From: Goldwyn Rodrigues <[email protected]> *peer and rlim structs share the same space because of being declared in a union. However, in audit_resource(), peer ends up overwriting rlim information due to which we get the following oops while setting limit.
P: audit_cb+0x63/0xf0 [ 299.416498] PGD 12600e067 P4D 12600e067 PUD 126010067 PMD 0 [ 299.416838] Oops: 0000 [#1] PREEMPT SMP PTI [ 299.419942] CPU: 2 PID: 2506 Comm: libvirtd Tainted: G I 4.15.4-appy+ #19 [ 299.420523] Hardware name: Dell Inc. Precision WorkStation T3500 /09KPNV, BIOS A15 03/28/2012 [ 299.421123] RIP: 0010:audit_cb+0x63/0xf0 [ 299.421723] RSP: 0018:ffffb43d487b7c58 EFLAGS: 00010292 [ 299.422335] RAX: 0000000007da3798 RBX: ffffb43d487b7d18 RCX: 0000000000000006 [ 299.422957] RDX: 0000000140000000 RSI: 0000000000000092 RDI: ffffffff9fe896c5 [ 299.423592] RBP: ffff8e6726331480 R08: 0000000000000000 R09: 0000000000002c4e [ 299.424224] R10: ffffb43d487b7d08 R11: ffffffffa06f6aed R12: ffff8e6726331480 [ 299.424865] R13: ffffffff9f399c60 R14: ffff8e68829c0000 R15: 0000000000000001 [ 299.425516] FS: 00007f71a96ae700(0000) GS:ffff8e6894880000(0000) knlGS:0000000000000000 [ 299.426180] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 299.426840] CR2: ffffffffde971340 CR3: 00000003ede86000 CR4: 00000000000026e0 [ 299.427518] Call Trace: [ 299.428200] common_lsm_audit+0x1dd/0x760 [ 299.428879] ? printk+0x43/0x4b [ 299.429565] ? aa_audit+0x55/0x110 [ 299.430254] aa_audit+0x55/0x110 [ 299.430949] audit_resource+0xa7/0xc0 [ 299.431649] aa_task_setrlimit+0x176/0x200 [ 299.432348] apparmor_task_setrlimit+0xe2/0x160 [ 299.433057] ? apparmor_capable+0x94/0x120 [ 299.433766] security_task_setrlimit+0x44/0x60 [ 299.434477] do_prlimit.part.11+0x14c/0x290 [ 299.435187] SyS_prlimit64+0x195/0x210 [ 299.435891] do_syscall_64+0x79/0x140 [ 299.436591] entry_SYSCALL_64_after_hwframe+0x26/0x9b [ 299.437291] RIP: 0033:0x7f71b2994c9a [ 299.438000] RSP: 002b:00007f71a96ad8a8 EFLAGS: 00000246 ORIG_RAX: 000000000000012e [ 299.438716] RAX: ffffffffffffffda RBX: 0000000140000000 RCX: 00007f71b2994c9a [ 299.439441] RDX: 00007f71a96ad8b0 RSI: 0000000000000008 RDI: 0000000000004b4c [ 299.440169] RBP: 0000000000004b4c R08: 0000000000000000 R09: 0000000000000000 [ 299.440897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 299.441622] R13: 00007f7140183990 R14: 00007f7190e8eac0 R15: 00007f714000f3b0 [ 299.442344] Code: 2e 8c d4 ff 48 8b 43 18 48 c7 c7 b5 96 e8 9f 48 8b 70 38 e8 1a 8c d4 ff 48 8b 43 18 48 c7 c7 c5 96 e8 9f 48 8b 50 38 48 63 40 30 <48> 8b 34 c5 80 56 c5 9f e8 fa 8b d4 ff 48 8b 43 18 48 c7 c6 dd [ 299.443112] RIP: audit_cb+0x63/0xf0 RSP: ffffb43d487b7c58 [ 299.443879] CR2: ffffffffde971340 Signed-off-by: Goldwyn Rodrigues <[email protected]> --- security/apparmor/include/audit.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h index 4ac095118717..773aea850209 100644 --- a/security/apparmor/include/audit.h +++ b/security/apparmor/include/audit.h @@ -117,10 +117,10 @@ struct apparmor_audit_data { const char *info; u32 request; u32 denied; + struct aa_label *peer; union { /* these entries require a custom callback fn */ struct { - struct aa_label *peer; union { struct { const char *target; -- 2.16.2 -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
