Ubuntu
linux-mako package

apparmor fd_inheritance regression test causes kernel to crash on touch kernel backports

Bug #1423810 reported by Steve Beattie
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
krillin
New
Undecided
Unassigned
vegetahd
New
Undecided
Unassigned
apparmor (Ubuntu)
Triaged
Medium
John Johansen
linux-flo (Ubuntu)
In Progress
Medium
John Johansen
linux-goldfish (Ubuntu)
In Progress
Medium
John Johansen
linux-mako (Ubuntu)
In Progress
Medium
John Johansen
linux-manta (Ubuntu)
In Progress
Medium
John Johansen

Bug Description

On krillin with vivid-proposed, running the fd_inheritance test from the apparmor regression tests causes the kernel to crash and spontaneously reboot the device:

phablet@ubuntu-phablet:~/src/apparmor-2.9.1/tests/regression/apparmor$ logger "running fd_inheritance tests now"
phablet@ubuntu-phablet:~/src/apparmor-2.9.1/tests/regression/apparmor$ sudo sh -c 'VERBOSE=1 bash fd_inheritance.sh'
ok: fd inheritance; unconfined -> unconfined
ok: fd inheritance; confined -> unconfined
ok: fd inheritance; confined (bad perm) -> unconfined
ok: fd inheritance; confined (no perm) -> unconfined
ok: fd inheritance; unconfined -> confined
ok: fd inheritance; unconfined -> confined (no perm)
ok: fd inheritance; confined -> confined
ok: fd inheritance; confined (bad perm) -> confined
ok: fd inheritance; confined (no perm) -> confined
ok: fd inheritance; confined -> confined (bad perm)
[device reboots here]

This is what syslog sees before it falls over, though nothing after the logger invocation makes it to the disk:
Feb 20 03:51:47 ubuntu-phablet phablet: running fd_inheritance tests now
Feb 20 03:52:05 ubuntu-phablet kernel: [ 489.942611]type=1400 audit(1424404325.798:141): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritance" pid=7449 comm="apparmor_parser"
Feb 20 03:52:06 ubuntu-phablet kernel: [ 490.272023]type=1400 audit(1424404326.128:142): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritance" pid=7477 comm="apparmor_parser"
Feb 20 03:52:06 ubuntu-phablet kernel: [ 490.305028]type=1400 audit(1424404326.158:143): apparmor="DENIED" operation="open" profile="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritance" name="/tmp/sdtest.7416-27080-LFDs8z/file" pid=7483 comm="fd_inheritance" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Feb 20 03:52:06 ubuntu-phablet kernel: [ 490.573275]type=1400 audit(1424404326.428:144): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritance" pid=7505 comm="apparmor_parser"
Feb 20 03:52:06 ubuntu-phablet kernel: [ 490.606454]type=1400 audit(1424404326.468:145): apparmor="DENIED" operation="open" profile="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritance" name="/tmp/sdtest.7416-27080-LFDs8z/file" pid=7510 comm="fd_inheritance" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Feb 20 03:52:06 ubuntu-phablet kernel: [ 490.886149]type=1400 audit(1424404326.748:146): apparmor="STATUS" operation="profile_remove" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritance" pid=7536 comm="apparmor_parser"
Feb 20 03:52:06 ubuntu-phablet kernel: [ 490.916538]type=1400 audit(1424404326.778:147): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritor" pid=7537 comm="apparmor_parser"
Feb 20 03:52:07 ubuntu-phablet kernel: [ 491.226336]type=1400 audit(1424404327.088:148): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritor" pid=7568 comm="apparmor_parser"
Feb 20 03:52:07 ubuntu-phablet kernel: [ 491.734888]type=1400 audit(1424404327.588:149): apparmor="STATUS" operation="profile_remove" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritor" pid=7612 comm="apparmor_parser"
Feb 20 03:52:07 ubuntu-phablet kernel: [ 491.786710]type=1400 audit(1424404327.648:150): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritance" pid=7613 comm="apparmor_parser"
Feb 20 03:52:07 ubuntu-phablet kernel: [ 491.787186]type=1400 audit(1424404327.648:151): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritor" pid=7613 comm="apparmor_parser"
Feb 20 03:52:08 ubuntu-phablet kernel: [ 492.354445]type=1400 audit(1424404328.208:152): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritance" pid=7658 comm="apparmor_parser"
Feb 20 03:52:08 ubuntu-phablet kernel: [ 492.354874]type=1400 audit(1424404328.208:153): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritor" pid=7658 comm="apparmor_parser"
Feb 20 03:52:08 ubuntu-phablet kernel: [ 492.398480]type=1400 audit(1424404328.258:154): apparmor="DENIED" operation="open" profile="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritance" name="/tmp/sdtest.7416-27080-LFDs8z/file" pid=7665 comm="fd_inheritance" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Feb 20 03:52:08 ubuntu-phablet kernel: [ 492.889451]type=1400 audit(1424404328.748:155): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritance" pid=7704 comm="apparmor_parser"
Feb 20 03:52:08 ubuntu-phablet kernel: [ 492.889889]type=1400 audit(1424404328.748:156): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritor" pid=7704 comm="apparmor_parser"
Feb 20 03:52:08 ubuntu-phablet kernel: [ 492.933754]type=1400 audit(1424404328.788:157): apparmor="DENIED" operation="open" profile="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritance" name="/tmp/sdtest.7416-27080-LFDs8z/file" pid=7710 comm="fd_inheritance" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Feb 20 03:52:09 ubuntu-phablet kernel: [ 493.453991]type=1400 audit(1424404329.308:158): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritance" pid=7749 comm="apparmor_parser"
Feb 20 03:52:09 ubuntu-phablet kernel: [ 493.454422]type=1400 audit(1424404329.308:159): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritor" pid=7749 comm="apparmor_parser"
Feb 20 03:52:09 ubuntu-phablet kernel: [ 493.498903]type=1400 audit(1424404329.358:160): apparmor="DENIED" operation="file_inherit" profile="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritor" name="/tmp/sdtest.7416-27080-LFDs8z/file" pid=7755 comm="fd_inheritor" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Feb 20 03:52:09 ubuntu-phablet kernel: [ 493.500082]type=1400 audit(1424404329.358:161): apparmor="DENIED" operation="file_perm" profile="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritor" name="/tmp/sdtest.7416-27080-LFDs8z/file" pid=7755 comm="fd_inheritor" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Feb 20 03:52:09 ubuntu-phablet kernel: [ 494.025605]type=1400 audit(1424404329.878:162): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritance" pid=7798 comm="apparmor_parser"
Feb 20 03:52:09 ubuntu-phablet kernel: [ 494.026398]type=1400 audit(1424404329.888:163): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritor" pid=7798 comm="apparmor_parser"

Note that because krillin is based on a 3.4 kernel, dmesg -w does not work to see anything emitted by the kernel before the spontaneous reboot.

ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: apparmor 2.8.98-0ubuntu4
ProcVersionSignature: Error: [Errno 2] No such file or directory: '/proc/version_signature'
Uname: Linux 3.4.67 armv7l
ApportVersion: 2.16.1-0ubuntu2
Architecture: armhf
Date: Fri Feb 20 06:31:26 2015
InstallationDate: Installed on 2015-02-18 (1 days ago)
InstallationMedia: Ubuntu Vivid Vervet (development branch) - armhf (20150218-191234)
KernLog:

ProcKernelCmdline: console=ttyMT0,921600n1 vmalloc=496M slub_max_order=0 lcm=1-hx8389_qhd_dsi_vdo_truly fps=6658 bootprof.pl_t=2415 bootprof.lk_t=1678 printk.disable_uart=1 boot_reason=4 datapart=/dev/mmcblk0p7 systempart=/dev/mmcblk0p6 androidboot.serialno=JB050183 lcm=1-hx8389_qhd_dsi_vdo_truly fps=6658 bootprof.pl_t=2415 bootprof.lk_t=1678 printk.disable_uart=1 boot_reason=4 datapart=/dev/mmcblk0p7 systempart=/dev/mmcblk0p6 androidboot.serialno=JB050183
PstreeP: Error: [Errno 2] No such file or directory: '/usr/bin/pstree'
SourcePackage: apparmor
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Steve Beattie (sbeattie) wrote :
Revision history for this message
Steve Beattie (sbeattie) wrote :

Looks like the socketpair tests cause a similar issue:

phablet@ubuntu-phablet:~/src/apparmor-2.9.1/tests/regression/apparmor$ sudo sh -c 'VERBOSE=1 bash socketpair.sh'
[sudo] password for phablet:
ok: SOCKETPAIR (unconfined)
ok: SOCKETPAIR (unconfined bad con)
ok: SOCKETPAIR (unconfined bad mode)
ok: SOCKETPAIR (confined)
ok: SOCKETPAIR (confined bad con)
ok: SOCKETPAIR (confined bad mode)
ok: SOCKETPAIR (complain)
ok: SOCKETPAIR (complain bad mode)
ok: SOCKETPAIR (complain)
ok: SOCKETPAIR (confined exec transition)
ok: SOCKETPAIR (confined exec transition, crosscheck rejection)
ok: SOCKETPAIR (confined exec no transition)
ok: SOCKETPAIR (confined exec transition from complain)
ok: SOCKETPAIR (confined exec transition to complain)
[phone spontaneously reboots here]

Revision history for this message
Steve Beattie (sbeattie) wrote :

