[Bug 1883962] Re: apparmor reference leak causes refcount_t overflow with af_alg_accept()
This bug was fixed in the package linux - 4.15.0-115.116 --- linux (4.15.0-115.116) bionic; urgency=medium * bionic/linux: 4.15.0-115.116 -proposed tracker (LP: #1893055) * [Potential Regression] dscr_inherit_exec_test from powerpc in ubuntu_kernel_selftests failed on B/E/F (LP: #1888332) - powerpc/64s: Don't init FSCR_DSCR in __init_FSCR() linux (4.15.0-114.115) bionic; urgency=medium * bionic/linux: 4.15.0-114.115 -proposed tracker (LP: #1891052) * ipsec: policy priority management is broken (LP: #1890796) - xfrm: policy: match with both mark and mask on user interfaces linux (4.15.0-113.114) bionic; urgency=medium * bionic/linux: 4.15.0-113.114 -proposed tracker (LP: #1890705) * Packaging resync (LP: #1786013) - update dkms package versions * Reapply "usb: handle warm-reset port requests on hub resume" (LP: #1859873) - usb: handle warm-reset port requests on hub resume * Bionic update: upstream stable patchset 2020-07-29 (LP: #1889474) - gpio: arizona: handle pm_runtime_get_sync failure case - gpio: arizona: put pm_runtime in case of failure - pinctrl: amd: fix npins for uart0 in kerncz_groups - mac80211: allow rx of mesh eapol frames with default rx key - scsi: scsi_transport_spi: Fix function pointer check - xtensa: fix __sync_fetch_and_{and,or}_4 declarations - xtensa: update *pos in cpuinfo_op.next - drivers/net/wan/lapbether: Fixed the value of hard_header_len - net: sky2: initialize return of gm_phy_read - drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout - irqdomain/treewide: Keep firmware node unconditionally allocated - SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO compeletion") - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours - IB/umem: fix reference count leak in ib_umem_odp_get() - uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix GDB regression - ALSA: info: Drop WARN_ON() from buffer NULL sanity check - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK - btrfs: fix double free on ulist after backref resolution failure - btrfs: fix mount failure caused by race with umount - btrfs: fix page leaks after failure to lock page for delalloc - bnxt_en: Fix race when modifying pause settings. - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path - ax88172a: fix ax88172a_unbind() failures - net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual configuration - drm: sun4i: hdmi: Fix inverted HPD result - net: smc91x: Fix possible memory leak in smc_drv_probe() - bonding: check error value of register_netdevice() immediately - mlxsw: destroy workqueue when trap_register in mlxsw_emad_init - ipvs: fix the connection sync failed in some cases - i2c: rcar: always clear ICSAR to avoid side effects - bonding: check return value of register_netdevice() in bond_newlink() - serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X - scripts/decode_stacktrace: strip basepath from all paths - HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override - HID: apple: Disable Fn-key key-re-mapping on clone keyboards - dmaengine: tegra210-adma: Fix runtime PM imbalance on error - Input: add `SW_MACHINE_COVER` - spi: mediatek: use correct SPI_CFG2_REG MACRO - regmap: dev_get_regmap_match(): fix string comparison - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow - dmaengine: ioat setting ioat timeout as module parameter - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() - arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP - x86: math-emu: Fix up 'cmp' insn for clang ias - binder: Don't use mmput() from shrinker function. - usb: xhci-mtk: fix the failure of bandwidth allocation - usb: xhci: Fix ASM2142/ASM3142 DMA addressing - Revert "cifs: Fix the target file was deleted when rename failed." - staging: wlan-ng: properly check endpoint types - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift - serial: 8250: fix null-ptr-deref in serial8250_start_tx() - serial: 8250_mtk: Fix high-speed baud rates clamping - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins. - vt: Reject zero-sized screen buffer size. - Makefile: Fix GCC_TOOLCHAIN_DIR prefix for Clang cross compilation - mm/memcg: fix refcount error while moving and swapping - io-mapping: indicate mapping failure - parisc: Add atomic64_set_release()
[Bug 1883962] Re: apparmor reference leak causes refcount_t overflow with af_alg_accept()
