This bug was fixed in the package linux - 4.15.0-115.116
---
linux (4.15.0-115.116) bionic; urgency=medium
* bionic/linux: 4.15.0-115.116 -proposed tracker (LP: #1893055)
* [Potential Regression] dscr_inherit_exec_test from powerpc in
ubuntu_kernel_selftests failed on B/E/F (
This bug was fixed in the package linux - 5.4.0-45.49
---
linux (5.4.0-45.49) focal; urgency=medium
* focal/linux: 5.4.0-45.49 -proposed tracker (LP: #1893050)
* [Potential Regression] dscr_inherit_exec_test from powerpc in
ubuntu_kernel_selftests failed on B/E/F (LP: #188833
Verification done for Focal.
$ uname -rv
5.4.0-43-generic #47-Ubuntu SMP Sat Aug 8 06:34:35 UTC 2020
$ ./aa-refcnt-af_alg &
$ sudo insmod kmod.ko
...
[ 171.672847] accept() :: comm = aa-refcnt-af_al, pid = 1600,
sk->sk_security->label->count = 0x583
[ 171.674249] release() :: comm = aa-refcnt-
Verification done for Bionic.
$ uname -rv
4.15.0-113-generic #114-Ubuntu SMP Sun Aug 9 07:27:58 UTC 2020
$ ./aa-refcnt-af_alg &
$ sudo insmod kmod.ko
...
[ 335.387236] release() :: comm = aa-refcnt-af_al, pid = 5764,
sk->sk_security->label->c
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
bionic' to 'verification-done-bionic'. If the problem still exists,
change the tag 'verifica
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
focal' to 'verification-done-focal'. If the problem still exists, change
the tag 'verificati
This bug was fixed in the package linux - 5.3.0-64.58
---
linux (5.3.0-64.58) eoan; urgency=medium
* eoan/linux: 5.3.0-64.58 -proposed tracker (LP: #1887088)
* linux 4.15.0-109-generic network DoS regression vs -108 (LP: #1886668)
- SAUCE: Revert "netprio_cgroup: Fix unlimite
Verification done on "Disco" (linux-hwe-5.0)
---
# uname -rv
5.0.0-58-generic #62~18.04.1-Ubuntu SMP Tue Jul 14 03:37:30 UTC 2020
For some other reason the kprobes module is not picking up on accept,
only on release. This is unrelated to this patchset.
I used kprobe events instead, which is work
Verification done on Eoan.
The apparmor label refcnt inc/dec-rements properly on accept()/release(), no
leaks.
$ lsb_release -cs
eoan
$ uname -rv
5.3.0-63-generic #57-Ubuntu SMP Thu Jul 2 10:38:35 UTC 2020
$ apt-cache policy linux-image-$(uname -r)
linux-image-5.3.0-63-generic:
...
*** 5.3.0-6
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
eoan' to 'verification-done-eoan'. If the problem still exists, change
the tag 'verification
** Changed in: linux (Ubuntu Bionic)
Status: In Progress => Fix Committed
** Changed in: linux (Ubuntu Focal)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.ne
** Changed in: linux (Ubuntu Eoan)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1883962
Title:
apparmor reference leak causes refcount_t overflow with
It turns out that the 5.0 and 5.3 kernels should still be supported
on some custom kernels, thus sending the patch for Disco and Eoan.
[D/E][PATCH 0/1] Fix apparmor reference leak via AF_ALG
https://lists.ubuntu.com/archives/kernel-team/2020-June/111585.html
** Changed in: linux (Ubuntu Eoan)
** Tags added: sts
** Changed in: linux (Ubuntu Groovy)
Status: Won't Fix => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1883962
Title:
apparmor reference leak causes refcount_t ov
[B][PATCH 0/1] Fix apparmor reference leak via AF_ALG
https://lists.ubuntu.com/archives/kernel-team/2020-June/36.html
[B][PATCH 1/1] apparmor: check/put label on apparmor_sk_clone_security()
https://lists.ubuntu.com/archives/kernel-team/2020-June/37.html
[F][PATCH 1/1] apparmor: check/put
After a few hours with the reproducer running on the original kernel,
the kernel errors about the reference count are observed:
Focal:
-
$ uname -rv
5.4.0-38-generic #42-Ubuntu SMP Mon Jun 8 14:14:24 UTC 2020
$ ./aa-refcnt-af_alg
[ 9581.048189] [ cut here ]
[ 9581.
kprobes module to monitor the apparmor label reference count.
** Attachment added: "kmod.c"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883962/+attachment/5385006/+files/kmod.c
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubu
Monitoring the label reference count with the kprobes module:
- original kernel: the counter keeps increasing on every pair of
accept()/release() syscalls.
- modified kernel: the counter keeps stable.
Focal:
-
original)
$ uname -rv
5.4.0-38-generic #42-Ubuntu SMP Mon Jun 8 14:14:24 UTC 202
Test Case:
-
$ cat aa-refcnt-af_alg.c
#include
#include
#include
#include
#include
int main() {
int sockfd;
struct sockaddr_alg sa;
/* Setup the crypto API socket */
sockfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
if (sockfd < 0) {
perror("socket");
19 matches
Mail list logo