group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1634753] Re: srcname from mount rule corrupted under load

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1634753@xxxxxxxxxxxxxxxxxx>
Date: Thu, 20 Oct 2016 02:21:12 -0000
Reply-to: Bug 1634753 <1634753@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package linux - 4.4.0-45.66

---------------
linux (4.4.0-45.66) xenial; urgency=low

  * CVE-2016-5195
    - SAUCE: mm: remove gup_flags FOLL_WRITE games from __get_user_pages()

  * srcname from mount rule corrupted under load (LP: #1634753)
    - SAUCE: apparmor: fix sleep in critical section

 -- Stefan Bader <stefan.bader@xxxxxxxxxxxxx>  Wed, 19 Oct 2016 11:24:20
+0200

** Changed in: linux (Ubuntu Xenial)
       Status: Triaged => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5195

** Changed in: linux (Ubuntu Xenial)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1634753

Title:
  srcname from mount rule corrupted under load

Status in AppArmor:
  In Progress
Status in linux package in Ubuntu:
  Triaged
Status in linux source package in Precise:
  Invalid
Status in linux source package in Trusty:
  Triaged
Status in linux source package in Xenial:
  Fix Released
Status in linux source package in Yakkety:
  Invalid

Bug description:
  This came up in snapd spread tests but can be reproduced with:

  In an i386 up to date 16.04 VM:

  1. in one terminal, run this:

  $ cat reproducer.sh
  #!/bin/sh
  set -e
  sudo sysctl -w kernel.printk_ratelimit=0
  sudo snap install hello-world || true

  count=0
  while /bin/true ; do
      count=$((count+1))
      if [ `echo "$count % 100" | bc` -eq 0 ]; then
          echo "$count runs"
      fi
      hello-world > /dev/null || {
        tail -100 /var/log/syslog | grep DEN && exit
      }
      sudo cat /run/snapd/ns/hello-world.mnt 2>/dev/null || sudo /usr/lib/snapd/snap-discard-ns hello-world
  done

  2. in another terminal run:
  $ while do /bin/true ; sudo apparmor_parser -r /etc/apparmor.d/* >/dev/null 2>&1 ; done

  3. In another terminal:
  $ tail -f /var/log/syslog|grep DEN

  This is not limited to i386.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1634753/+subscriptions