[{"id":3675080,"web_url":"http://patchwork.ozlabs.org/comment/3675080/","msgid":"<d3a4632c-7535-44b0-9bdd-acd09945864d@canonical.com>","list_archive_url":null,"date":"2026-04-09T05:24:12","subject":"NACK: [SRU][Q][PATCH 1/1] apparmor: fix NULL pointer dereference in\n __unix_needs_revalidation","submitter":{"id":85372,"url":"http://patchwork.ozlabs.org/api/people/85372/","name":"Masahiro Yamada","email":"masahiro.yamada@canonical.com"},"content":"On 4/8/26 02:30, Georgia Garcia wrote:\n> From: System Administrator <root@localhost>\n>\n> BugLink: http://bugs.launchpad.net/bugs/2147374\n>\n> When receiving file descriptors via SCM_RIGHTS, both the socket pointer\n> and the socket's sk pointer can be NULL during socket setup or teardown,\n> causing NULL pointer dereferences in __unix_needs_revalidation().\n>\n> This is a regression in AppArmor 5.0.0 (kernel 6.17+) where the new\n> __unix_needs_revalidation() function was added without proper NULL checks.\n>\n> The crash manifests as:\n>    BUG: kernel NULL pointer dereference, address: 0x0000000000000018\n>    RIP: aa_file_perm+0xb7/0x3b0 (or +0xbe/0x3b0, +0xc0/0x3e0)\n>    Call Trace:\n>     apparmor_file_receive+0x42/0x80\n>     security_file_receive+0x2e/0x50\n>     receive_fd+0x1d/0xf0\n>     scm_detach_fds+0xad/0x1c0\n>\n> The function dereferences sock->sk->sk_family without checking if either\n> sock or sock->sk is NULL first.\n>\n> Add NULL checks for both sock and sock->sk before accessing sk_family.\n>\n> Fixes: 88fec3526e841 (\"apparmor: make sure unix socket labeling is correctly updated.\")\n> Reported-by: Jamin Mc <jaminmc@gmail.com>\n> Closes: https://bugzilla.proxmox.com/show_bug.cgi?id=7083\n> Closes: https://gitlab.com/apparmor/apparmor/-/issues/568\n> Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>\n> Signed-off-by: System Administrator <root@localhost>\n> Signed-off-by: John Johansen <john.johansen@canonical.com>\n\n\n\"cherry picked from\" or \"backported from\" is missing.\n\nYour Signed-off-by is missing.\n\n\n> ---\n>   security/apparmor/file.c | 3 +++\n>   1 file changed, 3 insertions(+)\n>\n> diff --git a/security/apparmor/file.c b/security/apparmor/file.c\n> index d30be1979ced..50785b4dd746 100644\n> --- a/security/apparmor/file.c\n> +++ b/security/apparmor/file.c\n> @@ -777,6 +777,9 @@ static bool __unix_needs_revalidation(struct file *file, struct aa_label *label,\n>   \t\treturn false;\n>   \tif (request & NET_PEER_MASK)\n>   \t\treturn false;\n> +\t/* sock and sock->sk can be NULL for sockets being set up or torn down */\n> +\tif (!sock || !sock->sk)\n> +\t\treturn false;\n>   \tif (sock->sk->sk_family == PF_UNIX) {\n>   \t\tstruct aa_sk_ctx *ctx = aa_sock(sock->sk);\n>","headers":{"Return-Path":"<kernel-team-bounces@lists.ubuntu.com>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (4096-bit key;\n unprotected) header.d=canonical.com