This bug was fixed in the package linux - 5.4.0-45.49 --- linux (5.4.0-45.49) focal; urgency=medium * focal/linux: 5.4.0-45.49 -proposed tracker (LP: #1893050) * [Potential Regression] dscr_inherit_exec_test from powerpc in ubuntu_kernel_selftests failed on B/E/F (LP: #1888332) - powerpc/64s: Don't init FSCR_DSCR in __init_FSCR() linux (5.4.0-44.48) focal; urgency=medium * focal/linux: 5.4.0-44.48 -proposed tracker (LP: #1891049) * Packaging resync (LP: #1786013) - [Packaging] update helper scripts * ipsec: policy priority management is broken (LP: #1890796) - xfrm: policy: match with both mark and mask on user interfaces linux (5.4.0-43.47) focal; urgency=medium * focal/linux: 5.4.0-43.47 -proposed tracker (LP: #1890746) * Packaging resync (LP: #1786013) - update dkms package versions * Devlink - add RoCE disable kernel support (LP: #1877270) - devlink: Add new "enable_roce" generic device param - net/mlx5: Document flow_steering_mode devlink param - net/mlx5: Handle "enable_roce" devlink param - IB/mlx5: Rename profile and init methods - IB/mlx5: Load profile according to RoCE enablement state - net/mlx5: Remove unneeded variable in mlx5_unload_one - net/mlx5: Add devlink reload - IB/mlx5: Do reverse sequence during device removal * msg_zerocopy.sh in net from ubuntu_kernel_selftests failed (LP: #1812620) - selftests/net: relax cpu affinity requirement in msg_zerocopy test * Enlarge hisi_sec2 capability (LP: #1890222) - Revert "UBUNTU: [Config] Disable hisi_sec2 temporarily" - crypto: hisilicon - update SEC driver module parameter * Fix missing HDMI/DP Audio on an HP Desktop (LP: #1890441) - ALSA: hda/hdmi: Add quirk to force connectivity * Fix IOMMU error on AMD Radeon Pro W5700 (LP: #1890306) - PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken * ASoC:amd:renoir: the dmic can't record sound after suspend and resume (LP: #1890220) - SAUCE: ASoC: amd: renoir: restore two more registers during resume * No sound, Dummy output on Acer Swift 3 SF314-57G with Ice Lake core-i7 CPU (LP: #1877757) - ASoC: SOF: Intel: hda: fix generic hda codec support * Fix right speaker of HP laptop (LP: #1889375) - SAUCE: hda/realtek: Fix right speaker of HP laptop * blk_update_request error when mount nvme partition (LP: #1872383) - SAUCE: nvme-pci: prevent SK hynix PC400 from using Write Zeroes command * soc/amd/renoir: detect dmic from acpi table (LP: #1887734) - ASoC: amd: add logic to check dmic hardware runtime - ASoC: amd: add ACPI dependency check - ASoC: amd: fixed kernel warnings * soc/amd/renoir: change the module name to make it work with ucm3 (LP: #1888166) - AsoC: amd: add missing snd- module prefix to the acp3x-rn driver kernel module - SAUCE: remove a kernel module since its name is changed * Focal update: v5.4.55 upstream stable release (LP: #1890343) - AX.25: Fix out-of-bounds read in ax25_connect() - AX.25: Prevent out-of-bounds read in ax25_sendmsg() - dev: Defer free of skbs in flush_backlog - drivers/net/wan/x25_asy: Fix to make it work - ip6_gre: fix null-ptr-deref in ip6gre_init_net() - net-sysfs: add a newline when printing 'tx_timeout' by sysfs - net: udp: Fix wrong clean up for IS_UDPLITE macro - qrtr: orphan socket in qrtr_release() - rtnetlink: Fix memory(net_device) leak when ->newlink fails - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA - tcp: allow at most one TLP probe per flight - AX.25: Prevent integer overflows in connect and sendmsg - sctp: shrink stream outq only when new outcnt < old outcnt - sctp: shrink stream outq when fails to do addstream reconf - udp: Copy has_conns in reuseport_grow(). - udp: Improve load balancing for SO_REUSEPORT. - regmap: debugfs: check count when read regmap file - PM: wakeup: Show statistics for deleted wakeup sources again - Revert "dpaa_eth: fix usage as DSA master, try 3" - Linux 5.4.55 * Add support for Atlantic NIC firmware v4 (LP: #1886908) - net: atlantic: simplify hw_get_fw_version() usage - net: atlantic: align return value of ver_match function with function name - net: atlantic: add support for FW 4.x * perf vendor events s390: Add new deflate counters for IBM z15 (LP: #1888551) - perf vendor events s390: Add new deflate counters for IBM z15 * Focal update: v5.4.54 upstream stable release (LP: #1889669) - soc: qcom: rpmh: Dirt can only make you dirtier, not cleaner - gpio: arizona: handle pm_runtime_get_sync failure case - gpio: arizona: put pm_runtime in case of failure - pinctrl: amd: fix npins for uart0 in kerncz_groups - mac80211: allow rx of mesh eapol frames with default rx key - scsi: scsi_transport_spi: Fix function pointer check - xtensa: fix __sync_fetch_and_{and,or}_4 declarations
[Bug 1883962] Re: apparmor reference leak causes refcount_t overflow with af_alg_accept()
