audit: prevent a new auditd to stop an old auditd still alive

Bug #1633404 reported by Nicolas Dichtel on 2016-10-14
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Joseph Salisbury
Trusty
Medium
Joseph Salisbury
Xenial
Medium
Joseph Salisbury

Bug Description

The following upstream patch (v4.6) has fixed this problem:

audit: stop an old auditd being starved out by a new auditd
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=133e1e5acd4a

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1633404

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Changed in linux (Ubuntu):
status: Incomplete → Triaged
Changed in linux (Ubuntu Trusty):
status: New → Triaged
Changed in linux (Ubuntu Xenial):
status: New → Triaged
Changed in linux (Ubuntu):
importance: Undecided → Medium
Changed in linux (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux (Ubuntu Xenial):
importance: Undecided → Medium
tags: added: kernel-da-key
Changed in linux (Ubuntu):
status: Triaged → In Progress
Changed in linux (Ubuntu Trusty):
status: Triaged → In Progress
Changed in linux (Ubuntu Xenial):
status: Triaged → In Progress
Changed in linux (Ubuntu):
assignee: nobody → Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu Trusty):
assignee: nobody → Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu Xenial):
assignee: nobody → Joseph Salisbury (jsalisbury)
Joseph Salisbury (jsalisbury) wrote :

I built Trusty and Xenial test kernels with this patch.

The test kernels can be downloaded from:
Trusty: http://kernel.ubuntu.com/~jsalisbury/lp1633404/trusty
Xenial: http://kernel.ubuntu.com/~jsalisbury/lp1633404/xenial/

Can you test this kernels and see if it resolves this bug?

> The test kernels can be downloaded from:
> Trusty: http://kernel.ubuntu.com/~jsalisbury/lp1633404/trusty
> Xenial: http://kernel.ubuntu.com/~jsalisbury/lp1633404/xenial/
>
> Can you test this kernels and see if it resolves this bug?

Xenial tests are ok.

On Trusty, dkms fails:
In file included from include/linux/audit.h:28:0,
                 from include/net/xfrm.h:14,
                 from /var/lib/dkms/kcompat/2016.10.18/build/kcompat.c:28:
include/uapi/linux/audit.h:112:0: error: "AUDIT_FEATURE_CHANGE" redefined [-Werror]
 #define AUDIT_FEATURE_CHANGE 1328 /* audit log listing feature changes */
 ^
include/uapi/linux/audit.h:73:0: note: this is the location of the previous definition
 #define AUDIT_FEATURE_CHANGE 1020 /* audit log listing feature changes */
 ^
cc1: all warnings being treated as errors

Joseph Salisbury (jsalisbury) wrote :

Thanks for testing. I had to backport the patch for Trusty, so I'll review my backport and fix it if necessary. I'll have another Trusty test kernel shortly.

Joseph Salisbury (jsalisbury) wrote :

I think I see what I did wrong in the backport. I re-built a new Trusty test kernel. Itcan be downloaded from:
Trusty: http://kernel.ubuntu.com/~jsalisbury/lp1633404/trusty

Can you give this new test kernel a test?

I had problems (for now, I don't know exactly why) to test this kernel. I'm now off for about two weeks, so I won't be able to make more tests before.

Test is ok, thank you.

tags: added: trusty xenial
Luis Henriques (henrix) on 2016-11-14
Changed in linux (Ubuntu Trusty):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-trusty' to 'verification-done-trusty'. If the problem still exists, change the tag 'verification-needed-trusty' to 'verification-failed-trusty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-trusty
tags: added: verification-done-trusty
removed: verification-needed-trusty
Luis Henriques (henrix) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-xenial
tags: added: verification-done-xenial
removed: verification-needed-xenial
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.13.0-106.153

---------------
linux (3.13.0-106.153) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1647749

  * CVE-2016-7916
    - proc: prevent accessing /proc/<PID>/environ until it's ready

  * CVE-2016-6213
    - mnt: Add a per mount namespace limit on the number of mounts

  * aio completions are dropped (LP: #1641129)
    - aio: fix reqs_available handling

  * [Hyper-V] do not lose pending heartbeat vmbus packets (LP: #1632786)
    - hv: do not lose pending heartbeat vmbus packets

  * ipv6: connected routes are missing after a down/up cycle on the loopback
    (LP: #1634545)
    - ipv6: reallocate addrconf router for ipv6 address when lo device up
    - ipv6: correctly add local routes when lo goes up

  * audit: prevent a new auditd to stop an old auditd still alive (LP: #1633404)
    - audit: stop an old auditd being starved out by a new auditd

  * Setting net.ipv4.neigh.default.gc_thresh1/2/3 on 3.13.0-97.144 or later
    causes 'invalid argument' error (LP: #1634892)
    - neigh: fix setting of default gc_* values

  * move nvme driver to linux-image (LP: #1640275)
    - [Config] Add nvme to the generic inclusion list

 -- Luis Henriques <email address hidden> Tue, 06 Dec 2016 15:00:27 +0000

Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (17.0 KiB)

This bug was fixed in the package linux - 4.4.0-57.78

---------------
linux (4.4.0-57.78) xenial; urgency=low

  * Release Tracking Bug
    - LP: #1648867

  * Miscellaneous Ubuntu changes
    - SAUCE: Do not build the xr-usb-serial driver for s390

linux (4.4.0-56.77) xenial; urgency=low

  * Release Tracking Bug
    - LP: #1648867

  * Release Tracking Bug
    - LP: #1648579

  * CONFIG_NR_CPUS=256 is too low (LP: #1579205)
    - [Config] Increase the NR_CPUS to 512 for amd64 to support systems with a
      large number of cores.

  * NVMe drives in Amazon AWS instance fail to initialize (LP: #1648449)
    - SAUCE: (no-up) NVMe: only setup MSIX once

linux (4.4.0-55.76) xenial; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1648503

  * NVMe driver accidentally reverted to use GSI instead of MSIX (LP: #1647887)
    - (fix) NVMe: restore code to always use MSI/MSI-x interrupts

linux (4.4.0-54.75) xenial; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1648017

  * Update hio driver to 2.1.0.28 (LP: #1646643)
    - SAUCE: hio: update to Huawei ES3000_V2 (2.1.0.28)

  * linux: Enable live patching for all supported architectures (LP: #1633577)
    - [Config] CONFIG_LIVEPATCH=y for s390x

  * Botched backport breaks level triggered EOIs in QEMU guests with --machine
    kernel_irqchip=split (LP: #1644394)
    - kvm/irqchip: kvm_arch_irq_routing_update renaming split

  * Xenial update to v4.4.35 stable release (LP: #1645453)
    - x86/cpu/AMD: Fix cpu_llc_id for AMD Fam17h systems
    - KVM: x86: fix missed SRCU usage in kvm_lapic_set_vapic_addr
    - KVM: Disable irq while unregistering user notifier
    - fuse: fix fuse_write_end() if zero bytes were copied
    - mfd: intel-lpss: Do not put device in reset state on suspend
    - can: bcm: fix warning in bcm_connect/proc_register
    - i2c: mux: fix up dependencies
    - kbuild: add -fno-PIE
    - scripts/has-stack-protector: add -fno-PIE
    - x86/kexec: add -fno-PIE
    - kbuild: Steal gcc's pie from the very beginning
    - ext4: sanity check the block and cluster size at mount time
    - crypto: caam - do not register AES-XTS mode on LP units
    - drm/amdgpu: Attach exclusive fence to prime exported bo's. (v5)
    - clk: mmp: pxa910: fix return value check in pxa910_clk_init()
    - clk: mmp: pxa168: fix return value check in pxa168_clk_init()
    - clk: mmp: mmp2: fix return value check in mmp2_clk_init()
    - rtc: omap: Fix selecting external osc
    - iwlwifi: pcie: fix SPLC structure parsing
    - mfd: core: Fix device reference leak in mfd_clone_cell
    - uwb: fix device reference leaks
    - PM / sleep: fix device reference leak in test_suspend
    - PM / sleep: don't suspend parent when async child suspend_{noirq, late}
      fails
    - IB/mlx4: Check gid_index return value
    - IB/mlx4: Fix create CQ error flow
    - IB/mlx5: Use cache line size to select CQE stride
    - IB/mlx5: Fix fatal error dispatching
    - IB/core: Avoid unsigned int overflow in sg_alloc_table
    - IB/uverbs: Fix leak of XRC target QPs
    - IB/cm: Mark stale CM id's whenever the mad agent was unregistered
    - netfilter: nft_dynset: fix element timeou...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu):
status: In Progress → Fix Released
Brad Figg (brad-figg) on 2019-07-24
tags: added: cscc
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers