kernel-packages team mailing list archive

Thread
Date

[Bug 1308765] Re: refcount bug in apparmor pivotroot handling

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1308765@xxxxxxxxxxxxxxxxxx>
Date: Thu, 29 May 2014 07:55:23 -0000
Reply-to: Bug 1308765 <1308765@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package linux - 3.15.0-4.8

---------------
linux (3.15.0-4.8) utopic; urgency=low

  [ Andy Whitcroft ]

  * Release Tracking Bug
    - LP: #1324107
  * [Config] enable SECURITY_APPARMOR_UNCONFINED_INIT

  [ Javier Martinez Canillas ]

  * SAUCE: (no-up) apparmor: fix bug that constantly spam the console
    - LP: #1323526

  [ John Johansen ]

  * SAUCE: (no-up) apparmor: Sync to apparmor3 - alpha6 snapshot
    - LP: #1323528
  * SAUCE: (no-up) apparmor: fix apparmor spams log with warning message
    - LP: #1308761
  * SAUCE: (no-up) apparmor: fix refcount bug in apparmor pivotroot
    - LP: #1308765
  * SAUCE: (no-up): apparmor: fix apparmor refcount bug in apparmor_kill
    - LP: #1308764
  * SAUCE: (no-up): apparmor: use custom write_is_locked macro
    - LP: #1323530

  [ Kamal Mostafa ]

  * [Config] add debian/gbp.conf

  [ Tim Gardner ]

  * [Config] CONFIG_SATA_AHCI=m for ppc64el
    - LP: #1323980
 -- Andy Whitcroft <apw@xxxxxxxxxxxxx>   Wed, 28 May 2014 12:47:17 +0100

** Changed in: linux (Ubuntu Utopic)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1308765

Title:
  refcount bug in apparmor pivotroot handling

Status in “linux” package in Ubuntu:
  Fix Released
Status in “linux” source package in Trusty:
  Confirmed
Status in “linux” source package in Utopic:
  Fix Released

Bug description:
  There is a profile refcount bug in apparmor pivot_root mediation.

  The code increments the profile refcount in one function and
  decrements the refcount in another. However the code refactoring made
  it so the target profile, that has its refcount incremented is not
  returned to the fn that is putting the reference. This results in the
  put always being done on NULL, so that the reference is never actually
  decremented.

  This bug will result in the memory associated with the profile leaking
  if the profile is ever replaced or removed.

  This bug was discovered in auditing of the code

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1308765/+subscriptions

References

[Bug 1308765] [NEW] refcount bug in apparmor pivotroot handling
From: John Johansen, 2014-04-16