GET

Cover Letter Detail

Show a cover letter.

GET /api/1.1/covers/2220624/?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2220624,
    "url": "http://patchwork.ozlabs.org/api/1.1/covers/2220624/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/ubuntu-kernel/cover/20260407173029.3872549-1-georgia.garcia@canonical.com/",
    "project": {
        "id": 15,
        "url": "http://patchwork.ozlabs.org/api/1.1/projects/15/?format=api",
        "name": "Ubuntu Kernel",
        "link_name": "ubuntu-kernel",
        "list_id": "kernel-team.lists.ubuntu.com",
        "list_email": "kernel-team@lists.ubuntu.com",
        "web_url": null,
        "scm_url": null,
        "webscm_url": null
    },
    "msgid": "<20260407173029.3872549-1-georgia.garcia@canonical.com>",
    "date": "2026-04-07T17:30:28",
    "name": "[SRU,Q,0/1] apparmor: fix NULL pointer dereference in __unix_needs_revalidation",
    "submitter": {
        "id": 82129,
        "url": "http://patchwork.ozlabs.org/api/1.1/people/82129/?format=api",
        "name": "Georgia Garcia",
        "email": "georgia.garcia@canonical.com"
    },
    "mbox": "http://patchwork.ozlabs.org/project/ubuntu-kernel/cover/20260407173029.3872549-1-georgia.garcia@canonical.com/mbox/",
    "series": [
        {
            "id": 499013,
            "url": "http://patchwork.ozlabs.org/api/1.1/series/499013/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/ubuntu-kernel/list/?series=499013",
            "date": "2026-04-07T17:30:28",
            "name": "apparmor: fix NULL pointer dereference in __unix_needs_revalidation",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/499013/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/covers/2220624/comments/",
    "headers": {
        "Return-Path": "<kernel-team-bounces@lists.ubuntu.com>",
        "X-Original-To": "incoming@patchwork.ozlabs.org",
        "Delivered-To": "patchwork-incoming@legolas.ozlabs.org",
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (4096-bit key;\n unprotected) header.d=canonical.com header.i=@canonical.com\n header.a=rsa-sha256 header.s=20251003 header.b=dYEeBzx/;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com\n (client-ip=185.125.189.65; helo=lists.ubuntu.com;\n envelope-from=kernel-team-bounces@lists.ubuntu.com;\n receiver=patchwork.ozlabs.org)"
        ],
        "Received": [
            "from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fqtWw00PZz1xy1\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 08 Apr 2026 03:30:51 +1000 (AEST)",
            "from localhost ([127.0.0.1] helo=lists.ubuntu.com)\n\tby lists.ubuntu.com with esmtp (Exim 4.86_2)\n\t(envelope-from <kernel-team-bounces@lists.ubuntu.com>)\n\tid 1wAAG7-0003z9-Ma; Tue, 07 Apr 2026 17:30:39 +0000",
            "from smtp-relay-internal-0.internal ([10.131.114.225]\n helo=smtp-relay-internal-0.canonical.com)\n by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.86_2) (envelope-from <georgia.garcia@canonical.com>)\n id 1wAAG6-0003yk-Ca\n for kernel-team@lists.ubuntu.com; Tue, 07 Apr 2026 17:30:38 +0000",
            "from mail-yx1-f69.google.com (mail-yx1-f69.google.com\n [74.125.224.69])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 43EE03F63D\n for <kernel-team@lists.ubuntu.com>; Tue,  7 Apr 2026 17:30:38 +0000 (UTC)",
            "by mail-yx1-f69.google.com with SMTP id\n 956f58d0204a3-65088fb3f10so325720d50.0\n for <kernel-team@lists.ubuntu.com>; Tue, 07 Apr 2026 10:30:38 -0700 (PDT)",
