.  The bug was found using STAF RPC calls, 
> but is easily reproducible with SSH.    
> 
> A revert of commit ac8f82a0b6d9 is needed to resolve this bug.  However, commit 4ae2508f0bed
> also needs to be reverted because it depend on commit ac8f82a0b6d9.
> 
> This has already been reverted in Bionic.
> 
> == Fix ==
> Revert 4ae2508f0bed ("UBUNTU: SAUCE: LSM stacking: add stacking support to apparmor network hooks")
> Revert ac8f82a0b6d9 ("UBUNTU: SAUCE: LSM stacking: LSM: Infrastructure management of the remaining blobs")
> 
> == Test Case ==
> A test kernel was built with these two commits reverted and tested by the original bug reporter.
> The bug reporter states the test kernel resolved the bug.
> 
> Joseph Salisbury (2):
>   Revert "UBUNTU: SAUCE: LSM stacking: add stacking support to apparmor
>     network hooks"
>   Revert "UBUNTU: SAUCE: LSM stacking: LSM: Infrastructure management of
>     the remaining blobs"
> 
>  include/linux/lsm_hooks.h         |   8 -
>  security/apparmor/include/net.h   |  12 +-
>  security/apparmor/lsm.c           |  15 +-
>  security/security.c               | 259 +---------------------------
>  security/selinux/hooks.c          | 333 ++++++++++++++++++++++++------------
>  security/selinux/include/objsec.h |  65 +-------
>  security/selinux/netlabel.c       |  15 +-
>  security/selinux/selinuxfs.c      |   4 +-
>  security/selinux/ss/services.c    |   3 +-
>  security/smack/smack.h            |  61 +------
>  security/smack/smack_lsm.c        | 343 +++++++++++++++++++++++++++-----------
>  security/smack/smack_netfilter.c  |   8 +-
>  12 files changed, 510 insertions(+), 616 deletions(-)
> 
Acked-by: Stefan Bader <stefan.bader at canonical.com>

The problem with the revert I saw was that LSM stacking was some required
feature (I believe for snappy). But I also think I talked to Seth and he was
waiting for some updated version for all this for Bionic. As far as I know we
still wait, so probably it is better to revert this in Artful until then.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20180328/d7ab39a1/attachment.sig>

More information about the kernel-team mailing list