New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 633297 link

Starred by 3 users

Issue metadata

Status: Fixed
Owner:
Email to this user bounced
Closed: Aug 2016
Cc:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug



Sign in to add a comment

Backport AppArmor kernel patches from upstream to chromeos-4.4

Project Member Reported by ameyd@google.com, Aug 1 2016

Issue description

Tracking bug for backporting AppArmor-related patches from upstream to chromeos-4.4.

Background:
Lakitu board wants to enable AppArmor for their users.  There are ~23 kernel patches related to AppArmor -- most of them are bug fixes, which were recently merged in upstream Linux kernel.  We should backport them to chromeos-4.4 before enabling the feature in Lakitu.


 
Project Member

Comment 1 by bugdroid1@chromium.org, Aug 2 2016

Labels: merge-merged-chromeos-4.4
The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/79b60ee1a4c01fff3999ee7cacc03608a2dea50b

commit 79b60ee1a4c01fff3999ee7cacc03608a2dea50b
Author: John Johansen <john.johansen@canonical.com>
Date: Mon Apr 11 23:55:10 2016

UPSTREAM: apparmor: fix refcount bug in profile replacement

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
(cherry picked from commit dcda617a0c5160c73e0aa02813c871339ea08004)
Signed-off-by: Amey Deshpande <ameyd@google.com>

TEST="emerge-lakitu lakitu-kernel-4_4"
BUG= chromium:633297 

Change-Id: I61c7e89f99183ca0de5b379ddc789c04058abba9
Reviewed-on: https://chromium-review.googlesource.com/365091
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>

[modify] https://crrev.com/79b60ee1a4c01fff3999ee7cacc03608a2dea50b/security/apparmor/policy.c

Project Member

Comment 2 by bugdroid1@chromium.org, Aug 2 2016

Labels: merge-merged-chromeos-4.4
The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/056d9abdce98a1aa0817967abc088db80cfc11fc

commit 056d9abdce98a1aa0817967abc088db80cfc11fc
Author: John Johansen <john.johansen@canonical.com>
Date: Mon Apr 11 23:57:19 2016

UPSTREAM: apparmor: fix replacement bug that adds new child to old parent

When set atomic replacement is used and the parent is updated before the
child, and the child did not exist in the old parent so there is no
direct replacement then the new child is incorrectly added to the old
parent. This results in the new parent not having the child(ren) that
it should and the old parent when being destroyed asserting the
following error.

AppArmor: policy_destroy: internal error, policy '<profile/name>' still
contains profiles

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
(cherry picked from commit ec34fa24a934f4c8fd68f39b84abf34c42e5b06a)
Signed-off-by: Amey Deshpande <ameyd@google.com>

TEST="emerge-lakitu lakitu-kernel-4_4"
BUG= chromium:633297 

Change-Id: I5029c064bd4b28b14f5a45539c5bba19432dd451
Reviewed-on: https://chromium-review.googlesource.com/365092
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>

[modify] https://crrev.com/056d9abdce98a1aa0817967abc088db80cfc11fc/security/apparmor/policy.c

Project Member

Comment 3 by bugdroid1@chromium.org, Aug 2 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/251e90f45155ef71eed23b9d4849973a7e4eeb5d

commit 251e90f45155ef71eed23b9d4849973a7e4eeb5d
Author: John Johansen <john.johansen@canonical.com>
Date: Sun Jun 08 18:20:54 2014

UPSTREAM: apparmor: fix uninitialized lsm_audit member

BugLink: http://bugs.launchpad.net/bugs/1268727

The task field in the lsm_audit struct needs to be initialized if
a change_hat fails, otherwise the following oops will occur

