group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #40439
[Bug 1939915] Re: memory leaking when removing a profile
This bug was fixed in the package linux - 4.15.0-159.167
---------------
linux (4.15.0-159.167) bionic; urgency=medium
* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/2021.09.06)
* dell300x: rsi wifi and bluetooth crash after suspend and resume
(LP: #1940488)
- Revert "rsi: Use resume_noirq for SDIO"
* LRMv5: switch primary version handling to kernel-versions data set
(LP: #1928921)
- [Packaging] switch to kernel-versions
* kvm_unit_tests: emulator test fails on 4.4 / 4.15 kernel, timeout
(LP: #1932966)
- kvm: Add emulation for movups/movupd
* memory leaking when removing a profile (LP: #1939915)
- security/apparmor/label.c: Clean code by removing redundant instructions
- apparmor: Fix memory leak of profile proxy
* ubunut_kernel_selftests: memory-hotplug: avoid spamming logs with
dump_page() (LP: #1941829)
- selftests: memory-hotplug: avoid spamming logs with dump_page(), ratio limit
hot-remove error test
* Bionic update: upstream stable patchset 2021-08-27 (LP: #1941916)
- btrfs: mark compressed range uptodate only if all bio succeed
- regulator: rt5033: Fix n_voltages settings for BUCK and LDO
- r8152: Fix potential PM refcount imbalance
- qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union()
- net: Fix zero-copy head len calculation.
- Revert "Bluetooth: Shutdown controller after workqueues are flushed or
cancelled"
- KVM: do not allow mapping valid but non-reference-counted pages
- Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout"
- spi: mediatek: Fix fifo transfer
- padata: validate cpumask without removed CPU during offline
- Revert "ACPICA: Fix memory leak caused by _CID repair function"
- ALSA: seq: Fix racy deletion of subscriber
- clk: stm32f4: fix post divisor setup for I2S/SAI PLLs
- omap5-board-common: remove not physically existing vdds_1v8_main fixed-
regulator
- scsi: sr: Return correct event when media event code is 3
- media: videobuf2-core: dequeue if start_streaming fails
- net: natsemi: Fix missing pci_disable_device() in probe and remove
- nfp: update ethtool reporting of pauseframe control
- mips: Fix non-POSIX regexp
- bnx2x: fix an error code in bnx2x_nic_load()
- net: pegasus: fix uninit-value in get_interrupt_interval
- net: fec: fix use-after-free in fec_drv_remove
- net: vxge: fix use-after-free in vxge_device_unregister
- Bluetooth: defer cleanup of resources in hci_unregister_dev()
- USB: usbtmc: Fix RCU stall warning
- USB: serial: option: add Telit FD980 composition 0x1056
- USB: serial: ch341: fix character loss at high transfer rates
- USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2
- usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers
- usb: gadget: f_hid: fixed NULL pointer dereference
- usb: gadget: f_hid: idle uses the highest byte for duration
- usb: otg-fsm: Fix hrtimer list corruption
- scripts/tracing: fix the bug that can't parse raw_trace_func
- staging: rtl8723bs: Fix a resource leak in sd_int_dpc
- media: rtl28xxu: fix zero-length control request
- pipe: increase minimum default pipe size to 2 pages
- ext4: fix potential htree corruption when growing large_dir directories
- serial: 8250: Mask out floating 16/32-bit bus bits
- MIPS: Malta: Do not byte-swap accesses to the CBUS UART
- pcmcia: i82092: fix a null pointer dereference bug
- spi: meson-spicc: fix memory leak in meson_spicc_remove
- perf/x86/amd: Don't touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest
- qmi_wwan: add network device usage statistics for qmimux devices
- libata: fix ata_pio_sector for CONFIG_HIGHMEM
- reiserfs: add check for root_inode in reiserfs_fill_super
- reiserfs: check directory items on read from disk
- alpha: Send stop IPI to send to online CPUs
- net/qla3xxx: fix schedule while atomic in ql_wait_for_drvr_lock and
ql_adapter_reset
- USB:ehci:fix Kunpeng920 ehci hardware problem
- ppp: Fix generating ppp unit id when ifname is not specified
- ovl: prevent private clone if bind mount is not allowed
- net: xilinx_emaclite: Do not print real IOMEM pointer
- KVM: x86: accept userspace interrupt only if no event is injected
- KVM: x86/mmu: Fix per-cpu counter corruption on 32-bit builds
* Bionic update: upstream stable patchset 2021-08-17 (LP: #1940315)
- selftest: fix build error in tools/testing/selftests/vm/userfaultfd.c
- KVM: x86: determine if an exception has an error code only when injecting
it.
- net: split out functions related to registering inflight socket files
- [Config] updateconfigs for UNIX_SCM
- af_unix: fix garbage collect vs MSG_PEEK
- net/802/mrp: fix memleak in mrp_request_join()
- net/802/garp: fix memleak in garp_request_join()
- net: annotate data race around sk_ll_usec
- sctp: move 198 addresses from unusable to private scope
- hfs: add missing clean-up in hfs_fill_super
- hfs: fix high memory mapping in hfs_bnode_read
- hfs: add lock nesting notation to hfs_find_init
- ARM: dts: versatile: Fix up interrupt controller node names
- virtio_net: Do not pull payload in skb->head
- gro: ensure frag0 meets IP header alignment
- x86/kvm: fix vcpu-id indexed array sizes
- ocfs2: fix zero out valid data
- ocfs2: issue zeroout to EOF blocks
- can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF
- can: mcba_usb_start(): add missing urb->transfer_dma initialization
- can: usb_8dev: fix memory leak
- can: ems_usb: fix memory leak
- can: esd_usb2: fix memory leak
- NIU: fix incorrect error return, missed in previous revert
- nfc: nfcsim: fix use after free during module unload
- x86/asm: Ensure asm/proto.h can be included stand-alone
- cfg80211: Fix possible memory leak in function cfg80211_bss_update
- netfilter: conntrack: adjust stop timestamp to real expiry value
- netfilter: nft_nat: allow to specify layer 4 protocol NAT only
- tipc: fix sleeping in tipc accept routine
- mlx4: Fix missing error code in mlx4_load_one()
- net: llc: fix skb_over_panic
- net/mlx5: Fix flow table chaining
- sctp: fix return value check in __sctp_rcv_asconf_lookup
- tulip: windbond-840: Fix missing pci_disable_device() in probe and remove
- sis900: Fix missing pci_disable_device() in probe and remove
- can: hi311x: fix a signedness bug in hi3110_cmd()
- i40e: Fix log TC creation failure when max num of queues is exceeded
- i40e: Add additional info to PHY type error
* Bionic update: upstream stable patchset 2021-08-13 (LP: #1939913)
- ARM: dts: gemini: add device_type on pci
- ARM: dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288
- arm64: dts: rockchip: fix pinctrl sleep nodename for rk3399.dtsi
- ARM: dts: rockchip: Fix the timer clocks order
- ARM: dts: rockchip: Fix power-controller node names for rk3288
- arm64: dts: rockchip: Fix power-controller node names for rk3328
- reset: ti-syscon: fix to_ti_syscon_reset_data macro
- ARM: brcmstb: dts: fix NAND nodes names
- ARM: Cygnus: dts: fix NAND nodes names
- ARM: NSP: dts: fix NAND nodes names
- ARM: dts: BCM63xx: Fix NAND nodes names
- ARM: dts: imx6: phyFLEX: Fix UART hardware flow control
- ARM: imx: pm-imx5: Fix references to imx5_cpu_suspend_info
- ARM: dts: stm32: fix RCC node name on stm32f429 MCU
- arm64: dts: juno: Update SCPI nodes as per the YAML schema
- arm64: dts: ls208xa: remove bus-num from dspi node
- thermal/core: Correct function name thermal_zone_device_unregister()
- kbuild: mkcompile_h: consider timestamp if KBUILD_BUILD_TIMESTAMP is set
- rtc: max77686: Do not enforce (incorrect) interrupt trigger type
- scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8
- scsi: libfc: Fix array index out of bound exception
- sched/fair: Fix CFS bandwidth hrtimer expiry type
- net: ipv6: fix return value of ip6_skb_dst_mtu
- netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo
- net: bridge: sync fdb to new unicast-filtering ports
- net: bcmgenet: Ensure all TX/RX queues DMAs are disabled
- net: moxa: fix UAF in moxart_mac_probe
- net: qcom/emac: fix UAF in emac_remove
- net: ti: fix UAF in tlan_remove_one
- net: send SYNACK packet with accepted fwmark
- net: validate lwtstate->data before returning from skb_tunnel_info()
- dma-buf/sync_file: Don't leak fences on merge failure
- tcp: annotate data races around tp->mtu_info
- ipv6: tcp: drop silly ICMPv6 packet too big messages
- igb: Fix use-after-free error during reset
- ixgbe: Fix an error handling path in 'ixgbe_probe()'
- igb: Fix an error handling path in 'igb_probe()'
- fm10k: Fix an error handling path in 'fm10k_probe()'
- e1000e: Fix an error handling path in 'e1000_probe()'
- iavf: Fix an error handling path in 'iavf_probe()'
- igb: Check if num of q_vectors is smaller than max before array access
- perf probe: Fix dso->nsinfo refcounting
- perf lzma: Close lzma stream on exit
- perf test bpf: Free obj_buf
- perf probe-file: Delete namelist in del_events() on the error path
- spi: mediatek: fix fifo rx mode
- liquidio: Fix unintentional sign extension issue on left shift of u16
- s390/bpf: Perform r1 range checking before accessing jit->seen_reg[r1]
- net: fix uninit-value in caif_seqpkt_sendmsg
- net: decnet: Fix sleeping inside in af_decnet
- netrom: Decrease sock refcount when sock timers expire
- scsi: iscsi: Fix iface sysfs attr detection
- scsi: target: Fix protect handling in WRITE SAME(32)
- spi: cadence: Correct initialisation of runtime PM again
- Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem"
- proc: Avoid mixing integer types in mem_rw()
- s390/ftrace: fix ftrace_update_ftrace_func implementation
- ALSA: sb: Fix potential ABBA deadlock in CSP driver
- xhci: Fix lost USB 2 remote wake
- KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
- usb: hub: Disable USB 3 device initiated lpm if exit latency is too high
- USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS
- usb: max-3421: Prevent corruption of freed memory
- usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop()
- USB: serial: option: add support for u-blox LARA-R6 family
- USB: serial: cp210x: fix comments for GE CS1000
- USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
- usb: dwc2: gadget: Fix sending zero length packet in DDMA mode.
- tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
- media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
- ixgbe: Fix packet corruption due to missing DMA sync
- selftest: use mmap instead of posix_memalign to allocate memory
- drm: Return -ENOTTY for non-drm ioctls
- net: bcmgenet: ensure EXT_ENERGY_DET_MASK is clear
- iio: accel: bma180: Use explicit member assignment
- iio: accel: bma180: Fix BMA25x bandwidth register values
- btrfs: compression: don't try to compress if we don't have enough pages
- spi: spi-fsl-dspi: Fix a resource leak in an error handling path
- xhci: add xhci_get_virt_ep() helper
- bpftool: Properly close va_list 'ap' by va_end() on error
- net: ip_tunnel: fix mtu calculation for ETHER tunnel devices
- nvme-pci: do not call nvme_dev_remove_admin from nvme_remove
- perf dso: Fix memory leak in dso__new_map()
- net/tcp_fastopen: fix data races around tfo_active_disable_stamp
- nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is not RESETTING
- drm/panel: raspberrypi-touchscreen: Prevent double-free
- KVM: do not assume PTE is writable after follow_pfn
- KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped()
- net: dsa: mv88e6xxx: use correct .stats_set_histogram() on Topaz
- workqueue: fix UAF in pwq_unbound_release_workfn()
- upstream stable to v4.14.241, v4.19.200
-- Kelsey Skunberg <kelsey.skunberg@xxxxxxxxxxxxx> Mon, 20 Sep 2021
16:11:14 -0600
** Changed in: linux (Ubuntu Bionic)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1939915
Title:
memory leaking when removing a profile
Status in AppArmor:
New
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Committed
Status in linux source package in Bionic:
Fix Released
Status in linux source package in Focal:
Fix Released
Bug description:
There's a memory leak in the kernel when removing a profile.
A simple reproducible example:
root@ubuntu:~# echo "profile foo {}" > profile
root@ubuntu:~# apparmor_parser profile
root@ubuntu:~# apparmor_parser -R profile
root@ubuntu:~# echo scan > /sys/kernel/debug/kmemleak
root@ubuntu:~# cat /sys/kernel/debug/kmemleak
unreferenced object 0xffff99bcf5128bb0 (size 16):
comm "apparmor_parser", pid 1318, jiffies 4295139856 (age 33.196s)
hex dump (first 16 bytes):
01 00 00 00 00 00 00 00 98 1f 01 fd bc 99 ff ff ................
backtrace:
[<00000000b1f68969>] kmem_cache_alloc_trace+0xd8/0x1e0
[<0000000086ca7bd9>] aa_alloc_proxy+0x30/0x60
[<000000000e34f34c>] aa_alloc_profile+0xd4/0x100
[<00000000c2e34769>] unpack_profile+0x16f/0xe10
[<0000000019033e2b>] aa_unpack+0x119/0x500
[<00000000a97520b2>] aa_replace_profiles+0x94/0xca0
[<000000001833f520>] policy_update+0x124/0x1e0
[<00000000992f950e>] profile_load+0x7d/0xa0
[<00000000db7852ce>] __vfs_write+0x1b/0x40
[<000000004e709f5d>] vfs_write+0xb9/0x1a0
[<00000000280db840>] SyS_write+0x5e/0xe0
[<0000000014c5ab5d>] do_syscall_64+0x79/0x130
[<00000000e962a389>] entry_SYSCALL_64_after_hwframe+0x41/0xa6
[<000000009d368497>] 0xffffffffffffffff
This issue was already fixed upstream 3622ad25d4d6 v5.8-rc1~102^2
It still needs to be applied on xenial, bionic and focal.
This issue could lead to a OOM and eventually DoS. We could see this
issue happening during a test in which snaps were disconnected and
reconnected, causing the leak every time the profile was removed.
Since it is a refcount issue, there could be a lot of memory involved
because the whole profile would be leaked.
Note that only privileged users can remove a profile.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1939915/+subscriptions
