Attached: the compressed apparmor binary cache file that cause the oops.
apparmor 2.8.95~2430-0ubuntu5
linux-image-3.13.0-24-generic 3.13.0-24.47
** Attachment added: ubercache.gz
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1317545/+attachment/4109247/+files/ubercache.gz
--
You
Alban,
can you attach your concatted uber cache file? This has worked (not
oops) for me with every combination of the cache I throw at it.
Alban also note that the parser caching doesn't currently support auto
rebuilding, etc of caches with this uber cache yet. Are you interested
in beta testing
Just an update as I did some testing on concated cache timings, on a
kernel that supports multiple profile loads
so for 100 iterations of profile loading I got
2.8.95 parser, profile set from cache: 0m22.961s
2.8.95 parser, profile set concated: 2m16.653s
patched parser, profile set from cache:
Assigning this to jj and subscribing ubuntu-security, since it is an
AppArmor kernel bug, so that it doesn't get lost.
** Changed in: linux (Ubuntu)
Status: Confirmed = New
** Changed in: linux (Ubuntu)
Assignee: (unassigned) = John Johansen (jjohansen)
--
You received this bug
This kernel oops was produced without patching apparmor or the kernel.
But if you are curious, here is a bit more context why I created a
concatenated cache:
I want to make the boot faster on a system which does not need to check
whether the profiles changed. I have a single cache file (named
Alban, I'd be interested in seeing what you patch to sd_load_buffer()
looks like. We have just landed a patch upstream to fix the multiple
write problem for 2.8, 29, and dev.
There are two things to note about profile loads that have multiple profiles in
them.
1. Older kernels don't actually
My patch would not work with older kernel then... But here it is.
I believe the line:
- bsize = size - (b - buffer);
is not correct. In the first iteration of the loop, b==buffer, so bsize==size.
So it is sending all the profiles in a single write() syscall. The second
iteration
** Tags added: patch
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1317545
Title:
AppArmor: general protection fault: [#1] SMP
Status in “linux” package in Ubuntu:
Confirmed
The upstream commit that fixes the multiple profile load problem for the
parser is
commit 2510 on the dev branch or
commit 2127 on the 2.8 branch
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
Right, the add option will return EEXIST if any profile exists, and
fails the load. This is why --replace is used it will load or replace.
In upstream kernel 3.12 is the first to support loading multiple
profiles, in a single load.
Ubuntu has been carrying (and testing the patch) since Saucy
10 matches
Mail list logo
