[{"id":3675836,"web_url":"http://patchwork.ozlabs.org/comment/3675836/","msgid":"<87ecknys1f.fsf@gmail.com>","list_archive_url":null,"date":"2026-04-10T11:27:08","subject":"ACK: [SRU][Q][PATCH v2 0/1] apparmor: fix NULL pointer dereference\n in __unix_needs_revalidation","submitter":{"id":89305,"url":"http://patchwork.ozlabs.org/api/people/89305/","name":"Mehmet Basaran","email":"mehmet.basaran@canonical.com"},"content":"Acked-by: Mehmet Basaran <mehmet.basaran@canonical.com>\nGeorgia Garcia <georgia.garcia@canonical.com> writes:\n\n> BugLink: http://bugs.launchpad.net/bugs/2147374\n>\n> SRU Justification:\n>\n> [Impact]\n>\n> When receiving file descriptors via SCM_RIGHTS, both the socket pointer\n> and the socket's sk pointer can be NULL during socket setup or teardown,\n> causing NULL pointer dereferences in __unix_needs_revalidation().\n>\n> This is a regression in AppArmor 5.0.0 (kernel 6.17+) where the new\n> __unix_needs_revalidation() function was added without proper NULL checks.\n>\n> [  287.713912] BUG: kernel NULL pointer dereference, address: 0000000000000018\n> [  287.714922] #PF: supervisor read access in kernel mode\n> [  287.715653] #PF: error_code(0x0000) - not-present page\n> [  287.716378] PGD 0 P4D 0 \n> [  287.716749] Oops: Oops: 0000 [#1] SMP NOPTI\n> [  287.717347] CPU: 0 UID: 1000000 PID: 7587 Comm: aa-exec Tainted: G            E       6.17.13+ #19 PREEMPT(voluntary) \n> [  287.718806] Tainted: [E]=UNSIGNED_MODULE\n> [  287.719370] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n> [  287.720729] RIP: 0010:aa_file_perm+0xb9/0x3b0\n>\n> [Fix]\n>\n> Cherry-pick uptream linux commit:\n> e2938ad00b21340c0362562dfedd7cfec0554d67\n>\n> [Test Plan]\n>\n> Run the following POC and check that creating the nested-vm doesn't\n> cause a NULL pointer dereference in dmesg\n>\n> cat << EOF > poc.sh\n> #!/bin/bash\n> set -eux\n>\n> # VM inside container causes a kernel NULL pointer dereference on 6.17\n> if [[ \"$(uname -r)\" =~ ^6\\.17\\.0 ]]; then\n>   echo \"::warning:: 6.17 kernel detected, expect failure then check 'dmesg'\"\n> else\n>   echo \"::info:: 6.17 kernel NOT detected, expect success and consider switching to 'linux-image-generic-hwe-24.04'\"\n> fi\n>\n> snap install lxd --channel latest/edge\n> lxd init --auto\n>\n> # prepare ctn to be used for nested VM testing\n> lxc init ubuntu-minimal-daily:24.04 ctn -c security.devlxd.images=true -c security.nesting=true -s default\n> lxc config device add ctn kvm unix-char source=/dev/kvm\n> lxc config device add ctn vhost-net unix-char source=/dev/vhost-net\n> lxc config device add ctn vhost-vsock unix-char source=/dev/vhost-vsock\n> lxc config device add ctn vsock unix-char source=/dev/vsock\n>\n> lxc start ctn\n> sleep 30\n> lxc exec ctn -- snap wait system seed.loaded\n>\n> lxc exec ctn -- snap install lxd --channel latest/edge\n> lxc exec ctn -- lxd init --auto\n>\n> # launch small nested VM\n> lxc exec ctn -- lxc launch ubuntu-minimal-daily:24.04 nested-vm --vm -c limits.memory=512MiB -d root,size=3584MiB\n>\n> # cleanup\n> lxc delete -f ctn\n> EOF\n>\n> [Where problems could occur]\n>\n> The regression can be considered as low since both fixes have been\n> applied to the upstream kernel.\n>\n> System Administrator (1):\n>   apparmor: fix NULL pointer dereference in __unix_needs_revalidation\n>\n>  security/apparmor/file.c | 3 +++\n>  1 file changed, 3 insertions(+)\n>\n> -- \n> 2.43.0\n>\n>\n> -- \n> kernel-team mailing list\n> kernel-team@lists.ubuntu.com\n> https://lists.ubuntu.com/mailman/listinfo/kernel-team","headers":{"Return-Path":"<kernel-team-bounces@lists.ubuntu.com>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (4096-bit key;\n unprotected) header.d=canonical.com header.i=@canonical.com\n header.a=rsa-sha256 header.s=20251003 header.b=Vz4I9AH7;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com\n (client-ip=185.125.189.65; helo=lists.ubuntu.com;\n envelope-from=kernel-team-bounces@lists.ubuntu.com;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fsZK74s2hz1yGb\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 10 Apr 2026 21:27:23 +1000 (AEST)","from localhost ([127.0.0.1] helo=lists.ubuntu.com)\n\tby lists.ubuntu.com with esmtp (Exim 4.86_2)\n\t(envelope-from <kernel-team-bounces@lists.ubuntu.com>)\n\tid 1wBA14-0001K3-2i; Fri, 10 Apr 2026 11:27:14 +0000","from smtp-relay-internal-1.internal ([10.131.114.114]\n helo=smtp-relay-internal-1.canonical.com)\n by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.86_2) (envelope-from <mehmet.basaran@canonical.com>)\n id 1wBA12-0001Jn-OW\n for kernel-team@lists.ubuntu.com; Fri, 10 Apr 2026 11:27:12 +0000","from mail-wr1-f72.google.com (mail-wr1-f72.google.com\n [209.85.221.72])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 985C33F61C\n for <kernel-team@lists.ubuntu.com>; Fri, 10 Apr 2026 11:27:12 +0000 (UTC)","by mail-wr1-f72.google.com with SMTP id\n ffacd0b85a97d-43d02fa5860so1670436f8f.0\n for <kernel-team@lists.ubuntu.com>; Fri, 10 Apr 2026 04:27:12 -0700 (PDT)","from localhost ([37.155.235.221]) by smtp.gmail.com with ESMTPSA id\n 5b1f17b1804b1-488d5344e28sm72112175e9.7.2026.04.10.04.27.10\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Fri, 10 Apr 2026 04:27:10 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;\n s=20251003; t=1775820432;\n bh=65BK3OAAPfawpeY7T0AjjMBdhIhZUnwJjqnYmK7pVLc=;\n h=From:To:Subject:In-Reply-To:References:Date:Message-ID:\n MIME-Version:Content-Type;\n b=Vz4I9AH7/46MWHrU544ywCTBJlIL8tMxmtKFBscCaqoWndqOhOcdxToQLUZ/qFQbz\n iYdHqjzecXEYjw5LE4vvajg4G+ds4khUlRMsTKKJ1Tt5e+R/ck4ScRcsrVlVVy8m83\n yhdiqlgJvfczx2kqKttEv0lwQ5wdgV1p26nwBMw8Y61EOj3v8HFm0t8wTLEsVdGRwL\n D/ANuEtyukMoo8H3PuAhEF3g2TJKN82hVgeWO49t7USq5CPPNAUwCD5/DUxRkx+4VO\n P0k//VIccmeXaiMZSJ6q/vAxQd4sbctCcZtt5PuEENjhY9n0crty/QrIEpa73L6Vvt\n Z/5X7l1ZAzNMh8/cmP1gEzuA9LndzaRsMDnKtWCtZaZJviGJQPOHl0PX82CaGXrlGi\n HOqntMxrsHsfiI/aqHiW+vF5zN1GgYu4EKhogCz5XSmyzC/0maiXCyMOkVRaO2Lgm/\n t1/rffEle6S0mvWaQYD/3ustWGXkCGR+Dsggno2OK4cWFBcpk7B0k8ZVY6facOHfBE\n 5gKvNNFzu4F5Cx8lFAjt2rPWGIDCKy8yIzavCpwqpu6+sw6eXvYVpA2I2zCYpmCn5v\n 9pz1nioUFnItZcxy0HjK1fLFzZIk5cpz4EI3CUmOwXQZIr4tqstAAPORvy1Y12O2oU\n btG7RAvw/PW5YXk59adMk8tA=","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1775820432; x=1776425232;\n h=mime-version:message-id:date:references:in-reply-to:subject:to:from\n :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id\n :reply-to;\n bh=65BK3OAAPfawpeY7T0AjjMBdhIhZUnwJjqnYmK7pVLc=;\n b=psnDc8SJx45Uy6Lwsc5yzGuMe/2jrVnvCH799SteMFbxYsZyiM3vh7KJ7qpHX6RtZs\n NPEmNazi3mobUJ9WlVMGnI+j1vttvIV4XqpEIRSAXI0BGx8NWiOEV9rCs1P8Pvh9Oqda\n 56gBKvkWrTtDEnhcaZXcTcvc+Y+ya6QZFaBXIs4jWzXpCTy1VYSmNR0v4FmDuXFYtUTJ\n H3RGKdpWU7QGy8m5Noq7igKc4FQmmmJWwEVhtx6bTIREqONrE2iR7MWxfVTbtvLtt1M9\n /yObS6LwdwQ3OBlJDEfZsXeHVp0RkN7AE6so3KNnEb/m+3ysVAyFQDHPfkWOImrGJoPx\n SJAQ==","X-Forwarded-Encrypted":"i=1;\n AJvYcCV6cjYhCGPt4ly71IthFVYlW/oUcIpjBXpMwlhlujKWJPGR14yJ/Sn0aLbH6+0Gy6UqNkGIlnkZbtw0bg==@lists.ubuntu.com","X-Gm-Message-State":"AOJu0YyHK9e7AxNppK3oIZ8hzvgwHzbqZDZVR07douu2q2aFdHC6h6FH\n cm/nQmro1RWgvMEVWT8i8BqZ7Y+LYvHzq15YB7xpKTwb1GYAPcKo97Jk6YeHm9z1sCXKbPg2kGG\n lfKaMNCCJJ3Q/v4kSKG9mrNeiZGt0LIBTsjyTfAEWjTNyJZIKcj15IWsIYCQWPNdCsJ3P/EUIn4\n 6KMEINtA==","X-Gm-Gg":"AeBDietDf3Rl6B+jHc194YJ8UGw03KFJhzZML88zO0NBFMBoaww/ROapJn9A1wUJFi6\n gf/KXQVmqr9pE6yB5SF00VWZAeHZpc+KQmxqnlc9aBD1TWEgXHzKi76e0hto/xBhOBjqsncRdYZ\n mZqY2vLn9ulz0PwbcefU9xq62ePrHabCWRUlRjc5JVSZwa58/lC37saIwPtGN0sJ72XIyQFFI3V\n XaEK/LeqSiQRrD1tIKn07OFhbscT/5xPA6NiijOEbyU+UzT9g69PMg5DWG2hGCjJ1cigBsVO65F\n EQJQ7vlYItSAYQPChfzADWcISp99adjvtDM99o5+H/75i4fyExXMc561JkrxjVHA0eT9ilTkMCd\n HK4Qo43fkbCk8myOYsEtdiumuWF/RT9w=","X-Received":["by 2002:a05:600c:3150:b0:486:fcc7:d6a with SMTP id\n 5b1f17b1804b1-488d67f4c4dmr38277595e9.13.1775820432046;\n Fri, 10 Apr 2026 04:27:12 -0700 (PDT)","by 2002:a05:600c:3150:b0:486:fcc7:d6a with SMTP id\n 5b1f17b1804b1-488d67f4c4dmr38277245e9.13.1775820431577;\n Fri, 10 Apr 2026 04:27:11 -0700 (PDT)"],"From":"Mehmet Basaran <mehmet.basaran@canonical.com>","To":"Georgia Garcia <georgia.garcia@canonical.com>,\n kernel-team@lists.ubuntu.com","Subject":"ACK: [SRU][Q][PATCH v2 0/1] apparmor: fix NULL pointer dereference\n in __unix_needs_revalidation","In-Reply-To":"<20260409121732.3979312-1-georgia.garcia@canonical.com>","References":"<20260409121732.3979312-1-georgia.garcia@canonical.com>","Date":"Fri, 10 Apr 2026 14:27:08 +0300","Message-ID":"<87ecknys1f.fsf@gmail.com>","MIME-Version":"1.0","Content-Type":"multipart/mixed; boundary=\"=-=-=\"","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions <kernel-team.lists.ubuntu.com>","List-Unsubscribe":"<https://lists.ubuntu.com/mailman/options/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>","List-Archive":"<https://lists.ubuntu.com/archives/kernel-team>","List-Post":"<mailto:kernel-team@lists.ubuntu.com>","List-Help":"<mailto:kernel-team-request@lists.ubuntu.com?subject=help>","List-Subscribe":"<https://lists.ubuntu.com/mailman/listinfo/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" <kernel-team-bounces@lists.ubuntu.com>"}},{"id":3675870,"web_url":"http://patchwork.ozlabs.org/comment/3675870/","msgid":"<CAFUb7_JMWfY29WwUXbPYHNs=LwptBXALAjd_1gd289o=VCYmdg@mail.gmail.com>","list_archive_url":null,"date":"2026-04-10T12:50:12","subject":"ACK: [SRU][Q][PATCH v2 0/1] apparmor: fix NULL pointer dereference in\n __unix_needs_revalidation","submitter":{"id":89057,"url":"http://patchwork.ozlabs.org/api/people/89057/","name":"Massimiliano Pellizzer","email":"massimiliano.pellizzer@canonical.com"},"content":"On Fri, 10 Apr 2026 at 13:27, Mehmet Basaran\n<mehmet.basaran@canonical.com> wrote:\n>\n>\n> Acked-by: Mehmet Basaran <mehmet.basaran@canonical.com>\n>\n> Georgia Garcia <georgia.garcia@canonical.com> writes:\n>\n> > BugLink: http://bugs.launchpad.net/bugs/2147374\n> >\n> > SRU Justification:\n> >\n> > [Impact]\n> >\n> > When receiving file descriptors via SCM_RIGHTS, both the socket pointer\n> > and the socket's sk pointer can be NULL during socket setup or teardown,\n> > causing NULL pointer dereferences in __unix_needs_revalidation().\n> >\n> > This is a regression in AppArmor 5.0.0 (kernel 6.17+) where the new\n> > __unix_needs_revalidation() function was added without proper NULL checks.\n> >\n> > [  287.713912] BUG: kernel NULL pointer dereference, address: 0000000000000018\n> > [  287.714922] #PF: supervisor read access in kernel mode\n> > [  287.715653] #PF: error_code(0x0000) - not-present page\n> > [  287.716378] PGD 0 P4D 0\n> > [  287.716749] Oops: Oops: 0000 [#1] SMP NOPTI\n> > [  287.717347] CPU: 0 UID: 1000000 PID: 7587 Comm: aa-exec Tainted: G            E       6.17.13+ #19 PREEMPT(voluntary)\n> > [  287.718806] Tainted: [E]=UNSIGNED_MODULE\n> > [  287.719370] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n> > [  287.720729] RIP: 0010:aa_file_perm+0xb9/0x3b0\n> >\n> > [Fix]\n> >\n> > Cherry-pick uptream linux commit:\n> > e2938ad00b21340c0362562dfedd7cfec0554d67\n> >\n> > [Test Plan]\n> >\n> > Run the following POC and check that creating the nested-vm doesn't\n> > cause a NULL pointer dereference in dmesg\n> >\n> > cat << EOF > poc.sh\n> > #!/bin/bash\n> > set -eux\n> >\n> > # VM inside container causes a kernel NULL pointer dereference on 6.17\n> > if [[ \"$(uname -r)\" =~ ^6\\.17\\.0 ]]; then\n> >   echo \"::warning:: 6.17 kernel detected, expect failure then check 'dmesg'\"\n> > else\n> >   echo \"::info:: 6.17 kernel NOT detected, expect success and consider switching to 'linux-image-generic-hwe-24.04'\"\n> > fi\n> >\n> > snap install lxd --channel latest/edge\n> > lxd init --auto\n> >\n> > # prepare ctn to be used for nested VM testing\n> > lxc init ubuntu-minimal-daily:24.04 ctn -c security.devlxd.images=true -c security.nesting=true -s default\n> > lxc config device add ctn kvm unix-char source=/dev/kvm\n> > lxc config device add ctn vhost-net unix-char source=/dev/vhost-net\n> > lxc config device add ctn vhost-vsock unix-char source=/dev/vhost-vsock\n> > lxc config device add ctn vsock unix-char source=/dev/vsock\n> >\n> > lxc start ctn\n> > sleep 30\n> > lxc exec ctn -- snap wait system seed.loaded\n> >\n> > lxc exec ctn -- snap install lxd --channel latest/edge\n> > lxc exec ctn -- lxd init --auto\n> >\n> > # launch small nested VM\n> > lxc exec ctn -- lxc launch ubuntu-minimal-daily:24.04 nested-vm --vm -c limits.memory=512MiB -d root,size=3584MiB\n> >\n> > # cleanup\n> > lxc delete -f ctn\n> > EOF\n> >\n> > [Where problems could occur]\n> >\n> > The regression can be considered as low since both fixes have been\n> > applied to the upstream kernel.\n> >\n> > System Administrator (1):\n> >   apparmor: fix NULL pointer dereference in __unix_needs_revalidation\n> >\n> >  security/apparmor/file.c | 3 +++\n> >  1 file changed, 3 insertions(+)\n> >\n> > --\n> > 2.43.0\n> >\n> >\n> > --\n> > kernel-team mailing list\n> > kernel-team@lists.ubuntu.com\n> > https://lists.ubuntu.com/mailman/listinfo/kernel-team\n> --\n> kernel-team mailing list\n> kernel-team@lists.ubuntu.com\n> https://lists.ubuntu.com/mailman/listinfo/kernel-team\n\nAcked-by: Massimiliano Pellizzer <massimiliano.pellizzer@canonical.com>","headers":{"Return-Path":"<kernel-team-bounces@lists.ubuntu.com>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (4096-bit key;\n unprotected) header.d=canonical.com header.i=@canonical.com\n header.a=rsa-sha256 header.s=20251003 header.b=LfKce9Gi;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com\n (client-ip=185.125.189.65; helo=lists.ubuntu.com;\n envelope-from=kernel-team-bounces@lists.ubuntu.com;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fsc9G1zHpz1y2d\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 10 Apr 2026 22:50:41 +1000 (AEST)","from localhost ([127.0.0.1] helo=lists.ubuntu.com)\n\tby lists.ubuntu.com with esmtp (Exim 4.86_2)\n\t(envelope-from <kernel-team-bounces@lists.ubuntu.com>)\n\tid 1wBBJg-0007zj-6M; Fri, 10 Apr 2026 12:50:32 +0000","from smtp-relay-internal-1.internal ([10.131.114.114]\n helo=smtp-relay-internal-1.canonical.com)\n by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.86_2) (envelope-from <massimiliano.pellizzer@canonical.com>)\n id 1wBBJe-0007zS-Tg\n for kernel-team@lists.ubuntu.com; Fri, 10 Apr 2026 12:50:30 +0000","from mail-yx1-f71.google.com (mail-yx1-f71.google.com\n [74.125.224.71])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id BAC423F13F\n for <kernel-team@lists.ubuntu.com>; Fri, 10 Apr 2026 12:50:30 +0000 (UTC)","by mail-yx1-f71.google.com with SMTP id\n 956f58d0204a3-65073af0a32so2216617d50.0\n for <kernel-team@lists.ubuntu.com>; Fri, 10 Apr 2026 05:50:30 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;\n s=20251003; t=1775825430;\n bh=o7yUXl21uHajMlT1RXq2YsGr4ZF8uZ6VSd3Vqm+i4zo=;\n h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:\n To:Content-Type;\n b=LfKce9Gil/iCdhDq6+qEhm2LYGylOB3SH7sNA12QvcoTV7XRMbS9l3iKkkcM31FWM\n kXdjRv8l/SuQlXMy71URplN3VjM7y+iQmI7BosHYbRhNBR8xxXr1M9x/0bs8WquTPd\n 9frRtYupiDEfqnmbyUYT75CniSNn63refow2A3OQZSltX2LH8fPE/Rn1xrBUIyuyfD\n PTmqiJlBn+d4wxRqae3rlIcOSajDnrvLFnnyBI8os/wGESIZzd2r1/Oufc5nHAEB45\n 0CQXluVCpEeN/6nZQQ7YkmkoSRE+Dcl5QlnALQJasL/ZSZ4BM9r2ofmcYonze6Mpp7\n B5JyNwbVD52rtiNzmI+m8CkBc9E2U+tSOuFspT1ApFez26iccpb2eyrdDl+480HqoK\n UpokNRzGjK8rzMUhOCo2tyIDozFKqPQ3gWRDVxJ2sLYkxFfEveO/fe8kdFw8BRCz7i\n HCRHHEH/ZqHJqVEU02nJGaF0vejSKtiE/hHF0shsp0wurQLhOQESx79NFvT5iPuXrk\n yKMJZIn44dMVcyKOu19IlCmbhReLzmJr7QclrkVwADDM/0VramUpv5bTMm2wytwyhx\n 7BcUv2Jgbtds0y4KzqUaCzrAwzqFI6Drq48s5ChQF4bTer2ztGzr439SOYfrseZ+GA\n fqZG6WjPIKiWQ8tWUtjTZuM4=","ARC-Seal":"i=1; a=rsa-sha256; t=1775825429; cv=none;\n d=google.com; s=arc-20240605;\n b=e/q+2dJj8I3Xy39/xbSWBh9Q6hSpwfr2aLqpFaHSslrHD3TOyhOPeXehJuqXOcm/dz\n QcXuqHsj0GLpW+9/ALZi1N3kt1yi0ophiLI6TEQN9wUlA2WPnKcrs+7tftTPorNUX80M\n eRGGvS9Zs/281C6XqD4O2/Izw2kENNOfHc2tnXTXRvGsm2wt2pXhqO4f+vVwp7aM6B1k\n Glx1tw9BnRr8hTwPX/KBD6JppVUtNKGqXDLHjOFpWI/qePglPtORAooH5xV9EZwXUeS+\n x90xwWI6iPUQNDldogFhk5eUqf+wGeLTdj+fEpa9LVG1WqIW4eIEQSedSnVnoroE+AMB\n EfLQ==","ARC-Message-Signature":"i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n s=arc-20240605;\n h=to:subject:message-id:date:from:in-reply-to:references:mime-version;\n bh=o7yUXl21uHajMlT1RXq2YsGr4ZF8uZ6VSd3Vqm+i4zo=;\n fh=+omZd+Si5sAm2/4YiqjqxCkMtIumFPFe1EIby1yU6Jg=;\n b=lkcgIoZixwndf8BRtOsdeNHYxzLUgVQSp8PF8VtJYJmWTg3KnYmddMY/aowuiNG8kx\n dtRzGkwyLkoBHMvmzFij3XDng2E8Jp7EaWLphYCNsnXjOtVenngRlSqpJuRULubhEsoa\n pNj21/Gb6hfWrFSHP1tAQbtIIkwdTYnYVTmQZxHAN6byyAXKLpg0eEqGFOm2qc14PaLj\n oTXPmIiGr8On/XvQC86Ppm7mdyr/MrO6y6G1jHpnyB1vjZQ5zggR3XILiMVKJEEqwaQ4\n EZU6XbVgm2/b+cFPN2i5p6aT45Yt8yWJGcE12vgjdx6DsJzwQ1W6UeiV6YUqVJvCdFmx\n 69lA==; darn=lists.ubuntu.com","ARC-Authentication-Results":"i=1; mx.google.com; arc=none","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1775825429; x=1776430229;\n h=to:subject:message-id:date:from:in-reply-to:references:mime-version\n :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id\n :reply-to;\n bh=o7yUXl21uHajMlT1RXq2YsGr4ZF8uZ6VSd3Vqm+i4zo=;\n b=jatORY6VCmpyPsffZUN+y9hxoAFeEG/UsXRcNNfgL/ydHTuuAeFOomfcOiB5igIare\n GehGmbeQKZ5HM1/mn7PkiqLnWdoYPWkNlNnHNm2YFVANZzBzNTl4dzEaTkZLtragMKqx\n 46v+NNf8XrNaiS5qH7DDsE+1O3L9PKJuLaVVA7uKdhvZgeuzy1b/sUUn7mcrgCOoSSzM\n RDFjPUK9hNsXmCvVMPqpPHxtAme8paCEtkatXGaL0Fm0f/FqDpRydsCRcJPKI9LjEdh7\n FhwyFXE9ZFiOzd020SZyI4PtL36zI1H6n+2WY0wtxVxQVSx4L8+Riw3/O11+ag+trfEs\n ln+g==","X-Gm-Message-State":"AOJu0Yz0KV2cjL5R8mp2E3oADbO/vZ3RuK2qTchokXW6TnO6+oaUeCxF\n bouEZPV1OAvrbCJuB8qpiWavjcwz3/ihb6TwN82BQOru+hN1F/31vM/1izdUQYaZw91+QzmVzR/\n wjgsLllHF7ksDLGo8qbgFEWX6uhqxiDToppAHn9D705XmI24Ba+UcE+gSV4mnPbi1QVvAAabv/c\n 2eNfYOaInJt/YXxn8le5yGYPK9s8FPC1YCdd+aO9CimMSNodFJA4zmjHYEs/hptDmlDDQ=","X-Gm-Gg":"AeBDieue7KSsDXU1Ju1id2I5JaxePMzlENB9j0SkeaNOTTbPYZx0eUDRz9YEkrPKSxP\n Q9Z/ITdEfFh1HbYE/tE1N7XOimX1Sc+wBtckqBGAOylGQn2t8rwuwHm8VnXHGMG290sSn08EAY8\n JR+N9rId2xZ0rstnR19hIaL8fNlCEHoCYDnmlXFwrMDEy45VhczzRBgtdKiNsHTNKjpj9WcSgg1\n YkNvLjAfPhlqO/ow/DuWDWS4z/pi5SaY/tc46ppJfjPe8sX/gopSDSakgEAJY5f","X-Received":["by 2002:a05:690e:23ce:b0:650:16fb:e7d8 with SMTP id\n 956f58d0204a3-65198a787efmr2052672d50.11.1775825429486;\n Fri, 10 Apr 2026 05:50:29 -0700 (PDT)","by 2002:a05:690e:23ce:b0:650:16fb:e7d8 with SMTP id\n 956f58d0204a3-65198a787efmr2052661d50.11.1775825429102; Fri, 10 Apr 2026\n 05:50:29 -0700 (PDT)"],"MIME-Version":"1.0","References":"<20260409121732.3979312-1-georgia.garcia@canonical.com>\n <87ecknys1f.fsf@gmail.com>","In-Reply-To":"<87ecknys1f.fsf@gmail.com>","From":"Massimiliano Pellizzer <massimiliano.pellizzer@canonical.com>","Date":"Fri, 10 Apr 2026 14:50:12 +0200","X-Gm-Features":"AQROBzBUaJxZaeKtoyH0Tu1hw_Frfxl4hPNgo6KK-UNyvL8aTqZd9U5CO4U4yug","Message-ID":"\n <CAFUb7_JMWfY29WwUXbPYHNs=LwptBXALAjd_1gd289o=VCYmdg@mail.gmail.com>","Subject":"ACK: [SRU][Q][PATCH v2 0/1] apparmor: fix NULL pointer dereference in\n __unix_needs_revalidation","To":"Ubuntu Kernel Team <kernel-team@lists.ubuntu.com>","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions <kernel-team.lists.ubuntu.com>","List-Unsubscribe":"<https://lists.ubuntu.com/mailman/options/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>","List-Archive":"<https://lists.ubuntu.com/archives/kernel-team>","List-Post":"<mailto:kernel-team@lists.ubuntu.com>","List-Help":"<mailto:kernel-team-request@lists.ubuntu.com?subject=help>","List-Subscribe":"<https://lists.ubuntu.com/mailman/listinfo/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"base64","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" <kernel-team-bounces@lists.ubuntu.com>"}},{"id":3675996,"web_url":"http://patchwork.ozlabs.org/comment/3675996/","msgid":"<87ik9ysowk.fsf@gmail.com>","list_archive_url":null,"date":"2026-04-10T17:31:23","subject":"APPLIED: [SRU][Q][PATCH v2 0/1] apparmor: fix NULL pointer\n dereference in __unix_needs_revalidation","submitter":{"id":89305,"url":"http://patchwork.ozlabs.org/api/people/89305/","name":"Mehmet Basaran","email":"mehmet.basaran@canonical.com"},"content":"Applied to questing:linux master-next branch. Thanks.\nGeorgia Garcia <georgia.garcia@canonical.com> writes:\n\n> BugLink: http://bugs.launchpad.net/bugs/2147374\n>\n> SRU Justification:\n>\n> [Impact]\n>\n> When receiving file descriptors via SCM_RIGHTS, both the socket pointer\n> and the socket's sk pointer can be NULL during socket setup or teardown,\n> causing NULL pointer dereferences in __unix_needs_revalidation().\n>\n> This is a regression in AppArmor 5.0.0 (kernel 6.17+) where the new\n> __unix_needs_revalidation() function was added without proper NULL checks.\n>\n> [  287.713912] BUG: kernel NULL pointer dereference, address: 0000000000000018\n> [  287.714922] #PF: supervisor read access in kernel mode\n> [  287.715653] #PF: error_code(0x0000) - not-present page\n> [  287.716378] PGD 0 P4D 0 \n> [  287.716749] Oops: Oops: 0000 [#1] SMP NOPTI\n> [  287.717347] CPU: 0 UID: 1000000 PID: 7587 Comm: aa-exec Tainted: G            E       6.17.13+ #19 PREEMPT(voluntary) \n> [  287.718806] Tainted: [E]=UNSIGNED_MODULE\n> [  287.719370] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n> [  287.720729] RIP: 0010:aa_file_perm+0xb9/0x3b0\n>\n> [Fix]\n>\n> Cherry-pick uptream linux commit:\n> e2938ad00b21340c0362562dfedd7cfec0554d67\n>\n> [Test Plan]\n>\n> Run the following POC and check that creating the nested-vm doesn't\n> cause a NULL pointer dereference in dmesg\n>\n> cat << EOF > poc.sh\n> #!