And the unix_fd_server test as well:

phablet@ubuntu-phablet:~/src/apparmor-2.9.1/tests/regression/apparmor$ sudo sh -c 'VERBOSE=1 bash unix_fd_server.sh'
[sudo] password for phablet:
ok: fd passing; unconfined -> unconfined
ok: fd passing; confined -> unconfined
ok: fd passing; confined (bad perm) -> unconfined
ok: fd passing; confined (no perm) -> unconfined
ok: fd passing; unconfined -> confined
ok: fd passing; unconfined -> confined (no perm)
ok: fd passing; confined -> confined
ok: fd passing; confined (bad perm) -> confined
ok: fd passing; confined (no perm) -> confined
ok: fd passing; confined -> confined (bad perm)

Revision history for this message
Steve Beattie (sbeattie) wrote :

... and the unix_socket_unamed test:

phablet@ubuntu-phablet:~/src/apparmor-2.9.1/tests/regression/apparmor$ sudo sh -c 'VERBOSE=1 bash unix_socket_unnamed.sh'
[sudo] password for phablet:
ok: AF_UNIX unnamed socket (stream); unconfined server
ok: AF_UNIX unnamed socket (stream); confined server (implicit perms)
ok: AF_UNIX unnamed socket (stream); confined server (explicit perms)
ok: AF_UNIX unnamed socket (stream); confined server (type)
ok: AF_UNIX unnamed socket (stream); confined server (addr)
ok: AF_UNIX unnamed socket (stream); confined server (peer label w/ implicit perms)
ok: AF_UNIX unnamed socket (stream); confined server (peer label w/ explicit perms)
ok: AF_UNIX unnamed socket (stream); confined server (type, addr)
ok: AF_UNIX unnamed socket (stream); confined server (type, addr, peer label)
ok: AF_UNIX unnamed socket (stream); confined server (no unix rule)
ok: AF_UNIX unnamed socket (stream); confined server (missing perm: create)
ok: AF_UNIX unnamed socket (stream); confined server (missing perm: getopt)
ok: AF_UNIX unnamed socket (stream); confined server (missing perm: setopt)
ok: AF_UNIX unnamed socket (stream); confined server (missing perm: shutdown)
ok: AF_UNIX unnamed socket (stream); confined server (missing perm: read)
ok: AF_UNIX unnamed socket (stream); confined server (missing perm: write)
ok: AF_UNIX unnamed socket (stream); confined server (bad type)
ok: AF_UNIX unnamed socket (stream); confined server (bad addr)
ok: AF_UNIX unnamed socket (stream); confined server (bad peer label)
ok: AF_UNIX unnamed socket (stream); unconfined client
ok: AF_UNIX unnamed socket (stream); confined client (implicit perms)
ok: AF_UNIX unnamed socket (stream); confined client (explicit perms)
ok: AF_UNIX unnamed socket (stream); confined client (type)
ok: AF_UNIX unnamed socket (stream); confined client (peer label w/ implicit perms)
ok: AF_UNIX unnamed socket (stream); confined client (peer label w/ explicit perms)
ok: AF_UNIX unnamed socket (stream); confined client (peer addr)
ok: AF_UNIX unnamed socket (stream); confined client (peer label, peer addr)
ok: AF_UNIX unnamed socket (stream); confined client (type, peer label, peer addr)
ok: AF_UNIX unnamed socket (stream); confined client (no unix rule)
ok: AF_UNIX unnamed socket (stream); confined client (missing perm: getopt)
ok: AF_UNIX unnamed socket (stream); confined client (missing perm: setopt)
ok: AF_UNIX unnamed socket (stream); confined client (missing perm: getattr)

Revision history for this message
Steve Beattie (sbeattie) wrote :

While it's not surprising, I've confirmed that this issues affects ubuntu-rtm/14.09 on krillin as well.

Revision history for this message
John Johansen (jjohansen) wrote :

This only affects backport kernel based on the 3.5 or earlier kernels.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Bug is in the various kernels. apparmor task is to track getting the patch into the backports tree.

Changed in linux-flo (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → John Johansen (jjohansen)
Changed in linux-goldfish (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → John Johansen (jjohansen)
Changed in linux-mako (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → John Johansen (jjohansen)
tags: added: aa-kernel
Changed in linux-manta (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → John Johansen (jjohansen)
Changed in apparmor (Ubuntu):
status: New → Triaged
assignee: nobody → John Johansen (jjohansen)
summary: - [krillin] apparmor fd_inheritance regression test causes kernel to crash
+ apparmor fd_inheritance regression test causes kernel to crash on touch
+ kernel backports
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Updated the summary since it said it was for krillin and the krillin task is being tracked in bug #1427825.

Alberto Salvia Novella (es20490446e)
Changed in apparmor (Ubuntu):
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.