header.i=@canonical.com\n header.a=rsa-sha256 header.s=20251003 header.b=QqQwx+h7;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com\n (client-ip=185.125.189.65; helo=lists.ubuntu.com;\n envelope-from=kernel-team-bounces@lists.ubuntu.com;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4frpJr385Nz1yD3\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 09 Apr 2026 15:24:27 +1000 (AEST)","from localhost ([127.0.0.1] helo=lists.ubuntu.com)\n\tby lists.ubuntu.com with esmtp (Exim 4.86_2)\n\t(envelope-from <kernel-team-bounces@lists.ubuntu.com>)\n\tid 1wAhsJ-0007o7-4V; Thu, 09 Apr 2026 05:24:19 +0000","from smtp-relay-internal-1.internal ([10.131.114.114]\n helo=smtp-relay-internal-1.canonical.com)\n by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.86_2) (envelope-from <masahiro.yamada@canonical.com>)\n id 1wAhsI-0007o0-7j\n for kernel-team@lists.ubuntu.com; Thu, 09 Apr 2026 05:24:18 +0000","from mail-qv1-f69.google.com (mail-qv1-f69.google.com\n [209.85.219.69])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 203DD3F13F\n for <kernel-team@lists.ubuntu.com>; Thu,  9 Apr 2026 05:24:18 +0000 (UTC)","by mail-qv1-f69.google.com with SMTP id\n 6a1803df08f44-8a1d8b4bc90so17556836d6.0\n for <kernel-team@lists.ubuntu.com>; Wed, 08 Apr 2026 22:24:18 -0700 (PDT)","from ?IPV6:2001:67c:1562:8007::aac:401c?\n ([2001:67c:1562:8007::aac:401c]) by smtp.gmail.com with ESMTPSA id\n 6a1803df08f44-8aa70136e87sm101392576d6.22.2026.04.08.22.24.14\n (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);\n Wed, 08 Apr 2026 22:24:16 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;\n s=20251003; t=1775712258;\n bh=4uekw5bO4hgGy4LhaKR6IIYHWCxN1dYezZ5+y5Yk5uA=;\n h=Message-ID:Date:MIME-Version:Subject:To:References:From:\n In-Reply-To:Content-Type;\n b=QqQwx+h7XnW8Iit9JdeMfSM21IwdO4Oxgij+HIMT9SXyx6GkKixaeaxCfyilOJ4L8\n 3IuSzpnIPZkA/I7JwLv7jCjRbwwLOZPp6ZKptIpyQMLrKKeES9IafJO8aMTI4y8H8b\n eLqCFAV+9CEriMnIeoKK6FCkmGvtzW/hT7GfbKb/TgCXtPMZeao63QlfseR0jEItQm\n h6DX85mAaAXmAMkhlWtRVYEGCxuWy6Bq/W6vIX+aa5SuL6Sd84p+cPL3ZPXjLOm0fc\n 47IyEW1iIEza/iJLOPqgs4rk8pn5ecL7OljB206Fe3S2KNMplt2+jT0MCcXeMo4VZ1\n 4ZyVGf/NUFDt0hAqX8L2fui4ZZzT9cYbSlA7M7vJYZuU13SPpJgx0QqHKjdjcnZwSp\n AbmpgbXSDW1giUAUNBFXX1/9IGbdkic4wU6249MUGbwywCuWIyjaIW+KWXvzTVgmNX\n btPudv9vQzSoDavBG+wJ/nnKhSbjDGl/xZDQaGctLvb9J3IChdFQn0oUA5CCRYtYHo\n 8I0p6wtMeqzRNag2wTc/KQd88oBaYX6WFCvJJhD1Tab0cf0YPu5TdjOkoeD8MIoo7A\n PkYxgLwU6XH9z7ZfmFGYIlJHtqrHavdmUQa3Htg4GttCQfdoDpelkL9hu8dvX0u2Pr\n NpZMChE4XqoCeI9Eov7KY7Tg=","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1775712257; x=1776317057;\n h=content-transfer-encoding:in-reply-to:content-language:from\n :references:to:subject:user-agent:mime-version:date:message-id\n :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id\n :reply-to;\n bh=4uekw5bO4hgGy4LhaKR6IIYHWCxN1dYezZ5+y5Yk5uA=;\n b=qBtumHa0iml/IxkHcLZQH3G/p4VpG09yt/v9P40ptopbH6GCTxMrdxVSygyfrBmsk6\n piCObDK+/9qVv+w5G0YksH1bGM/UioGnBzS+RB+FWual5+g3UyP/7upeedb0fWU7zp5D\n FaSjq9qxEYfx2QXrPE1FU0BPyXMkqs4D44rSojIlx+T3nctT3d/g+mfTYLE5gUWqCLjw\n 83h+GyXZVO8RRXpXcRM2nsEZeXItlUwbujg9vZTdkVCHi8OfQseUowX5EC6+D+1qK68n\n rO62H2lNnMDbpUtjx+u6gVj+aC8qWzn0LVJs7ua9Iph1T/gSIV/0/cigkgp0XEo4qBo0\n U10w==","X-Forwarded-Encrypted":"i=1;\n AJvYcCVJ8ycmlpil4Gf2HW1HnbcrfryK9iKCr5xjf4vdZ9aSWt7x0pjWbAl2f/B5SUNcHDgOFh3Ggag0xqhyMg==@lists.ubuntu.com","X-Gm-Message-State":"AOJu0Ywi2xldeYTRKL80vULXLOi3NnrsrxkVlmeMBBwXd3sZhE0lypP7\n A8YHqfOjoHP1Ye0DGj7I9rpYdLy691+XlXy+62CZcXltzJSpQ1Wf01mXzANaaoFN/cMlKsTSad4\n 5TfmWzYZNXY3QTcZzCI3wKu/mwB3GDOLRP4Li4YIUfgO7h7N8j62FEKH3bDwCKFXta0YtkuCgts\n 7oUOAcdp4qh+ljAmNb","X-Gm-Gg":"AeBDievO7gCZfN2JIzxAJFuAjEMhnOYfg3Wm5KQPTvmfWeurBe1TTZLcj0f152YbyMo\n ePi7EbUzO6nsVvq+i6J6LwalnNe2V0SuZDV8P01RfpCexPbggEL+Hq/cnPidzt6EuP0le0r1A3t\n XZ0+bUXeDoPZfT5Bofkkyr77a9qJ7DABDPFhxetmqHUlW1UAt1LfyvcpEaRtNRK7u+ZY8DJgMY2\n 10AmbpcAyXUjKT7tEBQtYceraC4pYKXQ38/oxEMhrOzO6AVSxnp6Mb7m10djYlBrFFe6vT4wk4k\n 9o+V+oK5+LoVvUN4QQrWH3Q0drcof9mvxfo6e7axasJWFBJ7qzw1MER8whKXWQxOsqovheSHui1\n CS0LzdY7m/EHOIb77qLeqVdAXY5jL2dvGADCE9fqVpS2QU3FPdjBR/JsH","X-Received":["by 2002:a05:6214:418d:b0:89c:c35a:fb35 with SMTP id\n 6a1803df08f44-8ac7453ee6amr33143256d6.3.1775712256961;\n Wed, 08 Apr 2026 22:24:16 -0700 (PDT)","by 2002:a05:6214:418d:b0:89c:c35a:fb35 with SMTP id\n 6a1803df08f44-8ac7453ee6amr33143106d6.3.1775712256584;\n Wed, 08 Apr 2026 22:24:16 -0700 (PDT)"],"Message-ID":"<d3a4632c-7535-44b0-9bdd-acd09945864d@canonical.com>","Date":"Thu, 9 Apr 2026 14:24:12 +0900","MIME-Version":"1.0","User-Agent":"Mozilla Thunderbird","Subject":"NACK: [SRU][Q][PATCH 1/1] apparmor: fix NULL pointer dereference in\n __unix_needs_revalidation","To":"Georgia Garcia <georgia.garcia@canonical.com>,\n kernel-team@lists.ubuntu.com","References":"<20260407173029.3872549-1-georgia.garcia@canonical.com>\n <20260407173029.3872549-2-georgia.garcia@canonical.com>","From":"Masahiro Yamada <masahiro.yamada@canonical.com>","Content-Language":"en-US","In-Reply-To":"<20260407173029.3872549-2-georgia.garcia@canonical.com>","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions <kernel-team.lists.ubuntu.com>","List-Unsubscribe":"<https://lists.ubuntu.com/mailman/options/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>","List-Archive":"<https://lists.ubuntu.com/archives/kernel-team>","List-Post":"<mailto:kernel-team@lists.ubuntu.com>","List-Help":"<mailto:kernel-team-request@lists.ubuntu.com?subject=help>","List-Subscribe":"<https://lists.ubuntu.com/mailman/listinfo/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>","Content-Transfer-Encoding":"base64","Content-Type":"text/plain; charset=\"utf-8\"; Format=\"flowed\"","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" <kernel-team-bounces@lists.ubuntu.com>"}}]