            "from localhost.localdomain ([177.220.174.35])\n by smtp.gmail.com with ESMTPSA id\n 00721157ae682-7a370905079sm71547787b3.23.2026.04.07.10.30.33\n for <kernel-team@lists.ubuntu.com>\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Tue, 07 Apr 2026 10:30:34 -0700 (PDT)"
        ],
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;\n s=20251003; t=1775583038;\n bh=Arin1vixagBVZtehgwCX7EGtzPvY1bKBBnPSeatdlW4=;\n h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type;\n b=dYEeBzx/ivHJwQXolWbVmn4y/8SCmTqeaHLz3Ux8+4sTsZYj4NWbwJe8xKd8ZPhws\n CEDwCi+AmB+Mo0ECc8wlLnAk6piHkt4iiIA4mG+zeevy3OzFR8rup6H0048ee1YGmc\n UxxUoc6d1wwh0qCPAruTb1IjKgMCZFZty5cNE9HZBYam88Fm7dBR4Nn/SXoGS524X3\n o/gi3mXM/Jk3qWCK1oXjZok/1Vt8FtOuM29b1k6F0SdwZh7kZXXBnfrS6/A+u0kFID\n G6wxH5cQUElBHJAG+iKpPKpfnVNTtukgTc/6mcnYgRVUKLz+mLL78W43OY2gr7ankl\n wj55Bpv77JbPPDsyxpz0Rvqc43Yj6Mmb1AHkkGChLB2RF91qqMoKLjL984D2Xolwkg\n pT8G0J1n9Aj71MuI8fSuiLhHrobS/i4amp/zrPXbz9lCIevMAVpfmhbRPfJXjE8wpU\n KjhFoMlClQbZ3xgoQ8DzNn85utpC0NyYiDBxtNmdpGBmmtMfwvKwqlvGESzmAsc/gv\n EKgVzGfVAqvXTETGhH3vvhGAxUORppzMq8StEiLC6Cw6pOf3PJ04pwGeYkGKaC3ekE\n eBp52dkR62dR+SpeK99PGzTP2eIH85FXBqU/3/BkI12/4V0ziVPjlqHx/oyKv5lThO\n kfl4y5sf81IuvPlPEhKTxYtY=",
        "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1775583037; x=1776187837;\n h=content-transfer-encoding:mime-version:message-id:date:subject:to\n :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id\n :reply-to;\n bh=Arin1vixagBVZtehgwCX7EGtzPvY1bKBBnPSeatdlW4=;\n b=E4Ak2GfaNyw9hmWxMHGIPFvZEtutkuNVDANfVfXkCv1Kd+/mxtVNugdyxUuTPRfy41\n kDzoU1vqGshUX71cLBw1M/PDrONhACckjW7FYDOWI8kEOvUgCltrDka7mdfP7Gn+KWfa\n 0KjDk+qpHmicRxpN5X8IZERSRf5nIrD1hMt1U50zWwJsg6tzAzmsalWtgO6BnQiCi7+f\n QdvEJXbotPwNo4axRE31pzES/+uNJQ3HxQ23gDN6ZdMrZq3dXGkQuZtX8IvmsQNqGbQX\n kQHo6B3mbF1tqyHjwWbhZ5Q/dtrP45j/cIjUV4E3Z6GOgO/uz7LQlQUgDcYfLEuvX2Y9\n cYeQ==",
        "X-Gm-Message-State": "AOJu0YzTlJ+OliWtUWWwa4pzNgtcqAPv08zLFcmi7e74XIxAsKEMlb8U\n CBYKdfCf52yUf/iAax9NSLL8xLXp2Q/sB4kWtzXifw+q1IhRpVq+vEagHLS2fNhANspt5NXjd8W\n SaD3nTtRpprg6PZLebslWu4g8lRCt6SbPmP6IwQP3+A02jrtJBpRUX/K4VG3kJzmY/+IYfUhKz4\n JQRwqQ2dVyiNMJtQ==",
        "X-Gm-Gg": "AeBDieuwdtWKksGIF3t/t8greYZHUdZdHViwKYDvRKj7L/AiUe9qm/GBZWdzaPgzRlY\n vIE8F8K8+NKLbKBX9W3iC6R5MA/PVbDdV+Xg4LFeGcy0DxFkmUQdNcMGWO/XBa6SWvyeALv0fq2\n d45staHezWYFMNcQEEbgcs7gWOQ4IRDrJQvUzQ1tFYrZa5M8rsvvAURMsskk9sKqO4eBk3eXGY3\n 7XUo1YYsFAwahESK1AJFObzX20lTPlE2J9nRB2ncU6GpK5AJ8Uso43nR718j8C6ZaOQsAo99IB0\n uX16J7IqR5wxXlZlG7OOynwjFO+cfpBKlvuzhNPy6MbOJ5GjLY80X3fsFTazyLdaldyWOpV/92o\n IdbSfBs+ComFK/VBcxPnmwRBp+O662RoCD4TPJV0bq7st+ahrVNWvOl+6F/UBbJ/Q4oTDplY4Ze\n SFvw==",
        "X-Received": [
            "by 2002:a53:b1ce:0:b0:64e:db88:c229 with SMTP id\n 956f58d0204a3-650488b710emr12674936d50.67.1775583036547;\n Tue, 07 Apr 2026 10:30:36 -0700 (PDT)",
            "by 2002:a53:b1ce:0:b0:64e:db88:c229 with SMTP id\n 956f58d0204a3-650488b710emr12674917d50.67.1775583036118;\n Tue, 07 Apr 2026 10:30:36 -0700 (PDT)"
        ],
        "From": "Georgia Garcia <georgia.garcia@canonical.com>",
        "To": "kernel-team@lists.ubuntu.com",
        "Subject": "[SRU][Q][PATCH 0/1] apparmor: fix NULL pointer dereference in\n __unix_needs_revalidation",
        "Date": "Tue,  7 Apr 2026 14:30:28 -0300",
        "Message-ID": "<20260407173029.3872549-1-georgia.garcia@canonical.com>",
        "X-Mailer": "git-send-email 2.43.0",
        "MIME-Version": "1.0",
        "X-BeenThere": "kernel-team@lists.ubuntu.com",
        "X-Mailman-Version": "2.1.20",
        "Precedence": "list",
        "List-Id": "Kernel team discussions <kernel-team.lists.ubuntu.com>",
        "List-Unsubscribe": "<https://lists.ubuntu.com/mailman/options/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>",
        "List-Archive": "<https://lists.ubuntu.com/archives/kernel-team>",
        "List-Post": "<mailto:kernel-team@lists.ubuntu.com>",
        "List-Help": "<mailto:kernel-team-request@lists.ubuntu.com?subject=help>",
        "List-Subscribe": "<https://lists.ubuntu.com/mailman/listinfo/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>",
        "Content-Type": "text/plain; charset=\"utf-8\"",
        "Content-Transfer-Encoding": "base64",
        "Errors-To": "kernel-team-bounces@lists.ubuntu.com",
        "Sender": "\"kernel-team\" <kernel-team-bounces@lists.ubuntu.com>"
    },
    "content": "BugLink: http://bugs.launchpad.net/bugs/2147374\n\nSRU Justification:\n\n[Impact]\n\nWhen receiving file descriptors via SCM_RIGHTS, both the socket pointer\nand the socket's sk pointer can be NULL during socket setup or teardown,\ncausing NULL pointer dereferences in __unix_needs_revalidation().\n\nThis is a regression in AppArmor 5.0.0 (kernel 6.17+) where the new\n__unix_needs_revalidation() function was added without proper NULL checks.\n\n[  287.713912] BUG: kernel NULL pointer dereference, address: 0000000000000018\n[  287.714922] #PF: supervisor read access in kernel mode\n[  287.715653] #PF: error_code(0x0000) - not-present page\n[  287.716378] PGD 0 P4D 0 \n[  287.716749] Oops: Oops: 0000 [#1] SMP NOPTI\n[  287.717347] CPU: 0 UID: 1000000 PID: 7587 Comm: aa-exec Tainted: G            E       6.17.13+ #19 PREEMPT(voluntary) \n[  287.718806] Tainted: [E]=UNSIGNED_MODULE\n[  287.719370] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[  287.720729] RIP: 0010:aa_file_perm+0xb9/0x3b0\n\n[Fix]\n\nCherry-pick uptream linux commit:\ne2938ad00b21340c0362562dfedd7cfec0554d67\n\n[Test Plan]\n\nRun the following POC and check that creating the nested-vm doesn't\ncause a NULL pointer dereference in dmesg\n\ncat << EOF > poc.sh\n#!/bin/bash\nset -eux\n\n# VM inside container causes a kernel NULL pointer dereference on 6.17\nif [[ \"$(uname -r)\" =~ ^6\\.17\\.0 ]]; then\n  echo \"::warning:: 6.17 kernel detected, expect failure then check 'dmesg'\"\nelse\n  echo \"::info:: 6.17 kernel NOT detected, expect success and consider switching to 'linux-image-generic-hwe-24.04'\"\nfi\n\nsnap install lxd --channel latest/edge\nlxd init --auto\n\n# prepare ctn to be used for nested VM testing\nlxc init ubuntu-minimal-daily:24.04 ctn -c security.devlxd.images=true -c security.nesting=true -s default\nlxc config device add ctn kvm unix-char source=/dev/kvm\nlxc config device add ctn vhost-net unix-char source=/dev/vhost-net\nlxc config device add ctn vhost-vsock unix-char source=/dev/vhost-vsock\nlxc config device add ctn vsock unix-char source=/dev/vsock\n\nlxc start ctn\nsleep 30\nlxc exec ctn -- snap wait system seed.loaded\n\nlxc exec ctn -- snap install lxd --channel latest/edge\nlxc exec ctn -- lxd init --auto\n\n# launch small nested VM\nlxc exec ctn -- lxc launch ubuntu-minimal-daily:24.04 nested-vm --vm -c limits.memory=512MiB -d root,size=3584MiB\n\n# cleanup\nlxc delete -f ctn\nEOF\n\n[Where problems could occur]\n\nThe regression can be considered as low since both fixes have been\napplied to the upstream kernel.\n\nSystem Administrator (1):\n  apparmor: fix NULL pointer dereference in __unix_needs_revalidation\n\n security/apparmor/file.c | 3 +++\n 1 file changed, 3 insertions(+)"
}