/bin/bash\n> set -eux\n>\n> # VM inside container causes a kernel NULL pointer dereference on 6.17\n> if [[ \"$(uname -r)\" =~ ^6\\.17\\.0 ]]; then\n>   echo \"::warning:: 6.17 kernel detected, expect failure then check 'dmesg'\"\n> else\n>   echo \"::info:: 6.17 kernel NOT detected, expect success and consider switching to 'linux-image-generic-hwe-24.04'\"\n> fi\n>\n> snap install lxd --channel latest/edge\n> lxd init --auto\n>\n> # prepare ctn to be used for nested VM testing\n> lxc init ubuntu-minimal-daily:24.04 ctn -c security.devlxd.images=true -c security.nesting=true -s default\n> lxc config device add ctn kvm unix-char source=/dev/kvm\n> lxc config device add ctn vhost-net unix-char source=/dev/vhost-net\n> lxc config device add ctn vhost-vsock unix-char source=/dev/vhost-vsock\n> lxc config device add ctn vsock unix-char source=/dev/vsock\n>\n> lxc start ctn\n> sleep 30\n> lxc exec ctn -- snap wait system seed.loaded\n>\n> lxc exec ctn -- snap install lxd --channel latest/edge\n> lxc exec ctn -- lxd init --auto\n>\n> # launch small nested VM\n> lxc exec ctn -- lxc launch ubuntu-minimal-daily:24.04 nested-vm --vm -c limits.memory=512MiB -d root,size=3584MiB\n>\n> # cleanup\n> lxc delete -f ctn\n> EOF\n>\n> [Where problems could occur]\n>\n> The regression can be considered as low since both fixes have been\n> applied to the upstream kernel.\n>\n> System Administrator (1):\n>   apparmor: fix NULL pointer dereference in __unix_needs_revalidation\n>\n>  security/apparmor/file.c | 3 +++\n>  1 file changed, 3 insertions(+)\n>\n> -- \n> 2.43.0\n>\n>\n> -- \n> kernel-team mailing list\n> kernel-team@lists.ubuntu.com\n> https://lists.ubuntu.com/mailman/listinfo/kernel-team","headers":{"Return-Path":"<kernel-team-bounces@lists.ubuntu.com>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (4096-bit key;\n unprotected) header.d=canonical.com header.i=@canonical.com\n header.a=rsa-sha256 header.s=20251003 header.b=D+mRjAmL;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com\n (client-ip=185.125.189.65; helo=lists.ubuntu.com;\n envelope-from=kernel-team-bounces@lists.ubuntu.com;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fskPN5dQfz1yGS\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 11 Apr 2026 03:31:36 +1000 (AEST)","from localhost ([127.0.0.1] helo=lists.ubuntu.com)\n\tby lists.ubuntu.com with esmtp (Exim 4.86_2)\n\t(envelope-from <kernel-team-bounces@lists.ubuntu.com>)\n\tid 1wBFhY-0002oB-Gv; Fri, 10 Apr 2026 17:31:28 +0000","from smtp-relay-internal-0.internal ([10.131.114.225]\n helo=smtp-relay-internal-0.canonical.com)\n by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.86_2) (envelope-from <mehmet.basaran@canonical.com>)\n id 1wBFhX-0002nw-D9\n for kernel-team@lists.ubuntu.com; Fri, 10 Apr 2026 17:31:27 +0000","from mail-wr1-f69.google.com (mail-wr1-f69.google.com\n [209.85.221.69])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 3DA053F7B0\n for <kernel-team@lists.ubuntu.com>; Fri, 10 Apr 2026 17:31:27 +0000 (UTC)","by mail-wr1-f69.google.com with SMTP id\n ffacd0b85a97d-43ba02dc34bso1601878f8f.1\n for <kernel-team@lists.ubuntu.com>; Fri, 10 Apr 2026 10:31:27 -0700 (PDT)","from localhost ([94.54.18.154]) by smtp.gmail.com with ESMTPSA id\n 5b1f17b1804b1-488d67b4903sm31825555e9.5.2026.04.10.10.31.24\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Fri, 10 Apr 2026 10:31:25 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;\n s=20251003; t=1775842287;\n bh=21RYBRntd0DgfdvsgAIPhE25lwCr67DBC2FQ4/gAZ7o=;\n h=From:To:Subject:In-Reply-To:References:Date:Message-ID:\n MIME-Version:Content-Type;\n b=D+mRjAmLscpWRCuOIxJNtQu1cb2oic8RDcEectk3miqhPS9Z+Wm+BeNypRt6ViX3v\n UIT6r/p1l/mJiisl9s6YL/AG34Dlq9vVYoHHK0yhV7V0exbqdE52hSxjsw94ONETtH\n fQ7AuAQFSnQe5k2x04FOTm5oztdiL9Mkp4PbVltn2fHNcj2su4YDT0R6YE8U1kWrfH\n xNj7n8A7cMixLcx82Tkr5qQXE3VfwXDN5yVPBJAMTngeSfUUs6lCKC3JDOY26Yipzb\n pRzRXzjzYkuN3QNgXM/T5PCtOg0uN59McioN48iR3MPNaOxloiXrppS1MXMjNh9MFh\n BxwHOtEnxPdceLo1/ujZT2f7ixC+he2KGWVXJaG/mUwL3lEy+yPbQRkywA/2T2y6nO\n LBofEs5vRWetaOo12mW/dnontFL9DKWTmd0AjxSQJEcVbNGYsyF4MOYY8DpKAgNgBN\n 7B3b9oxc6LeTbePCvwbk3I0XnWDcsKmJ0XZ+w9Dc35RF010sR8pB/MAH0Da2lqUqtB\n YwL7nLNkcWgP2P5Z3amzXzjFJragOrGrghNwvfMLXE3r22LfhxglDJx05fLlsxbnrI\n 1LkdkcCpCf2e5oPjoERreMPsFHU8I47RT7vTu+W+ySopTvaD1EWGfjDiwTwaQcNVat\n 0NYwrRy1eaQR22XiwUOFN5Qw=","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1775842286; x=1776447086;\n h=mime-version:message-id:date:references:in-reply-to:subject:to:from\n :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id\n :reply-to;\n bh=21RYBRntd0DgfdvsgAIPhE25lwCr67DBC2FQ4/gAZ7o=;\n b=E6iYoczxVAcOBgxYmz5HuU4VgK016kxybw0ZTHox+T8HSQZqnc7nd3rt5Q/sGZdR0I\n Fr4ynIXZCUB5WMh3KR2eZnhzzziCgV8hycaWpgiyXsYQQV9O/74YBWMcgiO0+EgUWQlz\n krR1kAUOmQRqgA3yTaI6DYLYFQYZ0aB35CcgcN2l63KVMd5GQ5Jnqmo87tW0uGQxjnjC\n FETfArXdDnfqEmHHvUoNvwIdQAtHR2S9iBFHv27Y0UdzY7T/6Wow+HaRiSIsn9luIQ0L\n fmItQxSVDsNy4+qDSqilkGA9OEa4nabCZMBMqKpKXeHyBahc3AyfTHShd2QJK9V/Yfee\n 9fCA==","X-Forwarded-Encrypted":"i=1;\n AJvYcCVfUbdjZ/exiPVCNUiTpX/RfKbnHuHamWeijnxgsGNpw477bI7c5d/gtla+rgk1bS5uqXnxxavtbepryQ==@lists.ubuntu.com","X-Gm-Message-State":"AOJu0YyxFeY8PPwYIa1e3RU20ZHlwBBbVle/Nr3yWYQR+rulolwnAFq2\n CrTMlfk5I+BqZbpuKfx1xPNz7ZxthrfEHvjFCSDNshFdNZTjnisxcxuc+hRY31+l4mNpvKjaHWy\n 6EsnmPs3eF1pEQPgLnQsPjv29363BLEewcX8B/NlrhIqF01Rvxsy5FLKys+y9hTn63zp/vU8aS7\n NflU/Y3LuqgT8Mgw==","X-Gm-Gg":"AeBDiesMrFoRGK1d5PdVE3cl5PmZlZWecf6oXa+M4Bao+QEWJYbGc1NWPHM7HSHPtue\n cJ/4+9hhE+AB9EYIFGHObPFJeyjnhRnhukQpLMsijli8lCXlfvz2/BAZAFRrBSwo1AV+qsf1C8t\n hgCJvBzKFl6VNWlnQGa3ds1HOgi7XVfEU/hoLMh4jd8XOkIIm4UQthg+X7/xHbihYuGirLc8Q1x\n irEfavjtHFzDNVrzl9DCHskRgAConQFnuh1Vu2ocDSq+1zXR3tHBZUX3hvIkEeYbskjNvwN2dKq\n BgkY2JtpSgSSmSBx/32sP7k11AzDSyDEYENZOcpigf7help1EJfq8auseqUTC14HbuWnkcn75mN\n 3V0J0HgMlFFwptnOyMu20l2uegfVo","X-Received":["by 2002:a05:600c:5d4:b0:488:d6eb:e63c with SMTP id\n 5b1f17b1804b1-488d6ebe787mr31217455e9.15.1775842286558;\n Fri, 10 Apr 2026 10:31:26 -0700 (PDT)","by 2002:a05:600c:5d4:b0:488:d6eb:e63c with SMTP id\n 5b1f17b1804b1-488d6ebe787mr31217315e9.15.1775842286161;\n Fri, 10 Apr 2026 10:31:26 -0700 (PDT)"],"From":"Mehmet Basaran <mehmet.basaran@canonical.com>","To":"Georgia Garcia <georgia.garcia@canonical.com>,\n kernel-team@lists.ubuntu.com","Subject":"APPLIED: [SRU][Q][PATCH v2 0/1] apparmor: fix NULL pointer\n dereference in __unix_needs_revalidation","In-Reply-To":"<20260409121732.3979312-1-georgia.garcia@canonical.com>","References":"<20260409121732.3979312-1-georgia.garcia@canonical.com>","Date":"Fri, 10 Apr 2026 20:31:23 +0300","Message-ID":"<87ik9ysowk.fsf@gmail.com>","MIME-Version":"1.0","Content-Type":"multipart/mixed; boundary=\"=-=-=\"","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions <kernel-team.lists.ubuntu.com>","List-Unsubscribe":"<https://lists.ubuntu.com/mailman/options/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>","List-Archive":"<https://lists.ubuntu.com/archives/kernel-team>","List-Post":"<mailto:kernel-team@lists.ubuntu.com>","List-Help":"<mailto:kernel-team-request@lists.ubuntu.com?subject=help>","List-Subscribe":"<https://lists.ubuntu.com/mailman/listinfo/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" <kernel-team-bounces@lists.ubuntu.com>"}}]