BUG: unable to handle kernel paging request at 0000002fbead7d08
IP: [<ffffffff8171153e>] _raw_spin_lock+0xe/0x50
PGD 1e3f35067 PUD 0
Oops: 0002 [#1] SMP
Modules linked in: pppox crc_ccitt p8023 p8022 psnap llc ax25 btrfs raid6_pq xor xfs libcrc32c dm_multipath scsi_dh kvm_amd dcdbas kvm microcode amd64_edac_mod joydev edac_core psmouse edac_mce_amd serio_raw k10temp sp5100_tco i2c_piix4 ipmi_si ipmi_msghandler acpi_power_meter mac_hid lp parport hid_generic usbhid hid pata_acpi mpt2sas ahci raid_class pata_atiixp bnx2 libahci scsi_transport_sas [last unloaded: tipc]
CPU: 2 PID: 699 Comm: changehat_twice Tainted: GF          O 3.13.0-7-generic #25-Ubuntu
Hardware name: Dell Inc. PowerEdge R415/08WNM9, BIOS 1.8.6 12/06/2011
task: ffff8802135c6000 ti: ffff880212986000 task.ti: ffff880212986000
RIP: 0010:[<ffffffff8171153e>]  [<ffffffff8171153e>] _raw_spin_lock+0xe/0x50
RSP: 0018:ffff880212987b68  EFLAGS: 00010006
RAX: 0000000000020000 RBX: 0000002fbead7500 RCX: 0000000000000000
RDX: 0000000000000292 RSI: ffff880212987ba8 RDI: 0000002fbead7d08
RBP: ffff880212987b68 R08: 0000000000000246 R09: ffff880216e572a0
R10: ffffffff815fd677 R11: ffffea0008469580 R12: ffffffff8130966f
R13: ffff880212987ba8 R14: 0000002fbead7d08 R15: ffff8800d8c6b830
FS:  00002b5e6c84e7c0(0000) GS:ffff880216e40000(0000) knlGS:0000000055731700
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000002fbead7d08 CR3: 000000021270f000 CR4: 00000000000006e0
Stack:
 ffff880212987b98 ffffffff81075f17 ffffffff8130966f 0000000000000009
 0000000000000000 0000000000000000 ffff880212987bd0 ffffffff81075f7c
 0000000000000292 ffff880212987c08 ffff8800d8c6b800 0000000000000026
Call Trace:
 [<ffffffff81075f17>] __lock_task_sighand+0x47/0x80
 [<ffffffff8130966f>] ? apparmor_cred_prepare+0x2f/0x50
 [<ffffffff81075f7c>] do_send_sig_info+0x2c/0x80
 [<ffffffff81075fee>] send_sig_info+0x1e/0x30
 [<ffffffff8130242d>] aa_audit+0x13d/0x190
 [<ffffffff8130c1dc>] aa_audit_file+0xbc/0x130
 [<ffffffff8130966f>] ? apparmor_cred_prepare+0x2f/0x50
 [<ffffffff81304cc2>] aa_change_hat+0x202/0x530
 [<ffffffff81308fc6>] aa_setprocattr_changehat+0x116/0x1d0
 [<ffffffff8130a11d>] apparmor_setprocattr+0x25d/0x300
 [<ffffffff812cee56>] security_setprocattr+0x16/0x20
 [<ffffffff8121fc87>] proc_pid_attr_write+0x107/0x130
 [<ffffffff811b7604>] vfs_write+0xb4/0x1f0
 [<ffffffff811b8039>] SyS_write+0x49/0xa0
 [<ffffffff8171a1bf>] tracesys+0xe1/0xe6

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
(cherry picked from commit b6b1b81b3afba922505b57f4c812bba022f7c4a9)
Signed-off-by: Amey Deshpande <ameyd@google.com>

TEST="emerge-lakitu lakitu-kernel-4_4"
BUG= chromium:633297 

Change-Id: Ide980cecceca5e64ef09129816a2f7f9598b4b69
Reviewed-on: https://chromium-review.googlesource.com/365093
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>

[modify] https://crrev.com/251e90f45155ef71eed23b9d4849973a7e4eeb5d/security/apparmor/file.c
[modify] https://crrev.com/251e90f45155ef71eed23b9d4849973a7e4eeb5d/security/apparmor/audit.c

Project Member

Comment 4 by bugdroid1@chromium.org, Aug 2 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/79a247de5149df353f0450acb26377104d67091f

commit 79a247de5149df353f0450acb26377104d67091f
Author: John Johansen <john.johansen@canonical.com>
Date: Fri Jul 25 11:02:03 2014

UPSTREAM: apparmor: exec should not be returning ENOENT when it denies

The current behavior is confusing as it causes exec failures to report
the executable is missing instead of identifying that apparmor
caused the failure.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
(cherry picked from commit 9049a7922124d843a2cd26a02b1d00a17596ec0c)
Signed-off-by: Amey Deshpande <ameyd@google.com>

TEST="emerge-lakitu lakitu-kernel-4_4"
BUG= chromium:633297 

Change-Id: I9bfaa982214255d8871215ef88e1c19ff5ea13bb
Reviewed-on: https://chromium-review.googlesource.com/365094
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>