Verification done for Focal. $ uname -rv 5.4.0-43-generic #47-Ubuntu SMP Sat Aug 8 06:34:35 UTC 2020 $ ./aa-refcnt-af_alg & $ sudo insmod kmod.ko ... [ 171.672847] accept() :: comm = aa-refcnt-af_al, pid = 1600, sk->sk_security->label->count = 0x583 [ 171.674249] release() :: comm = aa-refcnt-af_al, pid = 1600, sk->sk_security->label->count = 0x584 [ 171.675676] accept() :: comm = aa-refcnt-af_al, pid = 1600, sk->sk_security->label->count = 0x583 [ 171.676932] release() :: comm = aa-refcnt-af_al, pid = 1600, sk->sk_security->label->count = 0x584 [ 171.678154] accept() :: comm = aa-refcnt-af_al, pid = 1600, sk->sk_security->label->count = 0x583 [ 171.679617] release() :: comm = aa-refcnt-af_al, pid = 1600, sk->sk_security->label->count = 0x584 ** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1883962 Title: apparmor reference leak causes refcount_t overflow with af_alg_accept() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883962/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1883962] Re: apparmor reference leak causes refcount_t overflow with af_alg_accept()
Verification done for Bionic. $ uname -rv 4.15.0-113-generic #114-Ubuntu SMP Sun Aug 9 07:27:58 UTC 2020 $ ./aa-refcnt-af_alg & $ sudo insmod kmod.ko ... [ 335.387236] release() :: comm = aa-refcnt-af_al, pid = 5764, sk->sk_security->label->count = 0x582 [ 335.388370] accept() :: comm = aa-refcnt-af_al, pid = 5764, sk->sk_security->label->count = 0x581 [ 335.389376] release() :: comm = aa-refcnt-af_al, pid = 5764, sk->sk_security->label->count = 0x582 [ 335.390558] accept() :: comm = aa-refcnt-af_al, pid = 5764, sk->sk_security->label->count = 0x581 [ 335.391521] release() :: comm = aa-refcnt-af_al, pid = 5764, sk->sk_security->label->count = 0x582 ** Tags removed: verification-needed-bionic ** Tags added: verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1883962 Title: apparmor reference leak causes refcount_t overflow with af_alg_accept() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883962/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1883962] Re: apparmor reference leak causes refcount_t overflow with af_alg_accept()
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed- bionic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1883962 Title: apparmor reference leak causes refcount_t overflow with af_alg_accept() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883962/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1883962] Re: apparmor reference leak causes refcount_t overflow with af_alg_accept()
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1883962 Title: apparmor reference leak causes refcount_t overflow with af_alg_accept() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883962/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1883962] Re: apparmor reference leak causes refcount_t overflow with af_alg_accept()
This bug was fixed in the package linux - 5.3.0-64.58 --- linux (5.3.0-64.58) eoan; urgency=medium * eoan/linux: 5.3.0-64.58 -proposed tracker (LP: #1887088) * linux 4.15.0-109-generic network DoS regression vs -108 (LP: #1886668) - SAUCE: Revert "netprio_cgroup: Fix unlimited memory leak of v2 cgroups" linux (5.3.0-63.57) eoan; urgency=medium * eoan/linux: 5.3.0-63.57 -proposed tracker (LP: #1885495) * seccomp_bpf fails on powerpc (LP: #1885757) - SAUCE: selftests/seccomp: fix ptrace tests on powerpc * The thread level parallelism would be a bottleneck when searching for the shared pmd by using hugetlbfs (LP: #1882039) - hugetlbfs: take read_lock on i_mmap for PMD sharing * Eoan update: upstream stable patchset 2020-06-30 (LP: #1885775) - ipv6: fix IPV6_ADDRFORM operation logic - net_failover: fixed rollback in net_failover_open() - bridge: Avoid infinite loop when suppressing NS messages with invalid options - vxlan: Avoid infinite loop when suppressing NS messages with invalid options - tun: correct header offsets in napi frags mode - Input: mms114 - fix handling of mms345l - ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook - sched/fair: Don't NUMA balance for kthreads - Input: synaptics - add a second working PNP_ID for Lenovo T470s - drivers/net/ibmvnic: Update VNIC protocol version reporting - powerpc/xive: Clear the page tables for the ESB IO mapping - ath9k_htc: Silence undersized packet warnings - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated - x86/cpu/amd: Make erratum #1054 a legacy erratum - perf probe: Accept the instance number of kretprobe event - mm: add kvfree_sensitive() for freeing sensitive data objects - aio: fix async fsync creds - x86_64: Fix jiffies ODR violation - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs - x86/speculation: Prevent rogue cross-process SSBD shutdown - x86/reboot/quirks: Add MacBook6,1 reboot quirk - efi/efivars: Add missing kobject_put() in sysfs entry creation error path - ALSA: es1688: Add the missed