kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #164074
[Bug 1430546] Re: apparmor kernel BUG kills firefox
This bug was fixed in the package linux - 4.4.0-9.24
---------------
linux (4.4.0-9.24) xenial; urgency=low
[ Tim Gardner ]
* Release Tracking Bug
- LP: #1551319
* AppArmor logs denial for when the device path is ENOENT (LP: #1482943)
- SAUCE: apparmor: fix log of apparmor audit message when kern_path() fails
* BUG: unable to handle kernel NULL pointer dereference (aa_label_merge) (LP:
#1448912)
- SAUCE: apparmor: Fix: insert race between label_update and label_merge
- SAUCE: apparmor: Fix: ensure aa_get_newest will trip debugging if the
replacedby is not setup
- SAUCE: apparmor: Fix: label merge handling of marking unconfined and stale
- SAUCE: apparmor: Fix: refcount race between locating in labelset and get
- SAUCE: apparmor: Fix: ensure new labels resulting from merge have a
replacedby
- SAUCE: apparmor: Fix: label_vec_merge insertion
- SAUCE: apparmor: Fix: deadlock in aa_put_label() call chain
- SAUCE: apparmor: Fix: add required locking of __aa_update_replacedby on
merge path
- SAUCE: apparmor: Fix: convert replacedby update to be protected by the
labelset lock
- SAUCE: apparmor: Fix: update replacedby allocation to take a gfp parameter
* apparmor kernel BUG kills firefox (LP: #1430546)
- SAUCE: apparmor: Disallow update of cred when then subjective != the
objective cred
- SAUCE: apparmor: rework retrieval of the current label in the profile update
case
* sleep from invalid context in aa_move_mount (LP: #1539349)
- SAUCE: apparmor: fix sleep from invalid context
* s390x: correct restore of high gprs on signal return (LP: #1550468)
- s390/compat: correct restore of high gprs on signal return
* missing SMAP support (LP: #1550517)
- x86/entry/compat: Add missing CLAC to entry_INT80_32
* Floating-point exception handler receives empty Data-Exception Code in
Floating Point Control register (LP: #1548414)
- s390/fpu: signals vs. floating point control register
* kvm fails to boot GNU Hurd kernels with 4.4 Xenial kernel (LP: #1550596)
- KVM: x86: fix conversion of addresses to linear in 32-bit protected mode
* Surelock GA2 SP1: capiredp01: cxl_init_adapter fails for CAPI devices
0000:01:00.0 and 0005:01:00.0 after upgrading to 840.10 Platform firmware
build fips840/b1208b_1604.840 (LP: #1532914)
- cxl: Fix PSL timebase synchronization detection
* [Feature]EDAC support for Knights Landing (LP: #1519631)
- EDAC, sb_edac: Set fixed DIMM width on Xeon Knights Landing
* Various failures of kernel_security suite on Xenial kernel on s390x arch
(LP: #1531327)
- [config] s390x -- CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
* Unable to install VirtualBox Guest Service in 15.04 (LP: #1434579)
- [Config] Provides: virtualbox-guest-modules when appropriate
* linux is missing provides for virtualbox-guest-modules [i386 amd64 x32] (LP:
#1507588)
- [Config] Provides: virtualbox-guest-modules when appropriate
* Backport more recent driver for SKL, KBL and BXT graphics (LP: #1540390)
- SAUCE: i915_bpo: Provide a backport driver for SKL, KBL & BXT graphics
- SAUCE: i915_bpo: Update intel_ips.h file location
- SAUCE: i915_bpo: Rename the backport driver to i915_bpo
- SAUCE: i915_bpo: Add i915_bpo_*() calls for ubuntu/i915
- drm/i915: remove an extra level of indirection in PCI ID list
- drm/i915/kbl: Add Kabylake PCI ID
- drm/i915/kbl: Add Kabylake GT4 PCI ID
- mm: Export nr_swap_pages
- async: export current_is_async()
- drm: fix potential dangling else problems in for_each_ macros
- dp/mst: add SDP stream support
- drm: Implement drm_modeset_lock_all_ctx()
- drm: Add "prefix" parameter to drm_rect_debug_print()
- drm/i915: Set connector_state->connector using the helper.
- drm/atomic: add connector mask to drm_crtc_state.
- drm/i915: Report context GTT size
- drm/i915: Add get_eld audio component
- SAUCE: Backport I915_PARAM_HAS_EXEC_SOFTPIN and EXEC_OBJECT_PINNED
- SAUCE: i915_bpo: Revert passing plane/encoder name
- SAUCE: sound/hda: Load i915_bpo from the hda driver on SKL/KBL/BXT
- SAUCE: i915_bpo: Support only SKL, KBL and BXT with the backport driver
- drm/i915/bxt: update list of PCIIDs
- drm/i915/skl: Add missing SKL ids
- SAUCE: i915_bpo: Revert "drm/i915: Defer probe if gmux is present but its
driver isn't"
- SAUCE: uapi/drm/i915: Backport I915_EXEC_BSD_MASK
- drm/atomic: Do not unset crtc when an encoder is stolen
- drm/i915: Update connector_mask during readout, v2.
- drm/atomic: Add encoder_mask to crtc_state, v3.
- SAUCE: drm/core: Add drm_encoder_index.
- SAUCE: i915_bpo: Revert "drm/i915: Switch DDC when reading the EDID"
- i915_bpo: [Config] Enable CONFIG_DRM_I915_BPO=m
* arm64: guest hangs when ntpd is running (LP: #1549494)
- hrtimer: Add support for CLOCK_MONOTONIC_RAW
- hrtimer: Catch illegal clockids
- KVM: arm/arm64: timer: Switch to CLOCK_MONOTONIC_RAW
* Miscellaneous Ubuntu changes
- [Debian] git-ubuntu-log -- wrap long bug and commit titles
- [Config] CONFIG_ARM_SMMU=y on arm64
- rebase to v4.4.3
- [Debian] git-ubuntu-log -- ensure we get the last commit
- [Config] fix up spelling of probably again
- [Debian] perf -- build in the context of the full generated local headers
- SAUCE: tools: lib/bpf -- add generated headers to search path
- SAUCE: proc: Always set super block owner to init_user_ns
- SAUCE: fix-up: kern_mount fail path should not be doing put_buffers()
- SAUCE: apparmor: Fix: oops do to invalid null ptr deref in label print fns
- SAUCE: apparmor: debug: POISON label and replaceby pointer on free
- SAUCE: apparmor: add underscores to indicate aa_label_next_not_in_set() use
needs locking
- SAUCE: apparmor: Fix: refcount leak in aa_label_merge
- SAUCE: apparmor: ensure that repacedby sharing is done correctly
- SAUCE: apparmor Fix: refcount bug in pivotroot mediation
- SAUCE: apparmor: Fix: now that insert can force replacement use it instead
of remove_and_insert
- SAUCE: apparmor: Fix: refcount bug when inserting label update that
transitions ns
- SAUCE: apparmor: Fix: break circular refcount for label that is directly
freed.
- SAUCE: apparmor: Don't remove label on rcu callback if the label has already
been removed
- SAUCE: apparmor: Fix: query label file permission
- SAUCE: apparmor: fix: ref count leak when profile sha1 hash is read
- SAUCE: fixup: cleanup return handling of labels
- SAUCE: fix: replacedby forwarding is not being properly update when ns is
destroyed
- SAUCE: fixup: make __share_replacedby private to get rid of build warning
- SAUCE: fixup: 20/23 locking issue around in __label_update
- SAUCE: fixup: get rid of unused var build warning
- SAUCE: fixup: cast poison values to remove warnings
- SAUCE: apparmor: fix refcount race when finding a child profile
- SAUCE: fixup: warning about aa_label_vec_find_or_create not being static
- SAUCE: fix: audit "no_new_privs" case for exec failure
- SAUCE: Fixup: __label_update() still doesn't handle some cases correctly.
- SAUCE: Move replacedby allocation into label_alloc
- [Debian] supply zfs dkms Provides: based on do_zfs
- [Config] supply zfs dkms Provides: based on do_zfs
- [Config] drop linux-image-3.0 provides
* Miscellaneous upstream changes
- x86/mpx: Fix off-by-one comparison with nr_registers
[ Upstream Kernel Changes ]
* rebase to v4.4.3
-- Tim Gardner <tim.gardner@xxxxxxxxxxxxx> Thu, 25 Feb 2016 19:47:55
-0700
** Changed in: linux (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1430546
Title:
apparmor kernel BUG kills firefox
Status in linux package in Ubuntu:
Fix Released
Bug description:
I got this kernel BUG last night and its happened a couple of times
now since I upgraded to Utopic. When it happens one of my firefoxs
will becomes non-functional and I have to reboot to get it unstuck.
I'm using encrypted home dir (ecryptfs) and the packaged firefox
profile in enforce mode with a small
/etc/apparmor.d/local/usr.bin.firefox.
ProblemType: Bug
DistroRelease: Ubuntu 14.10
Package: linux-image-3.16.0-31-generic 3.16.0-31.41
ProcVersionSignature: Ubuntu 3.16.0-31.41-generic 3.16.7-ckt5
Uname: Linux 3.16.0-31-generic x86_64
ApportVersion: 2.14.7-0ubuntu8.2
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/pcmC0D0p: james 3599 F...m pulseaudio
/dev/snd/controlC0: james 3599 F.... pulseaudio
CurrentDesktop: Unity
Date: Tue Mar 10 21:38:33 2015
EcryptfsInUse: Yes
InstallationDate: Installed on 2011-10-20 (1237 days ago)
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
MachineType: TOSHIBA TECRA R840
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.16.0-31-generic root=UUID=b59c3fb7-c197-4238-8dd3-f71d81bbb315 ro quiet splash vt.handoff=7
RelatedPackageVersions:
linux-restricted-modules-3.16.0-31-generic N/A
linux-backports-modules-3.16.0-31-generic N/A
linux-firmware 1.138.1
RfKill:
0: phy0: Wireless LAN
Soft blocked: no
Hard blocked: no
SourcePackage: linux
UpgradeStatus: Upgraded to utopic on 2015-01-05 (64 days ago)
dmi.bios.date: 07/12/2011
dmi.bios.vendor: TOSHIBA
dmi.bios.version: Version 2.90
dmi.board.asset.tag: 0000000000
dmi.board.name: Portable PC
dmi.board.vendor: TOSHIBA
dmi.board.version: Version A0
dmi.chassis.asset.tag: 0000000000
dmi.chassis.type: 10
dmi.chassis.vendor: TOSHIBA
dmi.chassis.version: Version 1.0
dmi.modalias: dmi:bvnTOSHIBA:bvrVersion2.90:bd07/12/2011:svnTOSHIBA:pnTECRAR840:pvrPT42GE-00N006EN:rvnTOSHIBA:rnPortablePC:rvrVersionA0:cvnTOSHIBA:ct10:cvrVersion1.0:
dmi.product.name: TECRA R840
dmi.product.version: PT42GE-00N006EN
dmi.sys.vendor: TOSHIBA
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1430546/+subscriptions
References