apparmor: don't try to replace stale label in ptraceme check
Closes: #963493
This commit is contained in:
parent
6da8aff445
commit
1e3e001c12
|
@ -3,6 +3,8 @@ linux (4.19.118-3) UNRELEASED; urgency=medium
|
||||||
* ALSA: pcm: oss: Place the plugin buffer overflow checks correctly
|
* ALSA: pcm: oss: Place the plugin buffer overflow checks correctly
|
||||||
(Closes: #960493)
|
(Closes: #960493)
|
||||||
* [rt] Add new signing key for Tom Zanussi
|
* [rt] Add new signing key for Tom Zanussi
|
||||||
|
* apparmor: don't try to replace stale label in ptraceme check
|
||||||
|
(Closes: #963493)
|
||||||
|
|
||||||
-- Salvatore Bonaccorso <carnil@debian.org> Wed, 13 May 2020 17:44:43 +0200
|
-- Salvatore Bonaccorso <carnil@debian.org> Wed, 13 May 2020 17:44:43 +0200
|
||||||
|
|
||||||
|
|
43
debian/patches/bugfix/all/apparmor-don-t-try-to-replace-stale-label-in-ptracem.patch
vendored
Normal file
43
debian/patches/bugfix/all/apparmor-don-t-try-to-replace-stale-label-in-ptracem.patch
vendored
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
From: Jann Horn <jannh@google.com>
|
||||||
|
Date: Sat, 29 Sep 2018 03:49:26 +0200
|
||||||
|
Subject: apparmor: don't try to replace stale label in ptraceme check
|
||||||
|
Origin: https://git.kernel.org/linus/ca3fde5214e1d24f78269b337d3f22afd6bf445e
|
||||||
|
Bug-Debian: https://bugs.debian.org/963493
|
||||||
|
|
||||||
|
begin_current_label_crit_section() must run in sleepable context because
|
||||||
|
when label_is_stale() is true, aa_replace_current_label() runs, which uses
|
||||||
|
prepare_creds(), which can sleep.
|
||||||
|
|
||||||
|
Until now, the ptraceme access check (which runs with tasklist_lock held)
|
||||||
|
violated this rule.
|
||||||
|
|
||||||
|
Fixes: b2d09ae449ced ("apparmor: move ptrace checks to using labels")
|
||||||
|
Reported-by: Cyrill Gorcunov <gorcunov@gmail.com>
|
||||||
|
Reported-by: kernel test robot <rong.a.chen@intel.com>
|
||||||
|
Signed-off-by: Jann Horn <jannh@google.com>
|
||||||
|
Signed-off-by: John Johansen <john.johansen@canonical.com>
|
||||||
|
---
|
||||||
|
security/apparmor/lsm.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
|
||||||
|
index 2c842f24821b..d08aac05c65a 100644
|
||||||
|
--- a/security/apparmor/lsm.c
|
||||||
|
+++ b/security/apparmor/lsm.c
|
||||||
|
@@ -132,11 +132,11 @@ static int apparmor_ptrace_traceme(struct task_struct *parent)
|
||||||
|
struct aa_label *tracer, *tracee;
|
||||||
|
int error;
|
||||||
|
|
||||||
|
- tracee = begin_current_label_crit_section();
|
||||||
|
+ tracee = __begin_current_label_crit_section();
|
||||||
|
tracer = aa_get_task_label(parent);
|
||||||
|
error = aa_may_ptrace(tracer, tracee, AA_PTRACE_TRACE);
|
||||||
|
aa_put_label(tracer);
|
||||||
|
- end_current_label_crit_section(tracee);
|
||||||
|
+ __end_current_label_crit_section(tracee);
|
||||||
|
|
||||||
|
return error;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
|
@ -102,6 +102,7 @@ bugfix/all/mt76-use-the-correct-hweight8-function.patch
|
||||||
bugfix/all/rtc-s35390a-set-uie_unsupported.patch
|
bugfix/all/rtc-s35390a-set-uie_unsupported.patch
|
||||||
bugfix/all/include-uapi-linux-swab.h-fix-userspace-breakage-use.patch
|
bugfix/all/include-uapi-linux-swab.h-fix-userspace-breakage-use.patch
|
||||||
bugfix/all/ALSA-pcm-oss-Place-the-plugin-buffer-overflow-checks.patch
|
bugfix/all/ALSA-pcm-oss-Place-the-plugin-buffer-overflow-checks.patch
|
||||||
|
bugfix/all/apparmor-don-t-try-to-replace-stale-label-in-ptracem.patch
|
||||||
|
|
||||||
# Miscellaneous features
|
# Miscellaneous features
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue