apparmor bad lock balance during policy introspection
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
High
|
John Johansen | ||
Saucy |
Fix Released
|
High
|
John Johansen | ||
linux-goldfish (Ubuntu) |
Fix Released
|
High
|
John Johansen | ||
Saucy |
Fix Released
|
High
|
John Johansen | ||
linux-grouper (Ubuntu) |
Fix Released
|
High
|
John Johansen | ||
Saucy |
Fix Released
|
High
|
John Johansen | ||
linux-maguro (Ubuntu) |
Fix Released
|
High
|
John Johansen | ||
Saucy |
Fix Released
|
High
|
John Johansen | ||
linux-mako (Ubuntu) |
Fix Released
|
High
|
John Johansen | ||
Saucy |
Fix Released
|
High
|
John Johansen | ||
linux-manta (Ubuntu) |
Fix Released
|
High
|
John Johansen | ||
Saucy |
Fix Released
|
High
|
John Johansen |
Bug Description
There is a bug in the profile introspection file that results in a virtual root ns lock being released twice. Introspection from the root policy namespace is handled correctly it is only when introspection is done from a task in a sub policy namespace that becomes its virtual ns root.
This results in the following lockdep trace
[ 78.479744] [ BUG: bad unlock balance detected! ]
[ 78.479792] 3.11.0-11-generic #17 Not tainted
[ 78.479838] -------
[ 78.479885] grep/2223 is trying to release lock (&ns->lock) at:
[ 78.479952] [<ffffffff817bf
[ 78.480002] but there are no more locks to release!
[ 78.480037]
[ 78.480037] other info that might help us debug this:
[ 78.480037] 1 lock held by grep/2223:
[ 78.480037] #0: (&p->lock){+.+.+.}, at: [<ffffffff81211
[ 78.480037]
[ 78.480037] stack backtrace:
[ 78.480037] CPU: 0 PID: 2223 Comm: grep Not tainted 3.11.0-11-generic #17
[ 78.480037] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 78.480037] ffffffff817bf3be ffff880007763d60 ffffffff817b97ef ffff8800189d2190
[ 78.480037] ffff880007763d88 ffffffff810e1c6e ffff88001f044730 ffff8800189d2190
[ 78.480037] ffffffff817bf3be ffff880007763e00 ffffffff810e5bd6 0000000724fe56b7
[ 78.480037] Call Trace:
[ 78.480037] [<ffffffff817bf
[ 78.480037] [<ffffffff817b9
[ 78.480037] [<ffffffff810e1
[ 78.480037] [<ffffffff817bf
[ 78.480037] [<ffffffff810e5
[ 78.480037] [<ffffffff817bf
[ 78.480037] [<ffffffff817bf
[ 78.480037] [<ffffffff810e5
[ 78.480037] [<ffffffff817bf
[ 78.480037] [<ffffffff817bf
[ 78.480037] [<ffffffff81376
[ 78.480037] [<ffffffff81211
[ 78.480037] [<ffffffff811e9
[ 78.480037] [<ffffffff811ea
[ 78.480037] [<ffffffff817cc
Requires:
user of policy namespaces
root process with in alternate policy namespace reading the /sys/kernel/
Related branches
Changed in linux (Ubuntu): | |
status: | New → In Progress |
summary: |
- apparmor bad lock balance in during policy introspection + apparmor bad lock balance during policy introspection |
Changed in linux (Ubuntu Saucy): | |
importance: | Undecided → High |
status: | In Progress → Fix Committed |
Changed in linux-grouper (Ubuntu Saucy): | |
status: | New → Fix Committed |
importance: | Undecided → High |
assignee: | nobody → John Johansen (jjohansen) |
Changed in linux-maguro (Ubuntu Saucy): | |
status: | New → Fix Committed |
importance: | Undecided → High |
assignee: | nobody → John Johansen (jjohansen) |
Changed in linux-mako (Ubuntu Saucy): | |
status: | New → Fix Committed |
importance: | Undecided → High |
assignee: | nobody → John Johansen (jjohansen) |
Changed in linux-manta (Ubuntu Saucy): | |
assignee: | nobody → John Johansen (jjohansen) |
importance: | Undecided → High |
status: | New → Fix Committed |
Changed in linux-goldfish (Ubuntu Saucy): | |
assignee: | nobody → John Johansen (jjohansen) |
importance: | Undecided → High |
status: | New → Fix Committed |
This bug was fixed in the package linux-goldfish - 3.4.0-1.7
---------------
linux-goldfish (3.4.0-1.7) saucy; urgency=low
[ John Johansen ]
* SAUCE: apparmor: fix unix domain sockets to be mediated on connection
- LP: #1208988
* SAUCE: apparmor: allocate path lookup buffers during init
- LP: #1208988
* SAUCE: apparmor: fix memleak of the profile hash
- LP: #1235523
* SAUCE: apparmor: fix memleak of replacedby struct
- LP: #1235973
* SAUCE: apparmor: fix bad lock balance when introspecting policy
- LP: #1235977
[ Tim Gardner ]
* [Config] Use gcc-4.6 for armhf
- LP: #1236444
-- Andy Whitcroft <email address hidden> Tue, 08 Oct 2013 11:06:06 +0100