Home Home > GIT Browse > stable
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJiri Kosina <jkosina@suse.cz>2017-12-01 16:21:43 +0100
committerJiri Kosina <jkosina@suse.cz>2017-12-01 16:21:43 +0100
commit9915372e67fe38327b2bc03a87f7408d06cedfea (patch)
tree96d4130805775c755b596abfef38757660d157d2
parenta282b6796d2da1308b715eceeda25dead34adb62 (diff)
parentda7b6ca23b2202f9d8739993fc390fc73d452e3a (diff)
Merge remote-tracking branch 'origin/users/rgoldwyn/SLE15/for-next' into SLE15
-rw-r--r--patches.apparmor/apparmor-fix-oops-in-audit_signal_cb-hook.patch141
-rw-r--r--series.conf1
2 files changed, 142 insertions, 0 deletions
diff --git a/patches.apparmor/apparmor-fix-oops-in-audit_signal_cb-hook.patch b/patches.apparmor/apparmor-fix-oops-in-audit_signal_cb-hook.patch
new file mode 100644
index 0000000000..e09f7d8be0
--- /dev/null
+++ b/patches.apparmor/apparmor-fix-oops-in-audit_signal_cb-hook.patch
@@ -0,0 +1,141 @@
+From a3ec3e8612f5d614d290626011e78b0aea1db5a5 Mon Sep 17 00:00:00 2001
+From: John Johansen <john.johansen at canonical.com>
+Date: Wed, 22 Nov 2017 07:33:38 -0800
+Subject: [PATCH] apparmor: fix oops in audit_signal_cb hook
+References: bsc#1070227
+Patch-mainline: Submitted, https://lists.ubuntu.com/archives/apparmor/2017-November/011328.html
+
+The apparmor_audit_data struct ordering got messed up during a merge
+conflict, resulting in the signal integer and peer pointer being in
+a union instead of a struct together.
+
+For most of the 4.13 and 4.14 life cycle, this was hidden by commit
+651e28c5537abb39076d3949fb7618536f1d242e which fixed the
+apparmor_audit_data struct when its data was added. When that commit
+was reverted in -rc7 the signal audit bug was exposed, and
+unfortunately it never showed up in any of the testing until after
+4.14 was released, and Shaun Khan, Zephaniah E. Loss-Cutler-Hull filed
+nearly simultaneous bug reports (with different oopes, the smaller of
+which is included below).
+
+Full credit goes to Tetsuo Handa for jumping on this as well and
+noticing the audit data struct problem and reporting it.
+
+Alright, trying again, this time with my mail settings to actually send
+as plain text, and with some more detail.
+
+I am running Ubuntu 16.04, with a mainline 4.14 kernel.
+
+[ 76.178568] BUG: unable to handle kernel paging request at
+ffffffff0eee3bc0
+[ 76.178579] IP: audit_signal_cb+0x6c/0xe0
+[ 76.178581] PGD 1a640a067 P4D 1a640a067 PUD 0
+[ 76.178586] Oops: 0000 [#1] PREEMPT SMP
+[ 76.178589] Modules linked in: fuse rfcomm bnep usblp uvcvideo btusb
+btrtl btbcm btintel bluetooth ecdh_generic ip6table_filter ip6_tables
+xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack
+iptable_filter ip_tables x_tables intel_rapl joydev wmi_bmof serio_raw
+iwldvm iwlwifi shpchp kvm_intel kvm irqbypass autofs4 algif_skcipher
+nls_iso8859_1 nls_cp437 crc32_pclmul ghash_clmulni_intel
+[ 76.178620] CPU: 0 PID: 10675 Comm: pidgin Not tainted
+4.14.0-f1-dirty #135
+[ 76.178623] Hardware name: Hewlett-Packard HP EliteBook Folio
+9470m/18DF, BIOS 68IBD Ver. F.62 10/22/2015
+[ 76.178625] task: ffff9c7a94c31dc0 task.stack: ffffa09b02a4c000
+[ 76.178628] RIP: 0010:audit_signal_cb+0x6c/0xe0
+[ 76.178631] RSP: 0018:ffffa09b02a4fc08 EFLAGS: 00010292
+[ 76.178634] RAX: ffffa09b02a4fd60 RBX: ffff9c7aee0741f8 RCX:
+0000000000000000
+[ 76.178636] RDX: ffffffffee012290 RSI: 0000000000000006 RDI:
+ffff9c7a9493d800
+[ 76.178638] RBP: ffffa09b02a4fd40 R08: 000000000000004d R09:
+ffffa09b02a4fc46
+[ 76.178641] R10: ffffa09b02a4fcb8 R11: ffff9c7ab44f5072 R12:
+ffffa09b02a4fd40
+[ 76.178643] R13: ffffffff9e447be0 R14: ffff9c7a94c31dc0 R15:
+0000000000000001
+[ 76.178646] FS: 00007f8b11ba2a80(0000) GS:ffff9c7afea00000(0000)
+knlGS:0000000000000000
+[ 76.178648] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 76.178650] CR2: ffffffff0eee3bc0 CR3: 00000003d5209002 CR4:
+00000000001606f0
+[ 76.178652] Call Trace:
+[ 76.178660] common_lsm_audit+0x1da/0x780
+[ 76.178665] ? d_absolute_path+0x60/0x90
+[ 76.178669] ? aa_check_perms+0xcd/0xe0
+[ 76.178672] aa_check_perms+0xcd/0xe0
+[ 76.178675] profile_signal_perm.part.0+0x90/0xa0
+[ 76.178679] aa_may_signal+0x16e/0x1b0
+[ 76.178686] apparmor_task_kill+0x51/0x120
+[ 76.178690] security_task_kill+0x44/0x60
+[ 76.178695] group_send_sig_info+0x25/0x60
+[ 76.178699] kill_pid_info+0x36/0x60
+[ 76.178703] SYSC_kill+0xdb/0x180
+[ 76.178707] ? preempt_count_sub+0x92/0xd0
+[ 76.178712] ? _raw_write_unlock_irq+0x13/0x30
+[ 76.178716] ? task_work_run+0x6a/0x90
+[ 76.178720] ? exit_to_usermode_loop+0x80/0xa0
+[ 76.178723] entry_SYSCALL_64_fastpath+0x13/0x94
+[ 76.178727] RIP: 0033:0x7f8b0e58b767
+[ 76.178729] RSP: 002b:00007fff19efd4d8 EFLAGS: 00000206 ORIG_RAX:
+000000000000003e
+[ 76.178732] RAX: ffffffffffffffda RBX: 0000557f3e3c2050 RCX:
+00007f8b0e58b767
+[ 76.178735] RDX: 0000000000000000 RSI: 0000000000000000 RDI:
+000000000000263b
+[ 76.178737] RBP: 0000000000000000 R08: 0000557f3e3c2270 R09:
+0000000000000001
+[ 76.178739] R10: 000000000000022d R11: 0000000000000206 R12:
+0000000000000000
+[ 76.178741] R13: 0000000000000001 R14: 0000557f3e3c13c0 R15:
+0000000000000000
+[ 76.178745] Code: 48 8b 55 18 48 89 df 41 b8 20 00 08 01 5b 5d 48 8b
+42 10 48 8b 52 30 48 63 48 4c 48 8b 44 c8 48 31 c9 48 8b 70 38 e9 f4 fd
+00 00 <48> 8b 14 d5 40 27 e5 9e 48 c7 c6 7d 07 19 9f 48 89 df e8 fd 35
+[ 76.178794] RIP: audit_signal_cb+0x6c/0xe0 RSP: ffffa09b02a4fc08
+[ 76.178796] CR2: ffffffff0eee3bc0
+[ 76.178799] ---[ end trace 514af9529297f1a3 ]---
+
+Fixes: cd1dbf76b23d ("apparmor: add the ability to mediate signals")
+Reported-by: Zephaniah E. Loss-Cutler-Hull <warp-spam_kernel at aehallh.com>
+Reported-by: Shuah Khan <shuahkh at osg.samsung.com>
+Reported-by: Tetsuo Handa <penguin-kernel at i-love.sakura.ne.jp>
+Signed-off-by: John Johansen <john.johansen at canonical.com>
+Acked-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
+---
+ security/apparmor/include/audit.h | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h
+index ac3666ff7892..3788b0c3a5c4 100644
+--- a/security/apparmor/include/audit.h
++++ b/security/apparmor/include/audit.h
+@@ -121,10 +121,13 @@ struct apparmor_audit_data {
+ /* these entries require a custom callback fn */
+ struct {
+ struct aa_label *peer;
+- struct {
+- const char *target;
+- kuid_t ouid;
+- } fs;
++ union {
++ struct {
++ const char *target;
++ kuid_t ouid;
++ } fs;
++ int signal;
++ };
+ struct {
+ int type, protocol;
+ struct sock *sk;
+@@ -135,7 +138,6 @@ struct apparmor_audit_data {
+ const char *ns;
+ long pos;
+ } iface;
+- int signal;
+ struct {
+ int rlim;
+ unsigned long max;
+--
+2.13.6
+
diff --git a/series.conf b/series.conf
index ee1b23a646..fe2bfde49c 100644
--- a/series.conf
+++ b/series.conf
@@ -6183,6 +6183,7 @@
patches.apparmor/apparmor-basic-networking-rules.patch
patches.apparmor/apparmor-basic-networking-rules-4.11-rc1.patch
patches.apparmor/apparmor-fix-quieting-of-audit-messages-for-network-mediation.patch
+ patches.apparmor/apparmor-fix-oops-in-audit_signal_cb-hook.patch
########################################################
# Lock down functions for UEFI secure boot , FATE#314486