BugLink: http://bugs.launchpad.net/bugs/1734327
Commit
ac8f82a0b6d9 introduced a regression identified in bug
1734327. The regression
causes a kernel panic to occur after multiple TCP connection creations/closures
to the localhost. The bug was found using STAF RPC calls, but is easily reproducible with SSH.
The patch author for commit
ac8f82a0b6d9 has been notificed of this revert.
For now stacking is just a technology preview, which is why we are reverting the patch.
There is a new revision of the stacking patches the jjohansen is working on,
and he will try to see if we can't get it resolved there.
This commit also needs to be reverted because it depends on commit
ac8f82a0b6d9.
This reverts commit
4ae2508f0bedb1acddf1ef2f474d8105cf003f80.
Signed-off-by: Joseph Salisbury <joseph.salisbury@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
#include <net/sock.h>
#include <linux/path.h>
-#include <linux/lsm_hooks.h>
#include "apparmorfs.h"
#include "label.h"
struct path path;
};
-extern struct lsm_blob_sizes apparmor_blob_sizes;
-static inline struct aa_sk_ctx *apparmor_sock(const struct sock *sk)
-{
-#ifdef CONFIG_SECURITY_STACKING
- return sk->sk_security + apparmor_blob_sizes.lbs_sock;
-#else
- return sk->sk_security;
-#endif
-}
-#define SK_CTX(X) apparmor_sock(X)
+#define SK_CTX(X) ((X)->sk_security)
#define SOCK_ctx(X) SOCK_INODE(X)->i_security
#define DEFINE_AUDIT_NET(NAME, OP, SK, F, T, P) \
struct lsm_network_audit NAME ## _net = { .sk = (SK), \
*/
static int apparmor_sk_alloc_security(struct sock *sk, int family, gfp_t flags)
{
- /* allocated and cleared by LSM */
+ struct aa_sk_ctx *ctx;
+
+ ctx = kzalloc(sizeof(*ctx), flags);
+ if (!ctx)
+ return -ENOMEM;
+
+ SK_CTX(sk) = ctx;
return 0;
}
{
struct aa_sk_ctx *ctx = SK_CTX(sk);
+ SK_CTX(sk) = NULL;
aa_put_label(ctx->label);
- ctx->label = NULL;
aa_put_label(ctx->peer);
- ctx->peer = NULL;
path_put(&ctx->path);
- ctx->path.dentry = NULL;
- ctx->path.mnt = NULL;
+ kfree(ctx);
}
/**
struct lsm_blob_sizes apparmor_blob_sizes = {
.lbs_cred = sizeof(struct aa_task_ctx),
.lbs_file = sizeof(struct aa_file_ctx),
- .lbs_sock = sizeof(struct aa_sk_ctx),
};
static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = {