From patchwork Thu Mar 10 16:11:43 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [lucid,maverick] SRU: apparmor_parser triggers a kernel panic
Date: Thu, 10 Mar 2011 06:11:43 -0000
From: Paolo Pisati <paolo.pisati@canonical.com>
X-Patchwork-Id: 86318
Message-Id: <4D78F83F.7070109@canonical.com>
To: kernel-team@lists.ubuntu.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SRU Justification:

    Impact: kernel panic when loading a malformed apparmor profile.
    Fix: see attached patch.
    Testcase: /etc/init.d/apparmor restart


Buglink:
https://bugs.launchpad.net/ubuntu/+source/linux-mvl-dove/+bug/732700

This affetcs lucid/master, lucid/mvl-dove and maverick/mvl-dove.

This fix a regression in the lucid/mvl-dove -proposed kernel.

bye,
p
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNePg/AAoJEMupOQaAohtUSQEH/1PcnD0apOvdM4WFt0G2fOwz
2ZMT89kPoytAmYu3FSdICiXWJUKhFkQHEyou+RhkBmNrXjmT/JW9v16LTsAOUxBx
vWjlbeU8KZ0hpNfxF4lZQJBe9CmVgzP6OM48fvz01NLhhahUF8VmEDyGAIxQJq+h
E5vMLzVBYTWvyapRee7KV+mNzWJAMVXbSRfKtKg2s3Cx5yCpwzFWdghAept2nPvO
1qAWIGhZfWcId5r8IV8Gqj+Yp1FifJkZMd06TT6/QFogJdGtjgdGps/e+4zshHsB
pDMDk3xLNA0c6bm6Dgnw5n9CV9bRl+jQ00Lzohk38ukQwzj+q16zy411zXKLuxA=
=pmpz
-----END PGP SIGNATURE-----
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>


>From 7bb336c3ec41400853a5130870206dcc08849572 Mon Sep 17 00:00:00 2001
From: Paolo Pisati <paolo.pisati@canonical.com>
Date: Thu, 10 Mar 2011 16:42:41 +0100
Subject: [PATCH] UBUNTU: SAUCE: Clear new_profile in error path

BugLink: http://bugs.launchpad.net/bugs/732700

Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
---
 security/apparmor/policy.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index 61f0043..e1db319 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -922,6 +922,7 @@ ssize_t aa_interface_replace_profiles(void *udata, size_t size, bool add_only)
 	new_profile = aa_unpack(udata, size, &sa);
 	if (IS_ERR(new_profile)) {
 		sa.base.error = PTR_ERR(new_profile);
+		new_profile = NULL;
 		goto fail;
 	}
 
-- 
1.7.1