sleep from invalid context in aa_move_mount

Bug #1539349 reported by Serge Hallyn on 2016-01-29
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Tim Gardner
Wily
Undecided
John Johansen
Xenial
Medium
Tim Gardner

Bug Description

In xenial master-next, when I cp /bin/mount /home/ubuntu/mount, define the following policy:

#include <tunables/global>
/home/ubuntu/mount {
  #include <abstractions/base>
  #include <abstractions/nameservice>

  capability,
  network,
  mount,
  /** mkrwixr,
}

And then run the following script under sudo from ~/ubuntu:

#!/bin/sh

apparmor_parser -r /home/ubuntu/mount.aa
umount -l a/b
umount -l a/a
umount -l a
rm -rf a
mkdir a
mount --bind a a
mount --make-slave a
mkdir a/a a/b
mount -t tmpfs tmpfs a/a
/home/ubuntu/mount --move a/a a/b

I get the following kernel warning:

Jan 29 02:36:06 seth kernel: audit: type=1400 audit(1454034966.022:15): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/home/ubuntu/mount" pid=1179 comm="apparmor_parser"
Jan 29 02:36:06 seth kernel: BUG: sleeping function called from invalid context at mm/slub.c:1287
Jan 29 02:36:06 seth kernel: in_atomic(): 1, irqs_disabled(): 0, pid: 1189, name: mount
Jan 29 02:36:06 seth kernel: no locks held by mount/1189.
Jan 29 02:36:06 seth kernel: CPU: 0 PID: 1189 Comm: mount Not tainted 4.4.0+ #4
Jan 29 02:36:06 seth kernel: Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Jan 29 02:36:06 seth kernel: 0000000000000000 00000000a02414bf ffff88007784fc28 ffffffff81449309
Jan 29 02:36:06 seth kernel: ffff880079129580 ffff88007784fc50 ffffffff810b5789 ffffffff81ce0e60
Jan 29 02:36:06 seth kernel: 0000000000000507 0000000000000000 ffff88007784fc78 ffffffff810b5889
Jan 29 02:36:06 seth kernel: Call Trace:
Jan 29 02:36:06 seth kernel: [<ffffffff81449309>] dump_stack+0x4b/0x72
Jan 29 02:36:06 seth kernel: [<ffffffff810b5789>] ___might_sleep+0x179/0x230
Jan 29 02:36:06 seth kernel: [<ffffffff810b5889>] __might_sleep+0x49/0x80
Jan 29 02:36:06 seth kernel: [<ffffffff81258814>] ? getname_kernel+0x34/0x120
Jan 29 02:36:06 seth kernel: [<ffffffff81221fcb>] kmem_cache_alloc+0x1db/0x2a0
Jan 29 02:36:06 seth kernel: [<ffffffff81258814>] getname_kernel+0x34/0x120
Jan 29 02:36:06 seth kernel: [<ffffffff81258e96>] kern_path+0x16/0x30
Jan 29 02:36:06 seth kernel: [<ffffffff813e98ac>] aa_move_mount+0x17c/0x320
Jan 29 02:36:06 seth kernel: [<ffffffff813df7a3>] apparmor_sb_mount+0x233/0x2d0
Jan 29 02:36:06 seth kernel: [<ffffffff81392be7>] security_sb_mount+0x57/0x80
Jan 29 02:36:06 seth kernel: [<ffffffff8126f581>] do_mount+0xb1/0xe60
Jan 29 02:36:06 seth kernel: [<ffffffff811f0416>] ? __might_fault+0x96/0xa0
Jan 29 02:36:06 seth kernel: [<ffffffff811deae3>] ? memdup_user+0x53/0x80
Jan 29 02:36:06 seth kernel: [<ffffffff8127066f>] SyS_mount+0x9f/0x100
Jan 29 02:36:06 seth kernel: [<ffffffff818d0af6>] entry_SYSCALL_64_fastpath+0x16/0x76

