kernel-packages team mailing list archive

Thread
Date
[Bug 1268727] Re: AppArmor changehat regression in 3.13.0-2.17-generic

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1268727@xxxxxxxxxxxxxxxxxx>
Date: Thu, 06 Feb 2014 04:07:52 -0000
Reply-to: Bug 1268727 <1268727@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package linux - 3.13.0-7.26

---------------
linux (3.13.0-7.26) trusty; urgency=low

  [ John Johansen ]

  * SAUCE: apparmor: fix uninitialized lsm_audit membe
    - LP: #1268727
  * Add config option to optionally enable new apparmor 3 semantics

  [ Tim Gardner ]

  * [Config] Add lowlatency to getabis
  * [Config] CONFIG_SECURITY_APPARMOR_AA3_SEMANTICS=y
    - LP: #1270215
  * Release Tracking Bug
    - LP: #1276810

  [ Upstream Kernel Changes ]

  * x86, x32: Correct invalid use of user timespec in the kernel
    - LP: #1274349
    - CVE-2014-0038
 -- Tim Gardner <tim.gardner@xxxxxxxxxxxxx>   Wed, 05 Feb 2014 15:49:44 -0500

** Changed in: linux (Ubuntu Trusty)
       Status: Confirmed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0038

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1268727

Title:
  AppArmor changehat regression in 3.13.0-2.17-generic

Status in “linux” package in Ubuntu:
  Fix Released
Status in “linux” source package in Trusty:
  Fix Released

Bug description:
  Running the changehat_misc.sh AppArmor regression test results in a
  kernel paging request bug.

  $ apt-get source apparmor
  $ cd apparmor-2.8.0/tests/regression/apparmor/
  $ make all
  $ sudo VERBOSE=1 bash changehat_misc.sh
  ok: NO CHANGEHAT (access parent file)
  ok: NO CHANGEHAT (access sub file)
  ok: CHANGEHAT (access parent file)
  ok: CHANGEHAT (access sub file)
  ok: FORK BETWEEN CHANGEHATS (access parent file)
  ok: FORK BETWEEN CHANGEHATS (access sub file)
  ok: CHANGEHAT (subprofile->subprofile)

  *** A 'Killed' message from bash is expected for the following test
  /home/tyhicks/apparmor-2.8.0/tests/regression/apparmor/prologue.inc: line 176:  5394 Killed                  $testexec "$@" > $outfile 2>&1
  ok: CHANGEHAT (subprofile->subprofile w/ bad magic)
  ok: CHANGEHAT (bad subprofile)

  *** A 'Killed' message from bash is expected for the following test
  Error: changehat_fail failed. Test 'CHANGEHAT (bad token)' was expected to 'signal9'. Reason for failure 'FAIL: changehat sub failed - Permission denied'
  ok: CHANGEHAT (noexit subprofile (token=0))
  ok: CHANGEHAT (exit noexit subprofile (token=0))
  ok: CHANGEHAT (subprofile/write to /proc/attr/current)
  ok: CHANGEHAT (exit subprofile/write to /proc/attr/current)
  ok: CHANGEHAT (noexit subprofile/write 0 to /proc/attr/current)
  ok: CHANGEHAT (noexit subprofile/write 00000000 to /proc/attr/current)
  ok: CHANGEHAT (noexit subprofile/write "" to /proc/attr/current)
  ok: CHANGEHAT (exit of noexit subprofile/write 0 to /proc/attr/current)
  ok: CHANGEHAT (exit of noexit subprofile/write 00000000 to /proc/attr/current)
  ok: CHANGEHAT (exit of noexit subprofile/write "" to /proc/attr/current)
  ok: CHANGEHAT PTHREAD (access parent file)
  ok: CHANGEHAT PTHREAD (access sub file)

  The "CHANGEHAT (bad token)" test is the sub-test that triggers the
  issue. In the output pasted above, the test fails. I've seen the test
  pass and I've also seen it make my testing VM unresponsive. In this
  instance, the following output was printed to kern.log:

