Ubuntu
apparmor package

Activity log for bug #581525

Date	Who	What changed	Old value	New value	Message
2010-05-17 00:22:21	Vreixo Formoso	bug			added bug
2010-05-17 00:40:22	Vreixo Formoso	attachment added		Non standard profiles I am using http://launchpadlibrarian.net/48579999/apparmor.d.tar.gz
2010-05-17 15:44:14	Jeremy Foshee	tags		kj-triage
2010-05-27 18:46:42	Norberto Fernandez	removed subscriber Norberto Fernandez
2010-06-20 13:53:42	Vreixo Formoso	affects	linux (Ubuntu)	apparmor (Ubuntu)
2010-06-21 07:30:07	Seth Arnold	attachment added		/var/log/messages including kernel stack traces http://launchpadlibrarian.net/50670370/messages
2010-06-22 09:58:36	Seth Arnold	attachment added		/var/log/messages including kernel stack traces http://launchpadlibrarian.net/50730710/examples.desktop
2010-06-22 10:02:19	Seth Arnold	attachment added		origami initscript profile http://launchpadlibrarian.net/50730840/etc.init.d.origami
2010-07-07 19:25:05	Jamie Strandboge	bug			added subscriber Jamie Strandboge
2010-07-10 10:26:59	Seth Arnold	attachment added		This /etc/init.d/origami profile causes /etc/init.d/origami start to fail with execve(/bin/bash) = -1 ENOENT http://launchpadlibrarian.net/51670148/etc.init.d.origami
2010-07-15 14:09:30	Gabriel de Perthuis	bug			added subscriber Gabriel de Perthuis
2010-07-23 09:47:40	John Johansen	nominated for series		Ubuntu Maverick
2010-07-27 23:41:05	Leann Ogasawara	apparmor (Ubuntu): status	New	Fix Committed
2010-07-28 00:32:29	John Johansen	bug task added		linux-meta (Ubuntu)
2010-07-28 00:37:11	John Johansen	linux-meta (Ubuntu): status	New	In Progress
2010-07-28 00:37:18	John Johansen	linux-meta (Ubuntu): assignee		John Johansen (jjohansen)
2010-07-28 00:37:30	John Johansen	linux-meta (Ubuntu): milestone		lucid-updates
2010-09-05 07:26:26	Oedipe	bug			added subscriber Oedipe
2010-09-10 21:16:26	Launchpad Janitor	branch linked		lp:ubuntu/apparmor
2010-09-11 01:12:00	Jamie Strandboge	apparmor (Ubuntu): status	Fix Committed	Fix Released
2010-09-20 18:56:12	Kees Cook	affects	linux-meta (Ubuntu)	linux (Ubuntu)
2010-09-20 18:56:28	Kees Cook	bug task added		apparmor (Ubuntu Maverick)
2010-09-20 18:56:28	Kees Cook	bug task added		linux (Ubuntu Maverick)
2010-09-20 18:56:44	Kees Cook	nominated for series		Ubuntu Lucid
2010-09-20 18:56:44	Kees Cook	bug task added		apparmor (Ubuntu Lucid)
2010-09-20 18:56:44	Kees Cook	bug task added		linux (Ubuntu Lucid)
2010-09-20 18:57:06	Kees Cook	linux (Ubuntu Maverick): milestone	lucid-updates	ubuntu-10.10
2010-09-20 18:57:12	Kees Cook	apparmor (Ubuntu Lucid): status	New	In Progress
2010-09-20 18:57:16	Kees Cook	apparmor (Ubuntu Lucid): milestone		lucid-updates
2010-09-20 18:57:20	Kees Cook	linux (Ubuntu Lucid): milestone		lucid-updates
2010-09-20 18:57:22	Kees Cook	linux (Ubuntu Lucid): status	New	In Progress
2010-09-20 18:57:31	Kees Cook	linux (Ubuntu Lucid): assignee		John Johansen (jjohansen)
2010-09-20 18:57:37	Kees Cook	linux (Ubuntu Maverick): status	In Progress	Fix Released
2010-09-20 18:57:53	Kees Cook	apparmor (Ubuntu Maverick): assignee		John Johansen (jjohansen)
2010-09-20 18:58:37	Kees Cook	apparmor (Ubuntu Lucid): assignee		Kees Cook (kees)
2010-09-20 18:58:43	Kees Cook	apparmor (Ubuntu Maverick): milestone		ubuntu-10.10
2010-09-26 15:58:12	Arvid Norlander	bug			added subscriber Arvid Norlander
2010-11-02 22:58:36	Jamie Strandboge	apparmor (Ubuntu Lucid): assignee	Kees Cook (kees)	Jamie Strandboge (jdstrand)
2010-11-03 16:08:42	Jamie Strandboge	bug			added subscriber Ubuntu Stable Release Updates Team
2010-11-03 16:08:55	Jamie Strandboge	bug			added subscriber SRU Verification
2010-11-03 16:39:31	John Johansen	description	Hi, Since last week I am experiencing a problem which seems related to apparmor. Kernel is crashing at aa_dfa_match_len+0xd9/0xf0, and a trace like the the following appears on my system logs: May 17 01:57:04 mplaptop kernel: [ 6430.314093] PGD 1002063 PUD 0 May 17 01:57:04 mplaptop kernel: [ 6430.314101] CPU 1 May 17 01:57:04 mplaptop kernel: [ 6430.314103] Modules linked in: xts gf128mul binfmt_misc ppdev vboxnetadp vboxnetflt vboxdrv sha256_generic cryptd aes_x86_64 aes_generic dm_crypt joydev snd_hda_codec_realtek ipt_REJECT ipt_LOG xt_limit xt_tcpudp ipt_addrtype xt_state dell_wmi arc4 snd_hda_intel snd_hda_codec snd_hwdep snd_pcm_oss snd_mixer_oss snd_pcm ip6table_filter ip6_tables snd_seq_dummy nf_nat_irc snd_seq_oss nf_conntrack_irc snd_seq_midi nf_nat_ftp snd_rawmidi nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 snd_seq_midi_event nf_conntrack_ftp snd_seq nf_conntrack iwlagn iptable_filter snd_timer snd_seq_device iwlcore ip_tables snd uvcvideo videodev v4l1_compat v4l2_compat_ioctl32 x_tables mac80211 sdhci_pci dell_laptop dcdbas sdhci led_class nvidia(P) soundcore snd_page_alloc cfg80211 psmouse serio_raw uinput lp parport usbhid hid fbcon tileblit font bitblit ohci1394 softcursor ieee1394 r8169 mii ahci vga16fb vgastate intel_agp video output May 17 01:57:04 mplaptop kernel: [ 6430.314159] Pid: 5065, comm: gnome-panel Tainted: P D 2.6.32-22-generic #33-Ubuntu Vostro1710 May 17 01:57:04 mplaptop kernel: [ 6430.314161] RIP: 0010:[<ffffffff8127dc49>] [<ffffffff8127dc49>] aa_dfa_match_len+0xd9/0xf0 May 17 01:57:04 mplaptop kernel: [ 6430.314170] RSP: 0018:ffff880116649d20 EFLAGS: 00010216 May 17 01:57:04 mplaptop kernel: [ 6430.314172] RAX: 0000000000000039 RBX: ffff880051285a8c RCX: 0000000000000039 May 17 01:57:04 mplaptop kernel: [ 6430.314174] RDX: ffff88011e65a4f1 RSI: 0000000053726599 RDI: ffff88011e65a4f1 May 17 01:57:04 mplaptop kernel: [ 6430.314176] RBP: ffff880116649d38 R08: 0000000000000000 R09: ffff88012bbfc40c May 17 01:57:04 mplaptop kernel: [ 6430.314177] R10: ffff88009697606c R11: ffff88011e65a4ff R12: ffff88012bbfc20c May 17 01:57:04 mplaptop kernel: [ 6430.314179] R13: ffff88011e65a4de R14: ffff88011e65a4de R15: 0000000000000000 May 17 01:57:04 mplaptop kernel: [ 6430.314181] FS: 00007f689ffe17e0(0000) GS:ffff880028300000(0000) knlGS:0000000000000000 May 17 01:57:04 mplaptop kernel: [ 6430.314183] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 May 17 01:57:04 mplaptop kernel: [ 6430.314185] CR2: ffff8801d2a48f3e CR3: 0000000111c91000 CR4: 00000000000026e0 May 17 01:57:04 mplaptop kernel: [ 6430.314187] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 May 17 01:57:04 mplaptop kernel: [ 6430.314189] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 May 17 01:57:04 mplaptop kernel: [ 6430.314191] Process gnome-panel (pid: 5065, threadinfo ffff880116648000, task ffff8801360a8000) May 17 01:57:04 mplaptop kernel: [ 6430.314194] ffff880096976ea0 0000000000000001 ffff88011e65a4de ffff880116649d68 May 17 01:57:04 mplaptop kernel: [ 6430.314197] <0> ffffffff8127dc9a ffff880116649db8 ffff88012e58b800 0000000000000000 May 17 01:57:04 mplaptop kernel: [ 6430.314200] <0> ffff88013fc022a8 ffff880116649db8 ffffffff8127e7d3 ffff88012e58b818 May 17 01:57:04 mplaptop kernel: [ 6430.314206] [<ffffffff8127dc9a>] aa_dfa_match+0x3a/0x50 May 17 01:57:04 mplaptop kernel: [ 6430.314209] [<ffffffff8127e7d3>] aa_find_attach+0x93/0xf0 May 17 01:57:04 mplaptop kernel: [ 6430.314211] [<ffffffff8127f80b>] apparmor_bprm_set_creds+0x36b/0x530 May 17 01:57:04 mplaptop kernel: [ 6430.314215] [<ffffffff8108998e>] ? up_write+0xe/0x10 May 17 01:57:04 mplaptop kernel: [ 6430.314219] [<ffffffff812507e3>] security_bprm_set_creds+0x13/0x20 May 17 01:57:04 mplaptop kernel: [ 6430.314223] [<ffffffff81149431>] prepare_binprm+0xb1/0x110 May 17 01:57:04 mplaptop kernel: [ 6430.314225] [<ffffffff8114a29c>] do_execve+0x1ac/0x300 May 17 01:57:04 mplaptop kernel: [ 6430.314229] [<ffffffff812bbdda>] ? strncpy_from_user+0x4a/0x90 May 17 01:57:04 mplaptop kernel: [ 6430.314233] [<ffffffff810115ba>] sys_execve+0x4a/0x80 May 17 01:57:04 mplaptop kernel: [ 6430.314236] [<ffffffff8101360a>] stub_execve+0x6a/0xc0 May 17 01:57:04 mplaptop kernel: [ 6430.314265] RSP <ffff880116649d20> May 17 01:57:04 mplaptop kernel: [ 6430.314268] ---[ end trace 2b51de9f06402b92 ]--- Sometimes it does not seem to have visible effects, other times it renders the system unusable. When that happens, I often need to reboot several times, as the issue appears again on the next boot process. My system is an up-to-date lucid, installation mostly by default but with several dm_crypt partitions over LVM, and virtualbox-ose installed. I have also enabled the firefox apparmor profile and several other custom profiles. Note that I am sometimes experienced another extrange apparmor behavior, as it attaches (randomly) a profile to a process that has not a profile defined (lets say, for example, it attaches the firefox profile to gedit). I experienced that 2 or 3 times, I will try to give you more information next time I see it, maybe it is related to this. Finally, just note that this problem seems related to bug #529288.	SRU Justification (apparmor) 1. impact of the bug is medium for stable releases. There are two parts to this bug: the kernel side OOPSing when a the parser generates invalid tables, and the parser generating correct tables. The lucid kernel should receive the fix sometime in the future, but the userspace should also be fixed. The kernel bug was a broken test in verifying the dfa next/check table size (so the userspace bug was not caught when it should have been). This means that it can at times reference beyond the dfa table (by at most 255 entries). The userspace bug is that the next/check table is not correctly padded with 0 entries, so that it is impossible to reference beyond the end of the table when in the states that use the end of the table for their references. 2. This has been addressed during the maverick development cycle. 3. This is r1392 from the apparmor-2.5 branch. The commit mistakenly references a different bug (599450), but the text is: "Changes the table resizing so that there is always sufficient high entries in the table, preventing bounds violations from occurring." 4. TEST CASE: there are multiple possible test cases 4.1 Load a profile against a patched kernel (the maverick kernel can be used for this or a patched Lucid Kernel). The kernel will reject the profile with the following message in the logs AppArmor DFA next/check upper bounds error fixed, upgrade user space tools 4.2 The dfa verifier can be run against a profiles dfa in user space, but the checker is not part of the distro or easy to use atm as it requires manually extracting the tables from the profile. The full userspace profile verifier isn't available yet. 4.3 A profile can be compiled using the parser pre and post patching, and compared using a hex editor. The components of the profile that are changed are the size of the table and at the end of dfa table several 0 entries padding out the table. To do this choose a small profile eg. usr.sbin.tcpdump and run ./apparmor_parser -S <profile> >out.file ./apparmor_parser-patched -S <profile> >out.file2 The dfa table generated starts with the string aadfa\0 followed by a 4 byte (little endian blob size - this will differ), follow by the actual table header with various table size (some of these will change) and then the actual tables which almost fill the rest of the profile. Towards the end of the profile there should be extra 0's. And then the closing data of the profile which should not change. The data within the profile should not change beyond the couple of size entries and the 0 padding at the end. 5. The regression potential is considered low as the patch just pads out the table to make sure there are no bounds violations. The patch was pushed in maverick during its development cycle and showed no regressions. This is an important reliability fix for people who are affected (this has affected at least one Canonical server). Hi, Since last week I am experiencing a problem which seems related to apparmor. Kernel is crashing at aa_dfa_match_len+0xd9/0xf0, and a trace like the the following appears on my system logs: May 17 01:57:04 mplaptop kernel: [ 6430.314093] PGD 1002063 PUD 0 May 17 01:57:04 mplaptop kernel: [ 6430.314101] CPU 1 May 17 01:57:04 mplaptop kernel: [ 6430.314103] Modules linked in: xts gf128mul binfmt_misc ppdev vboxnetadp vboxnetflt vboxdrv sha256_generic cryptd aes_x86_64 aes_generic dm_crypt joydev snd_hda_codec_realtek ipt_REJECT ipt_LOG xt_limit xt_tcpudp ipt_addrtype xt_state dell_wmi arc4 snd_hda_intel snd_hda_codec snd_hwdep snd_pcm_oss snd_mixer_oss snd_pcm ip6table_filter ip6_tables snd_seq_dummy nf_nat_irc snd_seq_oss nf_conntrack_irc snd_seq_midi nf_nat_ftp snd_rawmidi nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 snd_seq_midi_event nf_conntrack_ftp snd_seq nf_conntrack iwlagn iptable_filter snd_timer snd_seq_device iwlcore ip_tables snd uvcvideo videodev v4l1_compat v4l2_compat_ioctl32 x_tables mac80211 sdhci_pci dell_laptop dcdbas sdhci led_class nvidia(P) soundcore snd_page_alloc cfg80211 psmouse serio_raw uinput lp parport usbhid hid fbcon tileblit font bitblit ohci1394 softcursor ieee1394 r8169 mii ahci vga16fb vgastate intel_agp video output May 17 01:57:04 mplaptop kernel: [ 6430.314159] Pid: 5065, comm: gnome-panel Tainted: P D 2.6.32-22-generic #33-Ubuntu Vostro1710 May 17 01:57:04 mplaptop kernel: [ 6430.314161] RIP: 0010:[<ffffffff8127dc49>] [<ffffffff8127dc49>] aa_dfa_match_len+0xd9/0xf0 May 17 01:57:04 mplaptop kernel: [ 6430.314170] RSP: 0018:ffff880116649d20 EFLAGS: 00010216 May 17 01:57:04 mplaptop kernel: [ 6430.314172] RAX: 0000000000000039 RBX: ffff880051285a8c RCX: 0000000000000039 May 17 01:57:04 mplaptop kernel: [ 6430.314174] RDX: ffff88011e65a4f1 RSI: 0000000053726599 RDI: ffff88011e65a4f1 May 17 01:57:04 mplaptop kernel: [ 6430.314176] RBP: ffff880116649d38 R08: 0000000000000000 R09: ffff88012bbfc40c May 17 01:57:04 mplaptop kernel: [ 6430.314177] R10: ffff88009697606c R11: ffff88011e65a4ff R12: ffff88012bbfc20c May 17 01:57:04 mplaptop kernel: [ 6430.314179] R13: ffff88011e65a4de R14: ffff88011e65a4de R15: 0000000000000000 May 17 01:57:04 mplaptop kernel: [ 6430.314181] FS: 00007f689ffe17e0(0000) GS:ffff880028300000(0000) knlGS:0000000000000000 May 17 01:57:04 mplaptop kernel: [ 6430.314183] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 May 17 01:57:04 mplaptop kernel: [ 6430.314185] CR2: ffff8801d2a48f3e CR3: 0000000111c91000 CR4: 00000000000026e0 May 17 01:57:04 mplaptop kernel: [ 6430.314187] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 May 17 01:57:04 mplaptop kernel: [ 6430.314189] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 May 17 01:57:04 mplaptop kernel: [ 6430.314191] Process gnome-panel (pid: 5065, threadinfo ffff880116648000, task ffff8801360a8000) May 17 01:57:04 mplaptop kernel: [ 6430.314194] ffff880096976ea0 0000000000000001 ffff88011e65a4de ffff880116649d68 May 17 01:57:04 mplaptop kernel: [ 6430.314197] <0> ffffffff8127dc9a ffff880116649db8 ffff88012e58b800 0000000000000000 May 17 01:57:04 mplaptop kernel: [ 6430.314200] <0> ffff88013fc022a8 ffff880116649db8 ffffffff8127e7d3 ffff88012e58b818 May 17 01:57:04 mplaptop kernel: [ 6430.314206] [<ffffffff8127dc9a>] aa_dfa_match+0x3a/0x50 May 17 01:57:04 mplaptop kernel: [ 6430.314209] [<ffffffff8127e7d3>] aa_find_attach+0x93/0xf0 May 17 01:57:04 mplaptop kernel: [ 6430.314211] [<ffffffff8127f80b>] apparmor_bprm_set_creds+0x36b/0x530 May 17 01:57:04 mplaptop kernel: [ 6430.314215] [<ffffffff8108998e>] ? up_write+0xe/0x10 May 17 01:57:04 mplaptop kernel: [ 6430.314219] [<ffffffff812507e3>] security_bprm_set_creds+0x13/0x20 May 17 01:57:04 mplaptop kernel: [ 6430.314223] [<ffffffff81149431>] prepare_binprm+0xb1/0x110 May 17 01:57:04 mplaptop kernel: [ 6430.314225] [<ffffffff8114a29c>] do_execve+0x1ac/0x300 May 17 01:57:04 mplaptop kernel: [ 6430.314229] [<ffffffff812bbdda>] ? strncpy_from_user+0x4a/0x90 May 17 01:57:04 mplaptop kernel: [ 6430.314233] [<ffffffff810115ba>] sys_execve+0x4a/0x80 May 17 01:57:04 mplaptop kernel: [ 6430.314236] [<ffffffff8101360a>] stub_execve+0x6a/0xc0 May 17 01:57:04 mplaptop kernel: [ 6430.314265] RSP <ffff880116649d20> May 17 01:57:04 mplaptop kernel: [ 6430.314268] ---[ end trace 2b51de9f06402b92 ]--- Sometimes it does not seem to have visible effects, other times it renders the system unusable. When that happens, I often need to reboot several times, as the issue appears again on the next boot process. My system is an up-to-date lucid, installation mostly by default but with several dm_crypt partitions over LVM, and virtualbox-ose installed. I have also enabled the firefox apparmor profile and several other custom profiles. Note that I am sometimes experienced another extrange apparmor behavior, as it attaches (randomly) a profile to a process that has not a profile defined (lets say, for example, it attaches the firefox profile to gedit). I experienced that 2 or 3 times, I will try to give you more information next time I see it, maybe it is related to this. Finally, just note that this problem seems related to bug #529288.
2010-12-03 17:17:51	Martin Pitt	apparmor (Ubuntu Lucid): status	In Progress	Fix Committed
2010-12-03 17:18:04	Martin Pitt	tags	kj-triage	kj-triage verification-needed
2010-12-14 20:51:14	Martin Pitt	tags	kj-triage verification-needed	kj-triage verification-done
2010-12-15 11:50:58	Launchpad Janitor	apparmor (Ubuntu Lucid): status	Fix Committed	Fix Released
2011-01-12 22:59:27	Martin Pitt	linux (Ubuntu Lucid): status	In Progress	Fix Committed
2011-01-12 22:59:36	Martin Pitt	tags	kj-triage verification-done	kj-triage
2011-01-12 22:59:40	Martin Pitt	tags	kj-triage	kj-triage verification-needed
2011-01-17 22:46:47	Brad Figg	tags	kj-triage verification-needed	kj-triage verification-done
2011-01-18 08:18:37	Launchpad Janitor	branch linked		lp:ubuntu/lucid-proposed/linux-ec2
2011-01-26 09:27:28	Launchpad Janitor	linux (Ubuntu Lucid): status	Fix Committed	Fix Released
2011-01-26 09:27:28	Launchpad Janitor	cve linked		2010-0435
2011-01-26 09:27:28	Launchpad Janitor	cve linked		2010-4165
2011-01-26 09:27:28	Launchpad Janitor	cve linked		2010-4169
2011-01-26 09:27:28	Launchpad Janitor	cve linked		2010-4249
2011-02-04 15:29:31	Launchpad Janitor	branch linked		lp:ubuntu/lucid-proposed/linux-mvl-dove
2011-02-04 15:29:48	Launchpad Janitor	branch linked		lp:ubuntu/maverick-proposed/linux-mvl-dove
2011-09-19 21:20:48	Ubuntu Foundations Team Bug Bot	tags	kj-triage verification-done	kj-triage testcase verification-done
2012-03-08 23:47:40	Stefan Metzmacher	bug			added subscriber Stefan Metzmacher
2015-02-12 07:01:45	Mathew Hodson	cve unlinked	2010-4249

Ubuntuapparmor package

Activity log for bug #581525

Ubuntu
apparmor package