[modify] https://crrev.com/79a247de5149df353f0450acb26377104d67091f/security/apparmor/domain.c

Project Member

Comment 5 by bugdroid1@chromium.org, Aug 2 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/a72629b2924685adc33e02e9fc6a364aed490957

commit a72629b2924685adc33e02e9fc6a364aed490957
Author: John Johansen <john.johansen@canonical.com>
Date: Fri Jul 25 11:01:56 2014

UPSTREAM: apparmor: fix update the mtime of the profile file on replacement

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
(cherry picked from commit d671e890205a663429da74e1972e652bea4d73ab)
Signed-off-by: Amey Deshpande <ameyd@google.com>

TEST="emerge-lakitu lakitu-kernel-4_4"
BUG= chromium:633297 

Change-Id: I17cb41feb6f8cb9374fedd40fd9355e0b9205c1e
Reviewed-on: https://chromium-review.googlesource.com/365095
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>

[modify] https://crrev.com/a72629b2924685adc33e02e9fc6a364aed490957/security/apparmor/apparmorfs.c

Project Member

Comment 6 by bugdroid1@chromium.org, Aug 2 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/1135d4f40e2e0c36151f25dacaa3fc5c971989f8

commit 1135d4f40e2e0c36151f25dacaa3fc5c971989f8
Author: John Johansen <john.johansen@canonical.com>
Date: Fri Jul 25 11:02:08 2014

UPSTREAM: apparmor: fix disconnected bind mnts reconnection

Bind mounts can fail to be properly reconnected when PATH_CONNECT is
specified. Ensure that when PATH_CONNECT is specified the path has
a root.

BugLink: http://bugs.launchpad.net/bugs/1319984

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
(cherry picked from commit f2e561d190da7ff5ee265fa460e2d7f753dddfda)
Signed-off-by: Amey Deshpande <ameyd@google.com>

TEST="emerge-lakitu lakitu-kernel-4_4"
BUG= chromium:633297 

Change-Id: I3afc4f1cac615ead8435e338c840ff7091caefec
Reviewed-on: https://chromium-review.googlesource.com/365096
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>

[modify] https://crrev.com/1135d4f40e2e0c36151f25dacaa3fc5c971989f8/security/apparmor/path.c

Project Member

Comment 7 by bugdroid1@chromium.org, Aug 2 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/a5ba5eb3725ab575a21c2b3469ce20ce4a0d84dd

commit a5ba5eb3725ab575a21c2b3469ce20ce4a0d84dd
Author: John Johansen <john.johansen@canonical.com>
Date: Fri Jul 25 11:02:10 2014

UPSTREAM: apparmor: internal paths should be treated as disconnected

Internal mounts are not mounted anywhere and as such should be treated
as disconnected paths.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
(cherry picked from commit bd35db8b8ca6e27fc17a9057ef78e1ddfc0de351)
Signed-off-by: Amey Deshpande <ameyd@google.com>

TEST="emerge-lakitu lakitu-kernel-4_4"
BUG= chromium:633297 

Change-Id: I800b26834205aff8b02fcb608db3240390d3d00c
Reviewed-on: https://chromium-review.googlesource.com/365097
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>

[modify] https://crrev.com/a5ba5eb3725ab575a21c2b3469ce20ce4a0d84dd/security/apparmor/path.c

Project Member

Comment 8 by bugdroid1@chromium.org, Aug 2 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/a4f52a529337f44bf1ea8e399cabd2bd8d0c8035

commit a4f52a529337f44bf1ea8e399cabd2bd8d0c8035
Author: John Johansen <john.johansen@canonical.com>
Date: Sat Apr 16 20:59:02 2016

UPSTREAM: apparmor: fix put() parent ref after updating the active ref

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
(cherry picked from commit f351841f8d41072e741e45299070d421a5833a4a)
Signed-off-by: Amey Deshpande <ameyd@google.com>

TEST="emerge-lakitu lakitu-kernel-4_4"
BUG= chromium:633297 

Change-Id: Ieef8b7360c0552f092cb68716e8881e2fa5b829b
Reviewed-on: https://chromium-review.googlesource.com/365098
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>

[modify] https://crrev.com/a4f52a529337f44bf1ea8e399cabd2bd8d0c8035/security/apparmor/policy.c