  BUG: unable to handle kernel paging request at 0000002fbead7d08
  IP: [<ffffffff8170cebe>] _raw_spin_lock+0xe/0x50
  PGD 3abf3067 PUD 0 
  Oops: 0002 [#1] SMP 
  Modules linked in: parport_pc ppdev rfcomm bnep bluetooth kvm_intel kvm microcode vmwgfx psmouse serio_raw ttm i2c_piix4 pvpanic drm mac_hid lp parport floppy
  CPU: 0 PID: 5394 Comm: changehat_twice Not tainted 3.13.0-2-generic #17-Ubuntu
  Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
  task: ffff880029693000 ti: ffff88002e2ae000 task.ti: ffff88002e2ae000
  RIP: 0010:[<ffffffff8170cebe>]  [<ffffffff8170cebe>] _raw_spin_lock+0xe/0x50
  RSP: 0018:ffff88002e2afb68  EFLAGS: 00010006
  RAX: 0000000000020000 RBX: 0000002fbead7500 RCX: 0000000000000000
  RDX: 0000000000000292 RSI: ffff88002e2afba8 RDI: 0000002fbead7d08
  RBP: ffff88002e2afb68 R08: 0000000000000246 R09: ffffffff815f8f57
  R10: ffffea0000b892c0 R11: ffff88002e2afa0e R12: ffffffff8130961f
  R13: ffff88002e2afba8 R14: 0000002fbead7d08 R15: ffff880031672c30
  FS:  00007f959607b740(0000) GS:ffff88003fc00000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 0000002fbead7d08 CR3: 00000000305cd000 CR4: 00000000000006f0
  Stack:
   ffff88002e2afb98 ffffffff81075ee7 ffffffff8130961f 0000000000000009
   0000000000000000 0000000000000000 ffff88002e2afbd0 ffffffff81075f4c
   0000000000000292 ffff88002e2afc08 ffff880031672c00 0000000000000026
  Call Trace:
   [<ffffffff81075ee7>] __lock_task_sighand+0x47/0x80
   [<ffffffff8130961f>] ? apparmor_cred_prepare+0x2f/0x50
   [<ffffffff81075f4c>] do_send_sig_info+0x2c/0x80
   [<ffffffff81075fbe>] send_sig_info+0x1e/0x30
   [<ffffffff813023ed>] aa_audit+0x13d/0x190
   [<ffffffff8130c18c>] aa_audit_file+0xbc/0x130
   [<ffffffff8130961f>] ? apparmor_cred_prepare+0x2f/0x50
   [<ffffffff81304c82>] aa_change_hat+0x202/0x530
   [<ffffffff81308f76>] aa_setprocattr_changehat+0x116/0x1d0
   [<ffffffff8130a0cd>] apparmor_setprocattr+0x25d/0x300
   [<ffffffff812cee26>] security_setprocattr+0x16/0x20
   [<ffffffff8121fbf7>] proc_pid_attr_write+0x107/0x130
   [<ffffffff811b7594>] vfs_write+0xb4/0x1f0
   [<ffffffff811b7fc9>] SyS_write+0x49/0xa0
   [<ffffffff81715b3f>] tracesys+0xe1/0xe6
  Code: 66 83 07 02 f6 47 02 01 74 e5 0f 1f 00 e8 44 13 ff ff eb db 66 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 b8 00 00 02 00 <3e> 0f c1 07 89 c2 c1 ea 10 66 39 c2 75 02 5d c3 83 e2 fe 0f b7 
  RIP  [<ffffffff8170cebe>] _raw_spin_lock+0xe/0x50
   RSP <ffff88002e2afb68>
  CR2: 0000002fbead7d08
  ---[ end trace 1858591fdb0528f3 ]---

  
  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: linux-image-3.13.0-2-generic 3.13.0-2.17
  ProcVersionSignature: User Name 3.13.0-2.17-generic 3.13.0-rc7
  Uname: Linux 3.13.0-2-generic x86_64
  ApportVersion: 2.13.1-0ubuntu1
  Architecture: amd64
  AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
  Date: Mon Jan 13 12:42:22 2014
  HibernationDevice: RESUME=UUID=d9e8eaa6-cec8-41e2-85bf-92b4be437dfe
  InstallationDate: Installed on 2013-10-23 (82 days ago)
  InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20131021.1)
  IwConfig:
   eth0      no wireless extensions.

   lo        no wireless extensions.
  Lsusb: Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
  MachineType: Bochs Bochs
  ProcFB:

  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-2-generic root=UUID=b31fe6e8-ad15-4046-b1a4-681fbcd8b44a ro quiet splash
  PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon.
  RelatedPackageVersions:
   linux-restricted-modules-3.13.0-2-generic N/A
   linux-backports-modules-3.13.0-2-generic  N/A
   linux-firmware                            1.121
  RfKill:

  SourcePackage: linux
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 01/01/2011
  dmi.bios.vendor: Bochs
  dmi.bios.version: Bochs
  dmi.chassis.type: 1
  dmi.chassis.vendor: Bochs
  dmi.modalias: dmi:bvnBochs:bvrBochs:bd01/01/2011:svnBochs:pnBochs:pvr:cvnBochs:ct1:cvr:
  dmi.product.name: Bochs
  dmi.sys.vendor: Bochs

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1268727/+subscriptions
References

[Bug 1268727] [NEW] AppArmor changehat regression in 3.13.0-2.17-generic
From: Tyler Hicks, 2014-01-13