snd_card_free() - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines - ALSA: usb-audio: Fix inconsistent card PM state after resume - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() - ACPI: GED: add support for _Exx / _Lxx handler methods - ACPI: PM: Avoid using power resources if there are none for D0 - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() - spi: dw: Fix controller unregister order - spi: bcm2835aux: Fix controller unregister order - spi: bcm-qspi: when tx/rx buffer is NULL set to 0 - PM: runtime: clk: Fix clk_pm_runtime_get() error path - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated - ALSA: pcm: disallow linking stream to itself - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned - KVM: x86: Fix APIC page invalidation race - KVM: x86/mmu: Consolidate "is MMIO SPTE" code - KVM: x86: only do L1TF workaround on affected processors - x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. - x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches. - spi: Fix controller unregister order - spi: pxa2xx: Fix controller unregister order - spi: bcm2835: Fix controller unregister order - spi: pxa2xx: Fix runtime PM ref imbalance on probe error - crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() - selftests/net: in rxtimestamp getopt_long needs terminating null entry - ovl: initialize error in ovl_copy_xattr - proc: Use new_inode not new_inode_pseudo - video: fbdev: w100fb: Fix a potential double free. - KVM: nSVM: fix condition for filtering async PF - KVM: nSVM: leave ASID aside in copy_vmcb_control_area - KVM: nVMX: Consult only the "basic" exit reason when routing nested exit - KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data) - KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits - KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts - scsi: megaraid_sas: TM command refire leads to controller firmware crash - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb - ath9k: Fix general protection fault in ath9k_hif_usb_
[Bug 1883962] Re: apparmor reference leak causes refcount_t overflow with af_alg_accept()
Verification done on "Disco" (linux-hwe-5.0) --- # uname -rv 5.0.0-58-generic #62~18.04.1-Ubuntu SMP Tue Jul 14 03:37:30 UTC 2020 For some other reason the kprobes module is not picking up on accept, only on release. This is unrelated to this patchset. I used kprobe events instead, which is working, and reveals the ref counter does not leak (stable increase/decrease on accept/release.) On the example below, it varies between 0x64b and 0x64c, correctly. # ./aa-refcnt-af_alg & # echo 'p af_alg_accept sk=%di count=+0x0(+0x0(+0x278(%di))):x32' > /sys/kernel/debug/tracing/kprobe_events # echo 'p af_alg_release_parent sk=%di count=+0x0(+0x0(+0x278(%di))):x32' >> /sys/kernel/debug/tracing/kprobe_events # echo 1 > /sys/kernel/debug/tracing/events/kprobes/enable # cat /sys/kernel/debug/tracing/trace_pipe ... aa-refcnt-af_al-21362 [002] 77023.869615: p_af_alg_accept_0: (af_alg_accept+0x0/0x1c0 [af_alg]) sk=0x9138b54c2400 count=0x64b aa-refcnt-af_al-21362 [002] 77023.869619: p_af_alg_release_parent_0: (af_alg_release_parent+0x0/0xc0 [af_alg]) sk=0x9138b5e27800 count=0x64c aa-refcnt-af_al-21362 [002] 77023.869623: p_af_alg_accept_0: (af_alg_accept+0x0/0x1c0 [af_alg]) sk=0x9138b54c2400 count=0x64b aa-refcnt-af_al-21362 [002] 77023.869626: p_af_alg_release_parent_0: (af_alg_release_parent+0x0/0xc0 [af_alg]) sk=0x9138b5e27800 count=0x64c aa-refcnt-af_al-21362 [002] 77023.869630: p_af_alg_accept_0: (af_alg_accept+0x0/0x1c0 [af_alg]) sk=0x9138b54c2400 count=0x64b aa-refcnt-af_al-21362 [002] 77023.869633: p_af_alg_release_parent_0: (af_alg_release_parent+0x0/0xc0 [af_alg]) sk=0x9138b5e27800 count=0x64c ... ctrl-c # echo 0 > /sys/kernel/debug/tracing/events/kprobes/enable # echo > /sys/kernel/debug/tracing/kprobe_events # killall aa-refcnt-af_alg Details: --- We want this value from 'struct sock *sk': kref_read(&SK_CTX(sk)->label->count) With: #define SK_CTX(X) apparmor_sock(X) static inline struct aa_sk_ctx *apparmor_sock(const struct sock *sk) ... return sk->sk_security + apparmor_blob_sizes->lbs_sock; ... Checking the value for lbs_sock w/ a kernel module: [76604.268403] apparmor_blob_sizes->lbs_sock: 0 And struct member offsets: $ pahole --hex -C sock usr/lib/debug/boot/vmlinux-5.0.0-58-generic | grep sk_security void * sk_security; /* 0x278 0x8 */ $ pahole --hex -C aa_sk_ctx usr/lib/debug/boot/vmlinux-5.0.0-58-generic | grep -w label struct aa_label * label;/* 0 0x8 */ $ pahole --hex -C aa_label usr/lib/debug/boot/vmlinux-5.0.0-58-generic | grep -w count struct krefcount;/* 0 0x4 */ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1883962 Title: apparmor reference leak causes refcount_t overflow with af_alg_accept() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883962/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1883962] Re: apparmor reference leak causes refcount_t overflow with af_alg_accept()
Verification done on Eoan. The apparmor label refcnt inc/dec-rements properly on accept()/release(), no leaks. $ lsb_release -cs eoan $ uname -rv 5.3.0-63-generic #57-Ubuntu SMP Thu Jul 2 10:38:35 UTC 2020 $ apt-cache policy linux-image-$(uname -r) linux-image-5.3.0-63-generic: ... *** 5.3.0-63.57 500 500 http://archive.ubuntu.com/ubuntu eoan-proposed/main amd64 Packages ... $ gcc -o aa-refcnt-af_alg aa-refcnt-af_alg.c $ ./aa-refcnt-af_alg & $ make $ sudo insmod kmod.ko & $ dmesg ... [ 254.940413] accept() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a4 [ 254.941665] release() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a5 [ 254.942932] accept() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a4 [ 254.944187] release() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a5 [ 254.945484] accept() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a4 [ 254.946741] release() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a5 [ 254.948023] accept() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a4 [ 254.949282] release() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a5 [ 254.950572] accept() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a4 [ 254.952526] release() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a5 ... $ sudo rmmod kmod ** Tags removed: verification-needed-eoan ** Tags added: verification-done-eoan -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1883962 Title: apparmor reference leak causes refcount_t overflow with af_alg_accept() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883962/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1883962] Re: apparmor reference leak causes refcount_t overflow with af_alg_accept()
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- eoan' to 'verification-done-eoan'. If the problem still exists, change the tag 'verification-needed-eoan' to 'verification-failed-eoan'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-eoan -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1883962 Title: apparmor reference leak causes refcount_t overflow with af_alg_accept() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883962/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1883962] Re: apparmor reference leak causes refcount_t overflow with af_alg_accept()
** Changed in: linux (Ubuntu Bionic) Status: In Progress => Fix Committed ** Changed in: linux (Ubuntu Focal) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1883962 Title: apparmor reference leak causes refcount_t overflow with af_alg_accept() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883962/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1883962] Re: apparmor reference leak causes refcount_t overflow with af_alg_accept()
** Changed in: linux (Ubuntu Eoan) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1883962 Title: apparmor reference leak causes refcount_t overflow with af_alg_accept() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883962/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1883962] Re: apparmor reference leak causes refcount_t overflow with af_alg_accept()
It turns out that the 5.0 and 5.3 kernels should still be supported on some custom kernels, thus sending the patch for Disco and Eoan. [D/E][PATCH 0/1] Fix apparmor reference leak via AF_ALG https://lists.ubuntu.com/archives/kernel-team/2020-June/111585.html ** Changed in: linux (Ubuntu Eoan) Status: Won't Fix => In Progress ** Changed in: linux (Ubuntu Eoan) Importance: Undecided => Medium ** Changed in: linux (Ubuntu Eoan) Assignee: (unassigned) => Mauricio Faria de Oliveira (mfo) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1883962 Title: apparmor reference leak causes refcount_t overflow with af_alg_accept() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883962/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1883962] Re: apparmor reference leak causes refcount_t overflow with af_alg_accept()
