[{"id":3674618,"web_url":"http://patchwork.ozlabs.org/comment/3674618/","msgid":"<2a69475a-5fed-463e-bad1-0747c2daf623@canonical.com>","list_archive_url":null,"date":"2026-04-08T07:32:49","subject":"ACK: [SRU][Q][PATCH 0/1] apparmor: fix NULL pointer dereference in\n __unix_needs_revalidation","submitter":{"id":92836,"url":"http://patchwork.ozlabs.org/api/people/92836/","name":"Yufeng Gao","email":"yufeng.gao@canonical.com"},"content":"On 8/4/26 03:30, Georgia Garcia wrote:\n> BugLink: http://bugs.launchpad.net/bugs/2147374\n>\n> SRU Justification:\n>\n> [Impact]\n>\n> When receiving file descriptors via SCM_RIGHTS, both the socket pointer\n> and the socket's sk pointer can be NULL during socket setup or teardown,\n> causing NULL pointer dereferences in __unix_needs_revalidation().\n>\n> This is a regression in AppArmor 5.0.0 (kernel 6.17+) where the new\n> __unix_needs_revalidation() function was added without proper NULL checks.\n>\n> [  287.713912] BUG: kernel NULL pointer dereference, address: 0000000000000018\n> [  287.714922] #PF: supervisor read access in kernel mode\n> [  287.715653] #PF: error_code(0x0000) - not-present page\n> [  287.716378] PGD 0 P4D 0\n> [  287.716749] Oops: Oops: 0000 [#1] SMP NOPTI\n> [  287.717347] CPU: 0 UID: 1000000 PID: 7587 Comm: aa-exec Tainted: G            E       6.17.13+ #19 PREEMPT(voluntary)\n> [  287.718806] Tainted: [E]=UNSIGNED_MODULE\n> [  287.719370] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n> [  287.720729] RIP: 0010:aa_file_perm+0xb9/0x3b0\n>\n> [Fix]\n>\n> Cherry-pick uptream linux commit:\n> e2938ad00b21340c0362562dfedd7cfec0554d67\n>\n> [Test Plan]\n>\n> Run the following POC and check that creating the nested-vm doesn't\n> cause a NULL pointer dereference in dmesg\n>\n> cat << EOF > poc.sh\n> #!/bin/bash\n> set -eux\n>\n> # VM inside container causes a kernel NULL pointer dereference on 6.17\n> if [[ \"$(uname -r)\" =~ ^6\\.17\\.0 ]]; then\n>    echo \"::warning:: 6.17 kernel detected, expect failure then check 'dmesg'\"\n> else\n>    echo \"::info:: 6.17 kernel NOT detected, expect success and consider switching to 'linux-image-generic-hwe-24.04'\"\n> fi\n>\n> snap install lxd --channel latest/edge\n> lxd init --auto\n>\n> # prepare ctn to be used for nested VM testing\n> lxc init ubuntu-minimal-daily:24.04 ctn -c security.devlxd.images=true -c security.nesting=true -s default\n> lxc config device add ctn kvm unix-char source=/dev/kvm\n> lxc config device add ctn vhost-net unix-char source=/dev/vhost-net\n> lxc config device add ctn vhost-vsock unix-char source=/dev/vhost-vsock\n> lxc config device add ctn vsock unix-char source=/dev/vsock\n>\n> lxc start ctn\n> sleep 30\n> lxc exec ctn -- snap wait system seed.loaded\n>\n> lxc exec ctn -- snap install lxd --channel latest/edge\n> lxc exec ctn -- lxd init --auto\n>\n> # launch small nested VM\n> lxc exec ctn -- lxc launch ubuntu-minimal-daily:24.04 nested-vm --vm -c limits.memory=512MiB -d root,size=3584MiB\n>\n> # cleanup\n> lxc delete -f ctn\n> EOF\n>\n> [Where problems could occur]\n>\n> The regression can be considered as low since both fixes have been\n> applied to the upstream kernel.\n>\n> System Administrator (1):\n>    apparmor: fix NULL pointer dereference in __unix_needs_revalidation\n>\n>   security/apparmor/file.c | 3 +++\n>   1 file changed, 3 insertions(+)\n>\nAcked-by: Yufeng Gao <yufeng.gao@canonical.com>","headers":{"Return-Path":"<kernel-team-bounces@lists.ubuntu.com>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (4096-bit key;\n unprotected) header.d=canonical.com header.i=@canonical.com\n header.a=rsa-sha256 header.s=20251003 header.b=MdtanCZ+;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com\n (client-ip=185.125.189.65; helo=lists.ubuntu.com;\n envelope-from=kernel-team-bounces@lists.ubuntu.com;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4frFCj3s44z1xtJ\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 08 Apr 2026 17:33:05 +1000 (AEST)","from localhost ([127.0.0.1] helo=lists.ubuntu.com)\n\tby lists.ubuntu.com with esmtp (Exim 4.86_2)\n\t(envelope-from <kernel-team-bounces@lists.ubuntu.com>)\n\tid 1wANPE-0004FQ-G6; Wed, 08 Apr 2026 07:32:56 +0000","from smtp-relay-internal-1.internal ([10.131.114.114]\n helo=smtp-relay-internal-1.canonical.com)\n by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.86_2) (envelope-from <yufeng.gao@canonical.com>)\n id 1wANPD-0004E0-J9\n for kernel-team@lists.ubuntu.com; Wed, 08 Apr 2026 07:32:55 +0000","from mail-pj1-f70.google.com (mail-pj1-f70.google.com\n [209.85.216.70])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 78C3A3F60F\n for <kernel-team@lists.ubuntu.com>; Wed,  8 Apr 2026 07:32:54 +0000 (UTC)","by mail-pj1-f70.google.com with SMTP id\n 98e67ed59e1d1-354c0234c1fso6348280a91.2\n for <kernel-team@lists.ubuntu.com>; Wed, 08 Apr 2026 00:32:54 -0700 (PDT)","from ?IPV6:2001:8003:ec14:5900:4cde:43fe:ad76:4887?\n ([2001:8003:ec14:5900:4cde:43fe:ad76:4887])\n by smtp.gmail.com with ESMTPSA id\n 98e67ed59e1d1-35e1d0d1975sm5363680a91.9.2026.04.08.00.32.50\n for <kernel-team@lists.ubuntu.com>\n (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);\n Wed, 08 Apr 2026 00:32:51 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;\n s=20251003; t=1775633574;\n bh=+aFCb/5lKI2grezis/EPmMBkkiE3YP0/P/MrAbheqrM=;\n h=Message-ID:Date:MIME-Version:Subject:To:References:From:\n In-Reply-To:Content-Type;\n b=MdtanCZ+xEdNdQsWAUxCT1C8DcHjN1gIJz2lltnw9yPgcOD98/VZzfkGucq2TZ81H\n TrAFGRFCT4GEhWj+gtxID+0lE5u0t+klWy4IH8a70Jwt1uF3m6XeBVgaKwudb4FdOm\n BY0r6aUKCAzavIg9QE44KU+pt99Y/vy2z6aUy0ECLhPSv2oZv1p5CimSkaSm96WiBM\n bjLl2M4UFDHHK9EzwkYjPUXz/SGIgjYUxlh+oiVdllWxGBIsmLgR54/O1BJ21ujR5S\n ZAt9F1NqZTXsiIL/GlyXc1tZvtJYqCfC3ydZ08qajMlb01Dsz8Gy8t+EhEZV2/T2OQ\n y6nOKh5a2+1Trwr8bJq0uC5Zi4Qe83BsVbs0KC+Sbj0B3Bv4owWknJ09mvrGU6fP3d\n A7n9NQoKvurv3Mb0qjPiQTmhrHh2GTjzUkU8Xq5Xtj16P1XSyAS9UiDWHDahJFZ3l1\n PmXZm3baJqQE/afiEu1++9tbgktLcfew7acz8dYhpAIXfNEao9fiG3l8CaoRi/RM+0\n tszYkmZTl4HkEBBB3y+2OALnTm9BaL+T2YHST7yM47Wb4ugGhvqCFnym6eIzVHkx0U\n CqHzTrVTb+zaod7Lui5DDqx/EvA3J1r2juEXtwiJgn5hd0vxKBOmanS+PpQOiJYHVD\n O2T0Y/xSPGsHFNW8nkNiAUDI=","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1775633573; x=1776238373;\n h=content-transfer-encoding:in-reply-to:content-language:from\n :references:to:subject:user-agent:mime-version:date:message-id\n :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id\n :reply-to;\n bh=+aFCb/5lKI2grezis/EPmMBkkiE3YP0/P/MrAbheqrM=;\n b=acJVoFCngLKH7tGtJMiY1c3Z9k5Ox564J/e0EZmZ5JiaMiVr0LHNaobAs0MOl0PXMo\n B4+lbfg8sImjaP2Yv93dcp8OdHEY1FtHJFXUjtopsnuJFSEgEd7HinIJ2E/B2/cNOYkN\n OxizjjRvRXMko1gGQeQmfJfA+l0+ZtX7PWbez4CmA8Bzk5VixATgxKLN9gktgCOVjZ30\n FJiwVbWZ9pQk7soQZGG14pc7YEJ2IsQMqlJzCmp5EA8awaozl2qWmNTW7o4DT3ZLbN1V\n RnihOyDGop2rxzWiNC8asEX3ZTEHgazyRnEVccPbsB8Wg6OvymO6ZuqL8iJZJXxkW8n+\n R3GQ==","X-Gm-Message-State":"AOJu0Yy9Y5qkhHY7ctUhkYuJSZau9wenNyFkTgTpHE73Asllpk6yz/J5\n Ai03HSVhrQPu5I/YsPstyQ3qW+jLKJtGFZzrlZaWsqymMGRPrMpd6hxNJKbuwYP5it1rjjbJ5kE\n swQfBvcOXJuUldfICBG87YbpkiLl9ZXxnbxx9TmUTdxWdcQuddwjatL3aUCh8cNHkMyW2qM02p0\n tSOEmhigj9n5vdsQ==","X-Gm-Gg":"AeBDiesMGNZaLBpEKcrtySh9h/4tpRQpqaoWEBVXNnU8Jos4Uq+XVPjxIe157ZPr5Zs\n LV1mrVphwflLBK1Ze5FMw8o6s9Zn+FJhiGlXYczO7QE5YhFuAS6HxOqBrQ/mFtcDpGZltG+CTsE\n nE7MKMfiGeFPySwuAZNfC1G8XGvENJmJ+NYrdUXEd4yH3IneLZG5x2PMOa3MEXJkG8kLMmw26ha\n g4JrjraJw1yxv6SbbywogRpxMH9LTEQRq52nQGJaV/aZJvnuykXKHp2mkcmPRH/Rk5ypyYdXgq9\n bJhgVoz85liSBNS4u2a7yYoCGRLjaiSlnv24TMAnv33WzBZCBGkEN2YaO5CPiNyzRLmvyU8lFrP\n wzLHJXkDAmTrZoSuwiX9X6CB8z1CgSGIo71yOXbYaHCcwLhc70jMK9qwZ2+rLu7QaZFFEnhKbF4\n JhTXo=","X-Received":["by 2002:a17:90b:3d92:b0:356:268e:ff97 with SMTP id\n 98e67ed59e1d1-35de68f9e5dmr18299784a91.20.1775633573033;\n Wed, 08 Apr 2026 00:32:53 -0700 (PDT)","by 2002:a17:90b:3d92:b0:356:268e:ff97 with SMTP id\n 98e67ed59e1d1-35de68f9e5dmr18299762a91.20.1775633572392;\n Wed, 08 Apr 2026 00:32:52 -0700 (PDT)"],"Message-ID":"<2a69475a-5fed-463e-bad1-0747c2daf623@canonical.com>","Date":"Wed, 8 Apr 2026 17:32:49 +1000","MIME-Version":"1.0","User-Agent":"Mozilla Thunderbird","Subject":"ACK: [SRU][Q][PATCH 0/1] apparmor: fix NULL pointer dereference in\n __unix_needs_revalidation","To":"kernel-team@lists.ubuntu.com","References":"<20260407173029.3872549-1-georgia.garcia@canonical.com>","From":"Yufeng Gao <yufeng.gao@canonical.com>","Content-Language":"en-US","In-Reply-To":"<20260407173029.3872549-1-georgia.garcia@canonical.com>","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions <kernel-team.lists.ubuntu.com>","List-Unsubscribe":"<https://lists.ubuntu.com/mailman/options/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>","List-Archive":"<https://lists.ubuntu.com/archives/kernel-team>","List-Post":"<mailto:kernel-team@lists.ubuntu.com>","List-Help":"<mailto:kernel-team-request@lists.ubuntu.com?subject=help>","List-Subscribe":"<https://lists.ubuntu.com/mailman/listinfo/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>","Content-Transfer-Encoding":"base64","Content-Type":"text/plain; charset=\"utf-8\"; Format=\"flowed\"","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" <kernel-team-bounces@lists.ubuntu.com>"}}]