Project Member

Comment 9 by bugdroid1@chromium.org, Aug 2 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/d7d4ab762935e73e1009b787921c69e67790b5d7

commit d7d4ab762935e73e1009b787921c69e67790b5d7
Author: John Johansen <john.johansen@canonical.com>
Date: Sat Apr 16 21:16:50 2016

UPSTREAM: apparmor: fix log failures for all profiles in a set

currently only the profile that is causing the failure is logged. This
makes it more confusing than necessary about which profiles loaded
and which didn't. So make sure to log success and failure messages for
all profiles in the set being loaded.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
(cherry picked from commit bf15cf0c641be8e57d45f110a9d91464f5bb461a)
Signed-off-by: Amey Deshpande <ameyd@google.com>

TEST="emerge-lakitu lakitu-kernel-4_4"
BUG= chromium:633297 

Change-Id: I84055963430c29dc81ed675bb9dbd87271295833
Reviewed-on: https://chromium-review.googlesource.com/365099
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>

[modify] https://crrev.com/d7d4ab762935e73e1009b787921c69e67790b5d7/security/apparmor/policy.c

Project Member

Comment 10 by bugdroid1@chromium.org, Aug 2 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/7ced784921d851ef04cf83121861e1721a6d651b

commit 7ced784921d851ef04cf83121861e1721a6d651b
Author: John Johansen <john.johansen@canonical.com>
Date: Sat Apr 16 21:19:38 2016

UPSTREAM: apparmor: fix audit full profile hname on successful load

Currently logging of a successful profile load only logs the basename
of the profile. This can result in confusion when a child profile has
the same name as the another profile in the set. Logging the hname
will ensure there is no confusion.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
(cherry picked from commit 7ee6da25dcce27b6023a8673fdf8be98dcf7cacf)
Signed-off-by: Amey Deshpande <ameyd@google.com>

TEST="emerge-lakitu lakitu-kernel-4_4"
BUG= chromium:633297 

Change-Id: I68ecd0090c70cc49c39eb7e2af58695ec29ad381
Reviewed-on: https://chromium-review.googlesource.com/365170
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>

[modify] https://crrev.com/7ced784921d851ef04cf83121861e1721a6d651b/security/apparmor/policy.c

Project Member

Comment 11 by bugdroid1@chromium.org, Aug 2 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/320f755e47c2c092bd1887eb0dd05eb5aae16f6c

commit 320f755e47c2c092bd1887eb0dd05eb5aae16f6c
Author: John Johansen <john.johansen@canonical.com>
Date: Wed Apr 20 21:18:18 2016

UPSTREAM: apparmor: ensure the target profile name is always audited

The target profile name was not being correctly audited in a few
cases because the target variable was not being set and gotos
passed the code to set it at apply:

Since it is always based on new_profile just drop the target var
and conditionally report based on new_profile.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
(cherry picked from commit f7da2de01127b58d93cebeab165136d0998e7b1a)
Signed-off-by: Amey Deshpande <ameyd@google.com>

TEST="emerge-lakitu lakitu-kernel-4_4"
BUG= chromium:633297 

Change-Id: I705c03825689613ba80ec4c4ba11850c7483c2e0
Reviewed-on: https://chromium-review.googlesource.com/365171
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>

[modify] https://crrev.com/320f755e47c2c092bd1887eb0dd05eb5aae16f6c/security/apparmor/domain.c

Project Member

Comment 12 by bugdroid1@chromium.org, Aug 2 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/f3a2e9293aee656f7624fa02c327f1871fd5dcaf

commit f3a2e9293aee656f7624fa02c327f1871fd5dcaf
Author: John Johansen <john.johansen@canonical.com>
Date: Thu Mar 17 19:02:54 2016

UPSTREAM: apparmor: check that xindex is in trans_table bounds

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
(cherry picked from commit 23ca7b640b4a55f8747301b6bd984dd05545f6a7)
Signed-off-by: Amey Deshpande <ameyd@google.com>

TEST="emerge-lakitu lakitu-kernel-4_4"
BUG= chromium:633297 

Change-Id: I033e99df371796a5bc4e2908b4e245e826eb5635
Reviewed-on: https://chromium-review.googlesource.com/365172
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>

[modify] https://crrev.com/f3a2e9293aee656f7624fa02c327f1871fd5dcaf/security/apparmor/policy_unpack.c