** Tags added: sts ** Changed in: linux (Ubuntu Groovy) Status: Won't Fix => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1883962 Title: apparmor reference leak causes refcount_t overflow with af_alg_accept() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883962/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1883962] Re: apparmor reference leak causes refcount_t overflow with af_alg_accept()
[B][PATCH 0/1] Fix apparmor reference leak via AF_ALG https://lists.ubuntu.com/archives/kernel-team/2020-June/36.html [B][PATCH 1/1] apparmor: check/put label on apparmor_sk_clone_security() https://lists.ubuntu.com/archives/kernel-team/2020-June/37.html [F][PATCH 1/1] apparmor: check/put label on apparmor_sk_clone_security() https://lists.ubuntu.com/archives/kernel-team/2020-June/38.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1883962 Title: apparmor reference leak causes refcount_t overflow with af_alg_accept() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883962/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1883962] Re: apparmor reference leak causes refcount_t overflow with af_alg_accept()
After a few hours with the reproducer running on the original kernel, the kernel errors about the reference count are observed: Focal: - $ uname -rv 5.4.0-38-generic #42-Ubuntu SMP Mon Jun 8 14:14:24 UTC 2020 $ ./aa-refcnt-af_alg [ 9581.048189] [ cut here ] [ 9581.049497] refcount_t overflow at apparmor_sk_clone_security+0x35/0x70 in aa-refcnt-af_al[1023], uid/euid: 1000/1000 [ 9581.052125] WARNING: CPU: 1 PID: 1023 at kernel/panic.c:677 refcount_error_report+0x9b/0xab [ 9581.054428] Modules linked in: ... [ 9581.063137] CPU: 1 PID: 1023 Comm: aa-refcnt-af_al Tainted: G OE 5.4.0-38-generic #42-Ubuntu [ 9581.065494] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 [ 9581.067693] RIP: 0010:refcount_error_report+0x9b/0xab ... [ 9581.088358] Call Trace: [ 9581.089083] ex_handler_refcount+0x50/0x70 [ 9581.090147] fixup_exception+0x4a/0x61 [ 9581.091142] do_trap+0x4e/0xf0 [ 9581.091998] do_error_trap+0x7c/0xc0 [ 9581.092958] ? csum_partial_copy_generic+0x1687/0x3a10 [ 9581.094250] do_invalid_op+0x3c/0x50 [ 9581.095210] ? csum_partial_copy_generic+0x1687/0x3a10 [ 9581.096505] invalid_op+0x1e/0x30 [ 9581.097413] RIP: 0010:apparmor_sk_clone_security+0x35/0x70 ... [ 9581.113048] security_sk_clone+0x2f/0x40 [ 9581.114078] af_alg_accept+0x7e/0x190 [af_alg] [ 9581.115456] alg_accept+0x15/0x20 [af_alg] [ 9581.116549] __sys_accept4+0x109/0x210 [ 9581.117549] ? _cond_resched+0x19/0x30 [ 9581.118545] __x64_sys_accept+0x1c/0x20 [ 9581.119573] do_syscall_64+0x57/0x190 [ 9581.120551] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 9581.121821] RIP: 0033:0x7efc1bc390a7 ... Bionic: -- $ uname -rv 4.15.0-107-generic #108-Ubuntu SMP Mon Jun 8 17:51:33 UTC 2020 $ ./aa-refcnt-af_alg [ 8460.359291] [ cut here ] [ 8460.360638] refcount_t overflow at apparmor_sk_clone_security+0x37/0x70 in aa-refcnt-af_al[1243], uid/euid: 1000/1000 [ 8460.363332] WARNING: CPU: 1 PID: 1243 at /build/linux-oHXYZI/linux-4.15.0/kernel/panic.c:662 refcount_error_report+0x9c/0xac [ 8460.366556] Modules linked in: ... [ 8460.375936] CPU: 1 PID: 1243 Comm: aa-refcnt-af_al Tainted: G OE 4.15.0-107-generic #108-Ubuntu [ 8460.378352] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 [ 8460.380598] RIP: 0010:refcount_error_report+0x9c/0xac ... [ 8460.397294] Call Trace: [ 8460.398331] ex_handler_refcount+0x52/0x80 [ 8460.399432] fixup_exception+0x3a/0x50 [ 8460.400462] do_trap+0x8a/0x140 [ 8460.401346] do_error_trap+0xa6/0x140 [ 8460.402355] ? csum_partial_copy_generic+0xcfb/0x27a0 [ 8460.403671] ? ___slab_alloc+0x204/0x4f0 [ 8460.404730] ? ___slab_alloc+0x204/0x4f0 [ 8460.405786] ? get_empty_filp+0x5c/0x1c0 [ 8460.406840] do_invalid_op+0x20/0x30 [ 8460.407830] invalid_op+0x1b/0x40 [ 8460.408755] RIP: 0010:apparmor_sk_clone_security+0x37/0x70 ... [ 8460.420262] security_sk_clone+0x33/0x50 [ 8460.421314] af_alg_accept+0x81/0x1c0 [af_alg] [ 8460.422484] ? aa_sock_accept_perm+0x25/0x30 [ 8460.423623] alg_accept+0x15/0x20 [af_alg] [ 8460.424725] SYSC_accept4+0xff/0x210 [ 8460.425706] ? mntput+0x24/0x40 [ 8460.426598] ? __fput+0x193/0x220 [ 8460.427536] ? _cond_resched+0x19/0x40 [ 8460.428561] ? task_work_run+0x46/0xc0 [ 8460.429586] SyS_accept+0x10/0x20 [ 8460.430518] do_syscall_64+0x73/0x130 [ 8460.431522] entry_SYSCALL_64_after_hwframe+0x41/0xa6 [ 8460.432830] RIP: 0033:0x7f0ecc0c87e4 ... ** Description changed: [Impact] * Users of the Crypto (user-space) API (i.e., AF_ALG) can trigger refcount errors in AppArmor under high load (might lead to memory leak or use after free.) * There is a reference leak in AppArmor when af_alg_accept() calls security_sock_graft() and then security_sk_clone(). * Both acquire a reference to a label, to assign it to the same pointer, but the latter does not release the former's acquired reference (before overwriting the pointer value.) * This reference leak builds up over time, and under high load can eventually overflow/underflow/saturate refcount, depending on which value it has when a program hits that. * The fix just checks if the pointer has an assigned label, then releases its acquired reference. [Test Case] + * See comment #1 for the test-case 'aa-refcnt-af_alg.c'. + * Exercise that code path indefinitely until it hits the refcount_t overflow/underflow/saturate message -(or not, with the patch.) +(or not, with the patch.) (see comment #4) - * See comment #1 for the test-case 'aa-refcnt-af_alg.c'. - -If the problem happens, in a few hours there is an -error message in the kernel logs (see comment #1.) + If the problem happens, in a few hours there is an + error message in the kernel logs (see comment #1.) * It's possible to monitor refcount values with kprobes, -to confirm whether or not the pro
[Bug 1883962] Re: apparmor reference leak causes refcount_t overflow with af_alg_accept()
kprobes module to monitor the apparmor label reference count. ** Attachment added: "kmod.c" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883962/+attachment/5385006/+files/kmod.c -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1883962 Title: apparmor reference leak causes refcount_t overflow with af_alg_accept() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883962/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1883962] Re: apparmor reference leak causes refcount_t overflow with af_alg_accept()
Monitoring the label reference count with the kprobes module: - original kernel: the counter keeps increasing on every pair of accept()/release() syscalls. - modified kernel: the counter keeps stable. Focal: - original) $ uname -rv 5.4.0-38-generic #42-Ubuntu SMP Mon Jun 8 14:14:24 UTC 2020 $ ./aa-refcnt-af_alg & $ sudo insmod kmod.ko ... [ 4739.811403] accept() :: comm = aa-refcnt-af_al, pid = 1023, sk->sk_security->label->count = 0x40b395e0 [ 4739.813677] release() :: comm = aa-refcnt-af_al, pid = 1023, sk->sk_security->label->count = 0x40b395e2 [ 4739.815994] accept() :: comm = aa-refcnt-af_al, pid = 1023, sk->sk_security->label->count = 0x40b395e1 [ 4739.818274] release() :: comm = aa-refcnt-af_al, pid = 1023, sk->sk_security->label->count = 0x40b395e3 [ 4739.820555] accept() :: comm = aa-refcnt-af_al, pid = 1023, sk->sk_security->label->count = 0x40b395e2 [ 4739.822833] release() :: comm = aa-refcnt-af_al, pid = 1023, sk->sk_security->label->count = 0x40b395e4 ... $ sudo rmmod kmod modified) $ uname -rv 5.4.0-38-generic #42+test20200617b1 SMP Wed Jun 17 16:31:24 -03 2020 $ ./aa-refcnt-af_alg & $ sudo insmod kmod.ko ... [ 185.657133] accept() :: comm = aa-refcnt-af_al, pid = 1098, sk->sk_security->label->count = 0x649 [ 185.660720] release() :: comm = aa-refcnt-af_al, pid = 1098, sk->sk_security->label->count = 0x64a [ 185.664321] accept() :: comm = aa-refcnt-af_al, pid = 1098, sk->sk_security->label->count = 0x649 [ 185.668981] release() :: comm = aa-refcnt-af_al, pid = 1098, sk->sk_security->label->count = 0x64a [ 185.672648] accept() :: comm = aa-refcnt-af_al, pid = 1098, sk->sk_security->label->count = 0x629 [ 185.676299] release() :: comm = aa-refcnt-af_al, pid = 1098, sk->sk_security->label->count = 0x62a ... $ sudo rmmod kmod Bionic: -- original) $ uname -rv 4.15.0-107-generic #108-Ubuntu SMP Mon Jun 8 17:51:33 UTC 2020 $ ./aa-refcnt-af_alg & $ sudo insmod kmod.ko ... [ 4333.136581] accept() :: comm = aa-refcnt-af_al, pid = 1243, sk->sk_security->label->count = 0x449b9e85 [ 4333.139131] release() :: comm = aa-refcnt-af_al, pid = 1243, sk->sk_security->label->count = 0x449b9e87 [ 4333.141650] accept() :: comm = aa-refcnt-af_al, pid = 1243, sk->sk_security->label->count = 0x449b9e86 [ 4333.144142] release() :: comm = aa-refcnt-af_al, pid = 1243, sk->sk_security->label->count = 0x449b9e88 [ 4333.146675] accept() :: comm = aa-refcnt-af_al, pid = 1243, sk->sk_security->label->count = 0x449b9e87 [ 4333.149199] release() :: comm = aa-refcnt-af_al, pid = 1243, sk->sk_security->label->count = 0x449b9e89 ... $ sudo rmmod kmod modified) $ uname -rv 4.15.0-107-generic #108+test20200617b1 SMP Wed Jun 17 16:33:16 -03 2020 $ ./aa-refcnt-af_alg & $ sudo insmod kmod.ko ... [ 245.921217] accept() :: comm = aa-refcnt-af_al, pid = 1165, sk->sk_security->label->count = 0x608 [ 245.923456] release() :: comm = aa-refcnt-af_al, pid = 1165, sk->sk_security->label->count = 0x609 [ 245.925718] accept() :: comm = aa-refcnt-af_al, pid = 1165, sk->sk_security->label->count = 0x608 [ 245.927954] release() :: comm = aa-refcnt-af_al, pid = 1165, sk->sk_security->label->count = 0x609 [ 245.930221] accept() :: comm = aa-refcnt-af_al, pid = 1165, sk->sk_security->label->count = 0x608 [ 245.932469] release() :: comm = aa-refcnt-af_al, pid = 1165, sk->sk_security->label->count = 0x609 ... $ sudo rmmod kmod -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1883962 Title: apparmor reference leak causes refcount_t overflow with af_alg_accept() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883962/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1883962] Re: apparmor reference leak causes refcount_t overflow with af_alg_accept()
Test Case: - $ cat aa-refcnt-af_alg.c #include #include #include #include #include int main() { int sockfd; struct sockaddr_alg sa; /* Setup the crypto API socket */ sockfd = socket(AF_ALG, SOCK_SEQPACKET, 0); if (sockfd < 0) { perror("socket"); return 1; } memset(&sa, 0, sizeof(sa)); sa.salg_family = AF_ALG; strcpy((char *) sa.salg_type, "rng"); strcpy((char *) sa.salg_name, "stdrng"); if (bind(sockfd, (struct sockaddr *) &sa, sizeof(sa)) < 0) { perror("bind"); return 1; } /* Accept a "connection" and close it; repeat. */ while (!close(accept(sockfd, NULL, 0))); return 0; } $ gcc -o aa-refcnt-af_alg aa-refcnt-af_alg.c $ ./aa-refcnt-af_alg [ 9928.475953] refcount_t overflow at apparmor_sk_clone_security+0x37/0x70 in aa-refcnt-af_alg[1322], uid/euid: 1000/1000 ... [ 9928.507443] RIP: 0010:apparmor_sk_clone_security+0x37/0x70 ... [ 9928.514286] security_sk_clone+0x33/0x50 [ 9928.514807] af_alg_accept+0x81/0x1c0 [af_alg] [ 9928.516091] alg_accept+0x15/0x20 [af_alg] [ 9928.516682] SYSC_accept4+0xff/0x210 [ 9928.519609] SyS_accept+0x10/0x20 [ 9928.520190] do_syscall_64+0x73/0x130 [ 9928.520808] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 Note that other messages may be seen, not just overflow, depending on the value being incremented by kref_get(); on another run: [ 7273.182666] refcount_t: saturated; leaking memory. ... [ 7273.185789] refcount_t: underflow; use-after-free. ** Description changed: [Impact] - * Users of the Crypto (user-space) API (i.e., AF_ALG) -can trigger refcount errors in AppArmor under high -load (might lead to memory leak or use after free.) + * Users of the Crypto (user-space) API (i.e., AF_ALG) + can trigger refcount errors in AppArmor under high + load (might lead to memory leak or use after free.) - * There is a reference leak in AppArmor when af_alg_accept() -calls security_sock_graft() and then security_sk_clone(). - - * Both acquire a reference to a label, to assign it to the -same pointer, but the latter does not release the former's -acquired reference (before overwriting the pointer value.) - - * This reference leak builds up over time, and under high -load can eventually overflow/underflow/saturate refcount, -depending on which value it has when a program hits that. - - * The fix just checks if the pointer has an assigned label, -then releases its acquired reference. + * There is a reference leak in AppArmor when af_alg_accept() + calls security_sock_graft() and then security_sk_clone(). + + * Both acquire a reference to a label, to assign it to the + same pointer, but the latter does not release the former's + acquired reference (before overwriting the pointer value.) + + * This reference leak builds up over time, and under high + load can eventually overflow/underflow/saturate refcount, + depending on which value it has when a program hits that. + + * The fix just checks if the pointer has an assigned label, + then releases its acquired reference. [Test Case] - * See comment # for the test-case 'aa-refcnt-af_alg.c'. + * Exercise that code path indefinitely until it hits +the refcount_t overflow/underflow/saturate message +(or not, with the patch.) - * Exercise that code path indefinitely until it hits -the refcount_t overflow/underflow/saturate message. -(in a few hours.) - - * It's possible to monitor refcount values with kprobes. + * See comment #1 for the test-case 'aa-refcnt-af_alg.c'. + +If the problem happens, in a few hours there is an +error message in the kernel logs (see comment #1.) + + * It's possible to monitor refcount values with kprobes, +to confirm whether or not the problem is happening. [Other Info] - * Patch applied upstream on v5.8-rc1 [1] - * Applied on Unstable (tag Ubuntu-5.8-5.8.0-0.1) - * Not required on Groovy (still 5.4; should sync from Unstable) - * Not required on Eoan (EOL date before SRU cycle release date) - * Required on Bionic and Focal. + * Patch applied upstream on v5.8-rc1 [1] + * Applied on Unstable (tag Ubuntu-5.8-5.8.0-0.1) + * Not required on Groovy (still 5.4; should sync from Unstable) + * Not required on Eoan (EOL date before SRU cycle release date) + * Required on Bionic and Focal. [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=3b646abc5bc6c0df649daea4c2c976bd4d47e4c8 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1883962 Title: apparmor reference leak causes refcount_t overflow with af_alg_accept() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883962/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubu