group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #07710
[Bug 1592547] Re: vmalloc failure leads to null ptr dereference in aa_dfa_next
This bug was fixed in the package linux - 4.8.0-11.12
---------------
linux (4.8.0-11.12) yakkety; urgency=low
* change_hat is logging failures during expected hat probing (LP: #1615893)
- SAUCE: apparmor: Fix auditing behavior for change_hat probing
* deleted files outside of the namespace are not being treated as
disconnected
(LP: #1615892)
- SAUCE: apparmor: deleted dentries can be disconnected
* stacking to unconfined in a child namespace confuses mediation
(LP: #1615890)
- SAUCE: apparmor: special case unconfined when determining the mode
* apparmor module parameters can be changed after the policy is locked
(LP: #1615895)
- SAUCE: apparmor: fix: parameters can be changed after policy is locked
* AppArmor profile reloading causes an intermittent kernel BUG (LP:
#1579135)
- SAUCE: apparmor: fix vec_unique for vectors larger than 8
* label vec reductions can result in reference labels instead of direct
access
to labels (LP: #1615889)
- SAUCE: apparmor: reduction of vec to single entry is just that entry
* profiles from different namespaces can block other namespaces from being
able to load a profile (LP: #1615887)
- SAUCE: apparmor: profiles in one ns can affect mediation in another ns
* The label build for onexec when stacking is wrong (LP: #1615881)
- SAUCE: apparmor: Fix label build for onexec stacking.
* The inherit check for new to old label comparison for domain transitions
is
wrong (LP: #1615880)
- SAUCE: apparmor: Fix new to old label comparison for domain transitions
* warning stack trace while playing with apparmor namespaces (LP: #1593874)
- SAUCE: apparmor: fix stack trace when removing namespace with profiles
* __label_update proxy comparison test is wrong (LP: #1615878)
- SAUCE: apparmor: Fix __label_update proxy comparison test
* reading /sys/kernel/security/apparmor/profiles requires CAP_MAC_ADMIN
(LP: #1560583)
- SAUCE: apparmor: Allow ns_root processes to open profiles file
- SAUCE: apparmor: Consult sysctl when reading profiles in a user ns
* policy namespace stacking (LP: #1379535)
- SAUCE: (no-up) apparmor: rebase of apparmor3.5-beta1 snapshot for 4.8
- SAUCE: add a sysctl to enable unprivileged user ns AppArmor policy loading
* Miscellaneous Ubuntu changes
- [Debian] Dynamically determine linux udebs package name
- [Debian] d-i -- fix dtb handling in new kernel-wedge form
- SAUCE: apparmor: Fix FTBFS due to bad include path
- SAUCE: apparmor: add data query support
- [Config] Set CONFIG_SECURITY_APPARMOR_UNCONFINED_INIT=y
* Miscellaneous upstream changes
- fixup backout policy view capable for forward port
- apparmor: fix: Rework the iter loop for label_update
- apparmor: add more assertions for updates/merges to help catch errors
- apparmor: Make pivot root transitions work with stacking
- apparmor: convert delegating deleted files to mediate deleted files
- apparmor: add missing parens. not a bug fix but highly recommended
- apparmor: add a stack_version file to allow detection of bug fixes
- apparmor: push path lookup into mediation loop
- apparmor: default to allowing unprivileged userns policy
- apparmor: fix: permissions test to view and manage policy
- apparmor: Add Basic ns cross check condition for ipc
-- Leann Ogasawara <leann.ogasawara@xxxxxxxxxxxxx> Sat, 17 Sep 2016
10:03:16 -0700
** Changed in: linux (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1592547
Title:
vmalloc failure leads to null ptr dereference in aa_dfa_next
Status in AppArmor:
New
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Released
Bug description:
running stress-ng apparmor stressor with a vmalloc NULL return trips a
null ptr dereference in aa_dfa_next:
$ uname -a
Linux ubuntu 4.4.0-24-generic #43
[ 46.271517] BUG: unable to handle kernel NULL pointer dereference at 0000000000000020
[ 46.271641] IP: [<ffffffff8137a8a6>] aa_dfa_next+0x6/0x70
[ 46.271743] PGD 39ebd067 PUD 39ebe067 PMD 0
[ 46.271833] Oops: 0000 [#1] SMP
[ 46.271926] Modules linked in: jitterentropy_rng algif_rng salsa20_generic salsa20_x86_64 camellia_generic camellia_aesni_avx_x86_64 camellia_x86_64 cast6_avx_x86_64 cast6_generic cast_common serpent_avx_x86_64 serpent_sse2_x86_64 serpent_generic twofish_generic twofish_avx_x86_64 twofish_x86_64_3way twofish_x86_64 twofish_common xts algif_skcipher tgr192 wp512 rmd320 rmd256 rmd160 rmd128 md4 algif_hash af_alg ppdev snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_pcm input_leds joydev snd_timer serio_raw snd soundcore i2c_piix4 mac_hid 8250_fintek parport_pc parport ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq
[ 46.273290] libcrc32c raid1 raid0 multipath linear 8139too crct10dif_pclmul crc32_pclmul qxl aesni_intel aes_x86_64 lrw gf128mul ttm drm_kms_helper glue_helper ablk_helper cryptd syscopyarea sysfillrect sysimgblt fb_sys_fops psmouse drm floppy 8139cp mii pata_acpi
[ 46.274250] CPU: 0 PID: 1349 Comm: stress-ng-appar Not tainted 4.4.0-24-generic #43
[ 46.274436] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
[ 46.274632] task: ffff8800374be040 ti: ffff88003746c000 task.ti: ffff88003746c000
[ 46.274854] RIP: 0010:[<ffffffff8137a8a6>] [<ffffffff8137a8a6>] aa_dfa_next+0x6/0x70
[ 46.275072] RSP: 0018:ffff88003746fca8 EFLAGS: 00010282
[ 46.275450] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000004a46
[ 46.275934] RDX: 0000000000000002 RSI: 0000000000000001 RDI: 0000000000000000
[ 46.276348] RBP: ffff88003746fd28 R08: ffff88003fc19f40 R09: ffff88003e001d00
[ 46.276757] R10: ffff88003da8e600 R11: ffff88003e001500 R12: ffff88003746fd48
[ 46.276979] R13: ffff88003acc4800 R14: ffff88003acc4894 R15: 0000000000000029
[ 46.277202] FS: 00007f7198a0f700(0000) GS:ffff88003fc00000(0000) knlGS:0000000000000000
[ 46.277500] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 46.278006] CR2: 0000000000000020 CR3: 0000000039ebc000 CR4: 00000000001406f0
[ 46.278592] Stack:
[ 46.278846] ffff88003746fd28 ffffffff81383585 0000000000000000 0000000000000000
[ 46.279271] 000000003746fd00 0000000000000000 ffffc9000268e400 0000000000000000
[ 46.279860] ffff88003746fd40 0000000000000000 000000005833b243 ffff88003746fe28
[ 46.280311] Call Trace:
[ 46.280606] [<ffffffff81383585>] ? unpack_profile+0x5c5/0x970
[ 46.280854] [<ffffffff81383ad9>] aa_unpack+0xe9/0x450
[ 46.281091] [<ffffffff81381e97>] aa_replace_profiles+0x77/0xb70
[ 46.281341] [<ffffffff811cf81b>] ? vmalloc+0x6b/0x70
[ 46.281610] [<ffffffff813770df>] policy_update+0x9f/0x1f0
[ 46.281887] [<ffffffff81377243>] profile_replace+0x13/0x20
[ 46.282169] [<ffffffff8120c528>] __vfs_write+0x18/0x40
[ 46.282444] [<ffffffff8120ceb9>] vfs_write+0xa9/0x1a0
[ 46.282728] [<ffffffff8120be4f>] ? do_sys_open+0x1bf/0x2a0
[ 46.283418] [<ffffffff8120db75>] SyS_write+0x55/0xc0
[ 46.284188] [<ffffffff81825cb2>] entry_SYSCALL_64_fastpath+0x16/0x71
[ 46.284753] Code: 0c 42 39 ce 74 d9 0f b6 02 41 0f b7 34 7b 84 c0 75 d9 eb c3 41 0f b7 34 44 eb 89 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 <48> 8b 47 20 4c 8b 5f 28 4c 8b 57 40 48 89 e5 4c 8b 4f 18 48 8d
[ 46.285401] RIP [<ffffffff8137a8a6>] aa_dfa_next+0x6/0x70
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1592547/+subscriptions