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1539349

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Changed in linux (Ubuntu):
importance: Undecided → Medium
Tim Gardner (timg-tpi) on 2016-02-01
Changed in linux (Ubuntu Wily):
assignee: nobody → John Johansen (jjohansen)
status: New → Fix Committed
Changed in linux (Ubuntu Xenial):
assignee: nobody → Tim Gardner (timg-tpi)
status: Incomplete → Fix Committed
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-wily' to 'verification-done-wily'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-wily
Launchpad Janitor (janitor) wrote :
Download full text (4.0 KiB)

This bug was fixed in the package linux - 4.4.0-4.19

---------------
linux (4.4.0-4.19) xenial; urgency=low

  * update ZFS and SPL to 0.6.5.4 (LP: #1542296)
    - [Config] update spl/zfs version
    - SAUCE: (noup) Update spl to 0.6.5.4-0ubuntu2, zfs to 0.6.5.4-0ubuntu1
    - [Config] reconstruct -- drop links for zfs userspace components
    - [Config] reconstruct -- drop links for zfs userspace components -- restore spec links

  * recvmsg() fails SCM_CREDENTIALS request with EOPNOTSUPP. (LP: #1540731)
    - Revert "af_unix: Revert 'lock_interruptible' in stream receive code"

  * lxc: ADT exercise test failing with linux-4.4.0-3.17 (LP: #1542049)
    - Revert "UBUNTU: SAUCE: apparmor: fix sleep from invalid context"

  * WARNING: at /build/linux-lts-wily-W0lTWH/linux-lts-wily-4.2.0/net/core/skbuff.c:4174 (Travis IB) (LP: #1541326)
    - SAUCE: IB/IPoIB: Do not set skb truesize since using one linearskb

  * backport Microsoft Precision Touchpad palm rejection patch (LP: #1541671)
    - HID: multitouch: enable palm rejection if device implements confidence usage

  * [Ubuntu 16.04] Update qla2xxx driver for POWER (QLogic) (LP: #1541456)
    - qla2xxx: Remove unavailable firmware files
    - qla2xxx: Enable Extended Logins support
    - qla2xxx: Enable Exchange offload support.
    - qla2xxx: Enable Target counters in DebugFS.
    - qla2xxx: Add FW resource count in DebugFS.
    - qla2xxx: Added interface to send explicit LOGO.
    - qla2xxx: Delete session if initiator is gone from FW
    - qla2xxx: Wait for all conflicts before ack'ing PLOGI
    - qla2xxx: Replace QLA_TGT_STATE_ABORTED with a bit.
    - qla2xxx: Remove dependency on hardware_lock to reduce lock contention.
    - qla2xxx: Add irq affinity notification
    - qla2xxx: Add selective command queuing
    - qla2xxx: Move atioq to a different lock to reduce lock contention
    - qla2xxx: Disable ZIO at start time.
    - qla2xxx: Set all queues to 4k
    - qla2xxx: Check for online flag instead of active reset when transmitting responses
    - scsi: qla2xxxx: avoid type mismatch in comparison

  * [Hyper-V] PCI Passthrough (LP: #1541120)
    - x86/irq: Export functions to allow MSI domains in modules
    - genirq/msi: Export functions to allow MSI domains in modules

  * Update lpfc driver to 11.0.0.10 (LP: #1541592)
    - lpfc: Fix FCF Infinite loop in lpfc_sli4_fcf_rr_next_index_get.
    - lpfc: Fix the FLOGI discovery logic to comply with T11 standards
    - lpfc: Fix RegLogin failed error seen on Lancer FC during port bounce
    - lpfc: Fix driver crash when module parameter lpfc_fcp_io_channel set to 16
    - lpfc: Fix crash in fcp command completion path.
    - lpfc: Modularize and cleanup FDMI code in driver
    - lpfc: Fix RDP Speed reporting.
    - lpfc: Fix RDP ACC being too long.
    - lpfc: Make write check error processing more resilient
    - lpfc: Use new FDMI speed definitions for 10G, 25G and 40G FCoE.
    - lpfc: Fix mbox reuse in PLOGI completion
    - lpfc: Fix external loopback failure.
    - lpfc: Add logging for misconfigured optics.
    - lpfc: Delete unnecessary checks before the function call "mempool_destroy"
    - lpfc: Use kzalloc instead of kmalloc
...

Read more...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
Serge Hallyn (serge-hallyn) wrote :

I get no warnings with 4.2.0-29-generic #34-Ubuntu

Serge Hallyn (serge-hallyn) wrote :

Wait, that's not a valid test is it.

Serge Hallyn (serge-hallyn) wrote :

Well, that's wily-proposed, so +1

tags: added: verification-done
removed: verification-needed-wily
Launchpad Janitor (janitor) wrote :
Download full text (43.7 KiB)

This bug was fixed in the package linux - 4.2.0-30.35

---------------
linux (4.2.0-30.35) wily; urgency=low

  [ Seth Forshee ]

  * SAUCE: cred: Add clone_cred() interface
    - LP: #1531747, #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Use mounter's credentials instead of selectively
    raising caps
    - LP: #1531747, #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.*
    xattrs
    - LP: #1531747, #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Be more careful about copying up sxid files
    - LP: #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Propogate nosuid from lower and upper mounts
    - LP: #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576

linux (4.2.0-29.34) wily; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1543167

  [ Brad Figg ]

  * Revert "SAUCE: apparmor: fix sleep from invalid context"
    - LP: #1542049

  [ Upstream Kernel Changes ]

  * Revert "af_unix: Revert 'lock_interruptible' in stream receive code"
    - LP: #1540731

linux (4.2.0-28.33) wily; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1540634

  [ Brad Figg ]

  * CONFIG: CONFIG_DEBUG_UART_BCM63XX is not set

  [ J. R. Okajima ]

  * SAUCE: ubuntu: aufs: tiny, extract a new func xino_fwrite_wkq()
    - LP: #1533043
  * SAUCE: ubuntu: aufs: for 4.3, XINO handles EINTR from the dying process
    - LP: #1533043

  [ John Johansen ]

  * SAUCE: (no-up): apparmor: fix for failed mediation of socket that is
    being shutdown
    - LP: #1446906
  * SAUCE: apparmor: fix sleep from invalid context
    - LP: #1539349

  [ Tim Gardner ]

  * [Config] Add pvpanic to virtual flavour
    - LP: #1537923

  [ Upstream Kernel Changes ]

  * Revert "ACPI / LPSS: allow to use specific PM domain during ->probe()"
    - LP: #1540532
  * tools: Add a "make all" rule
    - LP: #1536370
  * vf610_adc: Fix internal temperature calculation
    - LP: #1536370
  * iio: lpc32xx_adc: fix warnings caused by enabling unprepared clock
    - LP: #1536370
  * iio:ad5064: Make sure ad5064_i2c_write() returns 0 on success
    - LP: #1536370
  * iio: ad5064: Fix ad5629/ad5669 shift
    - LP: #1536370
  * iio:ad7793: Fix ad7785 product ID
    - LP: #1536370
  * iio: adc: vf610_adc: Fix division by zero error
    - LP: #1536370
  * mmc: mmc: Improve reliability of mmc_select_hs200()
    - LP: #1536370
  * mmc: mmc: Fix HS setting in mmc_select_hs400()
    - LP: #1536370
  * mmc: mmc: Move mmc_switch_status()
    - LP: #1536370
  * mmc: mmc: Improve reliability of mmc_select_hs400()
    - LP: #1536370
  * crypto: qat - don't use userspace pointer
    - LP: #1536370
  * iio: si7020: Swap data byte order
    - LP: #1536370
  * iio: adc: xilinx: Fix VREFN scale
    - LP: #1536370
  * ipmi: Start the timer and thread on internal msgs
    - LP: #1536370
  * drm/i915: quirk backlight present on Macbook 4, 1
    - LP: #1536370
  * drm/i915: get runtime PM reference around GEM set_caching IOCTL
    - LP: #1536370
  * drm/radeon: Disable uncacheable CPU mappings of GTT with RV6xx
    - LP: #1536370
  *...

Changed in linux (Ubuntu Wily):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers