My Yocto system runs on kernel 3.14 and I wondered which version of patch-files I need to patch. I found 2.6.36~ 3.12 patches in "apparmor/kernel-patches/" directories. So I might need to patch from 3.0 through 3.12 for my Yocto system (3.14) I found pointer assignment seemed to be wrong in 3.6 patches, then I reported it to mailing list.
Here is my question, What should I patch for my Yocto(3.14 kernel)? I tried to make accumulating-patch from kernel 3.0 through 3.12, merging all patches in "apparmor/kernel-patches" directory, but not sure I was doing right. Thanks. 2015-11-24 17:16 GMT+09:00 John Johansen <[email protected]>: > On 11/23/2015 07:44 PM, Jae Suk Park wrote: > > I wonder if this patch should be applied or not,to 3.14 kernel > (14.04LTS, Trusty) > > > /kernel-patches/3.6/0006-apparmor-fix-IRQ-stack-overflow-during-free_profile.patch > > No. The version of apparmor in 14.04 LTS (Trusty), is from the development > branch > of apparmor 3. Which has not made it into the upstream kernel. > > The development branch changed the way that replacements were handled. In > the > upstream 3.6 kernel a profile maintains a pointer to the profile that > replaced it > creating a chain (as mentioned in the patch). > > In the apparmor 3 development version, the chain was replacedby by a proxy > struct > (struct replacedby) that the profiles point to, and that proxy then points > to the > current version of the profile. This removed the problem of long > replacement chains > that could problems referred to in the bug. > > Is there are particular problem you are seeing that you are trying to > solve? > > > > ================================= > > From 663d5bbe6197bf990721c37ec877ea8ba5840202 Mon Sep 17 00:00:00 2001 > > From: John Johansen <[email protected] <mailto: > [email protected]>> > > Date: Wed, 24 Oct 2012 06:27:32 -0700 > > Subject: [PATCH 6/6] apparmor: fix IRQ stack overflow during free_profile > > > > BugLink: http://bugs.launchpad.net/bugs/1056078 > > ================================= > > It patches to security/apparmor/policy.c free_profile() > > and pointer mismatch in for loop statement in 3.14kernel (Trusty) > > // for (p = profile->replacedby; p; ) > > p points to aa_profile,but profile->replacedby points to different > structure which has "kref count" element. > > =============================== > > security/apparmor/include/policy.h > > struct aa_replacedby { > > struct kref count; > > struct aa_profile __rcu *profile; > > }; > > > > struct aa_profile { > > struct aa_policy base; > > struct kref count; > > struct rcu_head rcu; > > struct aa_profile __rcu *parent; > > > > struct aa_namespace *ns; > > struct aa_replacedby *replacedby; > > const char *rename; > > > > > > security/apparmor/policy.c > > void aa_free_profile(struct aa_profile *profile) > > { > > struct aa_profile *p; > > > > > > /* put the profile reference for replacedby, but not via > > * put_profile(kref_put). > > * replacedby can form a long chain that can result in cascading > > * frees that blows the stack because kref_put makes a nested fn > > * call (it looks like recursion, with free_profile calling > > * free_profile) for each profile in the chain lp#1056078. > > */ > > for (p = profile->replacedby; p; ) { > > if (atomic_dec_and_test(&p->base.count.refcount)) { > > /* no more refs on p, grab its replacedby */ > > struct aa_profile *next = p->replacedby; > > > > > > > >
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
