packages (LINUX_2_6_38): kernel/kernel-small_fixes.patch - fix apparmor sle...

Sun Jun 12 08:32:29 CEST 2011

Author: arekm                        Date: Sun Jun 12 06:32:29 2011 GMT
Module: packages                      Tag: LINUX_2_6_38
---- Log message:
- fix apparmor sleep in invalid context

---- Files affected:
packages/kernel:
   kernel-small_fixes.patch (1.25.2.2 -> 1.25.2.3) 

---- Diffs:

================================================================
Index: packages/kernel/kernel-small_fixes.patch
diff -u packages/kernel/kernel-small_fixes.patch:1.25.2.2 packages/kernel/kernel-small_fixes.patch:1.25.2.3

--- packages/kernel/kernel-small_fixes.patch:1.25.2.2	Fri Jun  3 09:20:41 2011
+++ packages/kernel/kernel-small_fixes.patch	Sun Jun 12 08:32:24 2011
@@ -119,3 +119,54 @@
 
 
 
+commit 1780f2d3839a0d3eb85ee014a708f9e2c8f8ba0e
+Author: John Johansen <john.johansen at canonical.com>
+Date:   Wed Jun 8 15:07:47 2011 -0700
+
+    AppArmor: Fix sleep in invalid context from task_setrlimit
+    
+    Affected kernels 2.6.36 - 3.0
+    
+    AppArmor may do a GFP_KERNEL memory allocation with task_lock(tsk->group_leader);
+    held when called from security_task_setrlimit.  This will only occur when the
+    task's current policy has been replaced, and the task's creds have not been
+    updated before entering the LSM security_task_setrlimit() hook.
+    
+    BUG: sleeping function called from invalid context at mm/slub.c:847
+     in_atomic(): 1, irqs_disabled(): 0, pid: 1583, name: cupsd
+     2 locks held by cupsd/1583:
+      #0:  (tasklist_lock){.+.+.+}, at: [<ffffffff8104dafa>] do_prlimit+0x61/0x189
+      #1:  (&(&p->alloc_lock)->rlock){+.+.+.}, at: [<ffffffff8104db2d>]
+    do_prlimit+0x94/0x189
+     Pid: 1583, comm: cupsd Not tainted 3.0.0-rc2-git1 #7
+     Call Trace:
+      [<ffffffff8102ebf2>] __might_sleep+0x10d/0x112
+      [<ffffffff810e6f46>] slab_pre_alloc_hook.isra.49+0x2d/0x33
+      [<ffffffff810e7bc4>] kmem_cache_alloc+0x22/0x132
+      [<ffffffff8105b6e6>] prepare_creds+0x35/0xe4
+      [<ffffffff811c0675>] aa_replace_current_profile+0x35/0xb2
+      [<ffffffff811c4d2d>] aa_current_profile+0x45/0x4c
+      [<ffffffff811c4d4d>] apparmor_task_setrlimit+0x19/0x3a
+      [<ffffffff811beaa5>] security_task_setrlimit+0x11/0x13
+      [<ffffffff8104db6b>] do_prlimit+0xd2/0x189
+      [<ffffffff8104dea9>] sys_setrlimit+0x3b/0x48
+      [<ffffffff814062bb>] system_call_fastpath+0x16/0x1b
+    
+    Signed-off-by: John Johansen <john.johansen at canonical.com>
+    Reported-by: Miles Lane <miles.lane at gmail.com>
+    Cc: stable at kernel.org
+    Signed-off-by: James Morris <jmorris at namei.org>
+
+diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
+index ec1bcec..3d2fd14 100644
+--- a/security/apparmor/lsm.c
++++ b/security/apparmor/lsm.c
+@@ -612,7 +612,7 @@ static int apparmor_setprocattr(struct task_struct *task, char *name,
+ static int apparmor_task_setrlimit(struct task_struct *task,
+ 		unsigned int resource, struct rlimit *new_rlim)
+ {
+-	struct aa_profile *profile = aa_current_profile();
++	struct aa_profile *profile = __aa_current_profile();
+ 	int error = 0;
+ 
+ 	if (!unconfined(profile))
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-small_fixes.patch?r1=1.25.2.2&r2=1.25.2.3&f=u