Project Member

Comment 13 by bugdroid1@chromium.org, Aug 2 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/c2538ac0e4d0017f46e3273a178c80e9f524bba0

commit c2538ac0e4d0017f46e3273a178c80e9f524bba0
Author: John Johansen <john.johansen@canonical.com>
Date: Wed Nov 18 19:41:05 2015

UPSTREAM: apparmor: fix ref count leak when profile sha1 hash is read

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
(cherry picked from commit 0b938a2e2cf0b0a2c8bac9769111545aff0fee97)
Signed-off-by: Amey Deshpande <ameyd@google.com>

TEST="emerge-lakitu lakitu-kernel-4_4"
BUG= chromium:633297 

Change-Id: Ief93f64f94a770679900e16051b2cf3f96793d74
Reviewed-on: https://chromium-review.googlesource.com/365173
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>

[modify] https://crrev.com/c2538ac0e4d0017f46e3273a178c80e9f524bba0/security/apparmor/apparmorfs.c

Project Member

Comment 14 by bugdroid1@chromium.org, Aug 2 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/f5e12589c2b09f0e3dc351894801d01a31e6f0b6

commit f5e12589c2b09f0e3dc351894801d01a31e6f0b6
Author: John Johansen <john.johansen@canonical.com>
Date: Thu Dec 17 02:09:10 2015

UPSTREAM: apparmor: fix refcount race when finding a child profile

When finding a child profile via an rcu critical section, the profile
may be put and scheduled for deletion after the child is found but
before its refcount is incremented.

Protect against this by repeating the lookup if the profiles refcount
is 0 and is one its way to deletion.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
(cherry picked from commit de7c4cc947f9f56f61520ee7edaf380434a98c8d)
Signed-off-by: Amey Deshpande <ameyd@google.com>

TEST="emerge-lakitu lakitu-kernel-4_4"
BUG= chromium:633297 

Change-Id: I93ea638f2859fd05ac5b207ee2ded06fa9954140
Reviewed-on: https://chromium-review.googlesource.com/365174
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>

[modify] https://crrev.com/f5e12589c2b09f0e3dc351894801d01a31e6f0b6/security/apparmor/policy.c

Project Member

Comment 15 by bugdroid1@chromium.org, Aug 2 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/1b1ccf0625ed342662ea0ea40f96a34435acb309

commit 1b1ccf0625ed342662ea0ea40f96a34435acb309
Author: Geliang Tang <geliangtang@163.com>
Date: Mon Nov 16 13:46:33 2015

UPSTREAM: apparmor: use list_next_entry instead of list_entry_next

list_next_entry has been defined in list.h, so I replace list_entry_next
with it.

Signed-off-by: Geliang Tang <geliangtang@163.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit 38dbd7d8be36b5e68c96a24b406f3653180c1c03)
Signed-off-by: Amey Deshpande <ameyd@google.com>

TEST="emerge-lakitu lakitu-kernel-4_4"
BUG= chromium:633297 

Change-Id: I2bbf492ec1b37bdea7b7528f77efbcf73beb7a6e
Reviewed-on: https://chromium-review.googlesource.com/365175
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>

[modify] https://crrev.com/1b1ccf0625ed342662ea0ea40f96a34435acb309/security/apparmor/apparmorfs.c

Project Member

Comment 16 by bugdroid1@chromium.org, Aug 2 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/aefe6e5ab348d1e52adb4e03053936afab294890

commit aefe6e5ab348d1e52adb4e03053936afab294890
Author: Jeff Mahoney <jeffm@suse.com>
Date: Fri Nov 06 20:17:30 2015

UPSTREAM: apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task

While using AppArmor, SYS_CAP_RESOURCE is insufficient to call prlimit
on another task. The only other example of a AppArmor mediating access to
another, already running, task (ignoring fork+exec) is ptrace.

The AppArmor model for ptrace is that one of the following must be true:
1) The tracer is unconfined
2) The tracer is in complain mode
3) The tracer and tracee are confined by the same profile
4) The tracer is confined but has SYS_CAP_PTRACE

1), 2, and 3) are already true for setrlimit.

We can match the ptrace model just by allowing CAP_SYS_RESOURCE.

We still test the values of the rlimit since it can always be overridden
using a value that means unlimited for a particular resource.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit ff118479a76dbece9ae1c65c7c6a3ebe9cfa73e0)
Signed-off-by: Amey Deshpande <ameyd@google.com>

TEST="emerge-lakitu lakitu-kernel-4_4"
BUG= chromium:633297 

Change-Id: If094cd75766d8f2c78601ed9856fdebb8047e0cb
Reviewed-on: https://chromium-review.googlesource.com/365176
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>

[modify] https://crrev.com/aefe6e5ab348d1e52adb4e03053936afab294890/security/apparmor/resource.c

Project Member

Comment 17 by bugdroid1@chromium.org, Aug 2 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/780a33bf6e7bb32f9cbe708aef5a2be9686d64c2

commit 780a33bf6e7bb32f9cbe708aef5a2be9686d64c2
Author: John Johansen <john.johansen@canonical.com>
Date: Thu Jun 02 09:37:02 2016

UPSTREAM: apparmor: add missing id bounds check on dfa verification

Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit 15756178c6a65b261a080e21af4766f59cafc112)
Signed-off-by: Amey Deshpande <ameyd@google.com>

TEST="emerge-lakitu lakitu-kernel-4_4"
BUG= chromium:633297 

Change-Id: I0c8071a7451133003b2b440eb5f5fa0c115314f3
Reviewed-on: https://chromium-review.googlesource.com/365177
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>

[modify] https://crrev.com/780a33bf6e7bb32f9cbe708aef5a2be9686d64c2/security/apparmor/match.c
[modify] https://crrev.com/780a33bf6e7bb32f9cbe708aef5a2be9686d64c2/security/apparmor/include/match.h

Project Member

Comment 18 by bugdroid1@chromium.org, Aug 2 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/941a52d4f5cbf68d43741047226c9024e5d4bedb

commit 941a52d4f5cbf68d43741047226c9024e5d4bedb
Author: John Johansen <john.johansen@canonical.com>
Date: Wed Jun 15 06:57:55 2016

UPSTREAM: apparmor: don't check for vmalloc_addr if kvzalloc() failed

Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit 3197f5adf539a3ee6331f433a51483f8c842f890)
Signed-off-by: Amey Deshpande <ameyd@google.com>

TEST="emerge-lakitu lakitu-kernel-4_4"
BUG= chromium:633297 

Change-Id: I970c9cb23333de9e446ee3b7c6e50ca52e0d75f1
Reviewed-on: https://chromium-review.googlesource.com/365178
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>

[modify] https://crrev.com/941a52d4f5cbf68d43741047226c9024e5d4bedb/security/apparmor/match.c

Project Member

Comment 19 by bugdroid1@chromium.org, Aug 2 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/3699500313a2e87da1728de864e4f80803110bfd

commit 3699500313a2e87da1728de864e4f80803110bfd
Author: John Johansen <john.johansen@canonical.com>
Date: Wed Jun 15 07:00:55 2016

UPSTREAM: apparmor: fix oops in profile_unpack() when policy_db is not present

BugLink: http://bugs.launchpad.net/bugs/1592547

If unpack_dfa() returns NULL due to the dfa not being present,
profile_unpack() is not checking if the dfa is not present (NULL).

Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit 5f20fdfed16bc599a325a145bf0123a8e1c9beea)
Signed-off-by: Amey Deshpande <ameyd@google.com>

TEST="emerge-lakitu lakitu-kernel-4_4"
BUG= chromium:633297 

Change-Id: Icb57caa8bfd41e43170b338144b4380e6d5f5696
Reviewed-on: https://chromium-review.googlesource.com/365179
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>

[modify] https://crrev.com/3699500313a2e87da1728de864e4f80803110bfd/security/apparmor/policy_unpack.c

Project Member

Comment 20 by bugdroid1@chromium.org, Aug 2 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/9684b73365e6976c216303d27fdaa84b1802c027

commit 9684b73365e6976c216303d27fdaa84b1802c027
Author: John Johansen <john.johansen@canonical.com>
Date: Thu Jun 23 01:01:08 2016

UPSTREAM: apparmor: fix module parameters can be changed after policy is locked

the policy_lock parameter is a one way switch that prevents policy
from being further modified. Unfortunately some of the module parameters
can effectively modify policy by turning off enforcement.

split policy_admin_capable into a view check and a full admin check,
and update the admin check to test the policy_lock parameter.

Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit 58acf9d911c8831156634a44d0b022d683e1e50c)
Signed-off-by: Amey Deshpande <ameyd@google.com>

TEST="emerge-lakitu lakitu-kernel-4_4"
BUG= chromium:633297 

Change-Id: Id46ee33ca3581e2a9dc73dd109ba9bda4f91667d
Reviewed-on: https://chromium-review.googlesource.com/365180
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>

[modify] https://crrev.com/9684b73365e6976c216303d27fdaa84b1802c027/security/apparmor/include/policy.h
[modify] https://crrev.com/9684b73365e6976c216303d27fdaa84b1802c027/security/apparmor/lsm.c
[modify] https://crrev.com/9684b73365e6976c216303d27fdaa84b1802c027/security/apparmor/policy.c

Project Member

Comment 21 by bugdroid1@chromium.org, Aug 2 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/5b5947a4db84834d0cfa680fadfc7e0f205e7edb

commit 5b5947a4db84834d0cfa680fadfc7e0f205e7edb
Author: Heinrich Schuchardt <xypron.glpk@gmx.de>
Date: Fri Jun 10 21:34:26 2016

UPSTREAM: apparmor: do not expose kernel stack

Do not copy uninitalized fields th.td_hilen, th.td_data.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit f4ee2def2d70692ccff0d55353df4ee594fd0017)
Signed-off-by: Amey Deshpande <ameyd@google.com>

TEST="emerge-lakitu lakitu-kernel-4_4"
BUG= chromium:633297 

Change-Id: I74eeccf635c583a844e29b7557152c362a9193d2
Reviewed-on: https://chromium-review.googlesource.com/365181
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>

[modify] https://crrev.com/5b5947a4db84834d0cfa680fadfc7e0f205e7edb/security/apparmor/match.c

Project Member

Comment 22 by bugdroid1@chromium.org, Aug 2 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/4d069f06cf96925e5e050d9fc152a171e8e8c8d9

commit 4d069f06cf96925e5e050d9fc152a171e8e8c8d9
Author: Vegard Nossum <vegard.nossum@oracle.com>
Date: Thu Jul 07 20:41:11 2016

UPSTREAM: apparmor: fix oops, validate buffer size in apparmor_setprocattr()

When proc_pid_attr_write() was changed to use memdup_user apparmor's
(interface violating) assumption that the setprocattr buffer was always
a single page was violated.

The size test is not strictly speaking needed as proc_pid_attr_write()
will reject anything larger, but for the sake of robustness we can keep
it in.

SMACK and SELinux look safe to me, but somebody else should probably
have a look just in case.

Based on original patch from Vegard Nossum <vegard.nossum@oracle.com>
modified for the case that apparmor provides null termination.

Fixes: bb646cdb12e75d82258c2f2e7746d5952d3e321a
Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: John Johansen <john.johansen@canonical.com>
Cc: Paul Moore <paul@paul-moore.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Eric Paris <eparis@parisplace.org>
Cc: Casey Schaufler <casey@schaufler-ca.com>
Cc: stable@vger.kernel.org
Signed-off-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
(cherry picked from commit e89b8081327ac9efbf273e790b8677e64fd0361a)
Signed-off-by: Amey Deshpande <ameyd@google.com>

TEST="emerge-lakitu lakitu-kernel-4_4"
BUG= chromium:633297 

Change-Id: I56e04f85cdcbf60bedda6f01530b5fd295f41555
Reviewed-on: https://chromium-review.googlesource.com/365182
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>

[modify] https://crrev.com/4d069f06cf96925e5e050d9fc152a171e8e8c8d9/security/apparmor/lsm.c

Project Member

Comment 23 by bugdroid1@chromium.org, Aug 2 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/d8bd5ee322c8581f630c1a9e66c570516bbec01b

commit d8bd5ee322c8581f630c1a9e66c570516bbec01b
Author: John Johansen <john.johansen@canonical.com>
Date: Sun Jul 10 06:46:33 2016

UPSTREAM: apparmor: fix arg_size computation for when setprocattr is null terminated

Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit d4d03f74a73f3b8b2801d4d02011b6b69778cbcc)
Signed-off-by: Amey Deshpande <ameyd@google.com>

TEST="emerge-lakitu lakitu-kernel-4_4"
BUG= chromium:633297 

Change-Id: I64c3ca48560192a4d08baf71638c115680e379ca
Reviewed-on: https://chromium-review.googlesource.com/365183
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>

[modify] https://crrev.com/d8bd5ee322c8581f630c1a9e66c570516bbec01b/security/apparmor/lsm.c

Comment 24 by ameyd@google.com, Aug 2 2016

Status: Fixed (was: Assigned)

Sign in to add a comment