{"id":2221398,"url":"http://patchwork.ozlabs.org/api/1.0/covers/2221398/?format=json","project":{"id":15,"url":"http://patchwork.ozlabs.org/api/1.0/projects/15/?format=json","name":"Ubuntu Kernel","link_name":"ubuntu-kernel","list_id":"kernel-team.lists.ubuntu.com","list_email":"kernel-team@lists.ubuntu.com","web_url":null,"scm_url":null,"webscm_url":null},"msgid":"<20260409121732.3979312-1-georgia.garcia@canonical.com>","date":"2026-04-09T12:17:31","name":"[SRU,Q,v2,0/1] apparmor: fix NULL pointer dereference in __unix_needs_revalidation","submitter":{"id":82129,"url":"http://patchwork.ozlabs.org/api/1.0/people/82129/?format=json","name":"Georgia Garcia","email":"georgia.garcia@canonical.com"},"series":[{"id":499284,"url":"http://patchwork.ozlabs.org/api/1.0/series/499284/?format=json","date":"2026-04-09T12:17:31","name":"apparmor: fix NULL pointer dereference in __unix_needs_revalidation","version":2,"mbox":"http://patchwork.ozlabs.org/series/499284/mbox/"}],"headers":{"Return-Path":"<kernel-team-bounces@lists.ubuntu.com>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (4096-bit key;\n unprotected) header.d=canonical.com header.i=@canonical.com\n header.a=rsa-sha256 header.s=20251003 header.b=gLDejYjB;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com\n (client-ip=185.125.189.65; helo=lists.ubuntu.com;\n envelope-from=kernel-team-bounces@lists.ubuntu.com;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4frzTw5BJ0z1yHG\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 09 Apr 2026 22:17:55 +1000 (AEST)","from localhost ([127.0.0.1] helo=lists.ubuntu.com)\n\tby lists.ubuntu.com with esmtp (Exim 4.86_2)\n\t(envelope-from <kernel-team-bounces@lists.ubuntu.com>)\n\tid 1wAoKM-0001nr-NN; Thu, 09 Apr 2026 12:17:42 +0000","from smtp-relay-internal-1.internal ([10.131.114.114]\n helo=smtp-relay-internal-1.canonical.com)\n by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.86_2) (envelope-from <georgia.garcia@canonical.com>)\n id 1wAoKL-0001nj-9k\n for kernel-team@lists.ubuntu.com; Thu, 09 Apr 2026 12:17:41 +0000","from mail-ua1-f72.google.com (mail-ua1-f72.google.com\n [209.85.222.72])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 1F1B83F61C\n for <kernel-team@lists.ubuntu.com>; Thu,  9 Apr 2026 12:17:41 +0000 (UTC)","by mail-ua1-f72.google.com with SMTP id\n a1e0cc1a2514c-953cccadb32so713106241.2\n for <kernel-team@lists.ubuntu.com>; Thu, 09 Apr 2026 05:17:41 -0700 (PDT)","from localhost.localdomain ([177.92.51.93])\n by smtp.gmail.com with ESMTPSA id\n a1e0cc1a2514c-953fb7ef8c2sm17874205241.3.2026.04.09.05.17.35\n for <kernel-team@lists.ubuntu.com>\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Thu, 09 Apr 2026 05:17:37 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;\n s=20251003; t=1775737061;\n bh=Arin1vixagBVZtehgwCX7EGtzPvY1bKBBnPSeatdlW4=;\n h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type;\n b=gLDejYjBm6bLYYsnHbrfgkNIGFXznkS1fZTemiJcGdFaeawMKSwT+NkPOqVyvpDit\n KJZAeD4AGeZQp+0bh95EEBijn5bdd8rynSJ9sZpFJ/Cve1UvEVrwCdWvYraVNYV1D1\n FKgVEbbLc3zJ7RLZu7y6cv3nCXK765B9fWwvYddtxIvRD+vKE8TXVndL8SLtVb/wZl\n v0FRW1q6AasRNT1J+hr8pmpgIkbJqBPCdBSNNMtXsoDzfuPKf2SlXE+jLkeR5Pqr8h\n pGETAEt7F1FbpUfwpvIh1PoR9ULc4EIVRAocFhZ6GdKCE7hmSX8zeffDUejuHnLAlA\n wszKhcR9mEI8kd3dYhtIAvlz9B/h+u4BMd40HpH7AzM0MWtE6YuC3AJ6wqQzZwdiiw\n zn1I3WT/EKGMb+XQSkHC+tJhsUYVFo1rb0Yz+tU0efoKFn3RWn0nlwBm4pNUNIw3yd\n UMpzfgB0VrVN8WOr0INI1quutrZg5w3w07SgScPBqIDoP4D3BBsmUAEZcIs3amos4B\n NfAKcBSH5HpXRA71OnDob10JVcElyVhvOqOI7ldlsGefQfdPqtFMKf3Pt8ft5+RKQC\n ZtM5Rrm9yFCc5zrI2tKieO/zqntO818gTXPKJjCc2ZNp/CTQ/tbEigvMWPa4s0aH1A\n tclbiZPTfkOu7xN2yS1Hrwsw=","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1775737059; x=1776341859;\n h=content-transfer-encoding:mime-version:message-id:date:subject:to\n :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id\n :reply-to;\n bh=Arin1vixagBVZtehgwCX7EGtzPvY1bKBBnPSeatdlW4=;\n b=KYIB210yhAC4/aE8ELdzD5kBk5pn9fLeaA+q1BPlvrAPbyDo6F82px7teD9/RolH16\n N0K0O4hH+1JQ/kWV50jMMbASAwvvuauQWu7n3I/DdAZt7ipe2FtM0lfqPJHNKFWBZHq1\n xFvEsy9HE3+ciCXy9DOt7TaMN139IYReaaC88sRhiYxKnY2X5BqtLUQgZuOs5lB6WHmw\n SAmQYVquhssQrfZIG8IYOm0KTz+eF8QYsDOilDOmBh6S2W7/aWe96QmfXpAn/VIaon38\n oTojpuwBF35oYysZBxs1/ixTE5/p9JZUH1gmdcC+MqbC9NOxBTlWoaFwgpl7M0EmJ+/o\n oW5A==","X-Gm-Message-State":"AOJu0YyEsXwOA1gZQNfiGi7DIcHzHvmM5VdqFtACOVLA/iLjQ/yTUqqV\n fZyhbCa01wyxVNNWAhqxgvCtg8f/qBkaROanozpgdbelm4SLuEpOvugUupRYFshmD1y8jkvDt5/\n +yYrCvdXD/BeZrHUOKFSNJoJJwbLxnStvHkAfQfNpbuU7ZmckrAnH5DuqBhqbyYPORIcXbJOWHr\n D+1HoInpi4SMv6Wg==","X-Gm-Gg":"AeBDievkKgFiY1XWr+30y8TukIbb1hxHkjlVX1YniiyiJf5w1gj5c5ILOoAhhu4Q0Ct\n bUsk5J2PGHSqMOs1RrBhqqGGZrS7wQNQmXCon1WZLk6Evza8DawhkHgCcQjqThJbzJEyvl4UdLy\n ySwgLRbz8fS22mWjArYbBjRyQpNIQjD15PFUmGuMEhtl8CZngnAMNSBl3oaebahp/rBwZO5xeDZ\n gVmOK+Sjz8cZOAEC5wPLB9k8DEk/s7X7N5ogJVi87Z4YUVCPdlzTrNX0bwOxzFDIBSuZylyJRti\n xglZNg1s0VRD+j3OS09XWtKB1Rx+CBTIT8uySD5PM6vqRpQsoGewb99pkV0uXyN4awE0VU+/H6s\n pYmfyDu5D8DtRCg/KMPzdchKzg2xcv34HbTSw8WNhtYMMrFLqNhaoDsyT4yF+OA4CB25zlzCaN5\n g=","X-Received":["by 2002:a05:6122:83d3:b0:56d:451b:e4dd with SMTP id\n 71dfb90a1353d-56dab9c582amr10250369e0c.12.1775737059160;\n Thu, 09 Apr 2026 05:17:39 -0700 (PDT)","by 2002:a05:6122:83d3:b0:56d:451b:e4dd with SMTP id\n 71dfb90a1353d-56dab9c582amr10250351e0c.12.1775737058534;\n Thu, 09 Apr 2026 05:17:38 -0700 (PDT)"],"From":"Georgia Garcia <georgia.garcia@canonical.com>","To":"kernel-team@lists.ubuntu.com","Subject":"[SRU][Q][PATCH v2 0/1] apparmor: fix NULL pointer dereference in\n __unix_needs_revalidation","Date":"Thu,  9 Apr 2026 09:17:31 -0300","Message-ID":"<20260409121732.3979312-1-georgia.garcia@canonical.com>","X-Mailer":"git-send-email 2.43.0","MIME-Version":"1.0","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions <kernel-team.lists.ubuntu.com>","List-Unsubscribe":"<https://lists.ubuntu.com/mailman/options/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>","List-Archive":"<https://lists.ubuntu.com/archives/kernel-team>","List-Post":"<mailto:kernel-team@lists.ubuntu.com>","List-Help":"<mailto:kernel-team-request@lists.ubuntu.com?subject=help>","List-Subscribe":"<https://lists.ubuntu.com/mailman/listinfo/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"base64","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" <kernel-team-bounces@lists.ubuntu.com>"},"content":"BugLink: http://bugs.launchpad.net/bugs/2147374\n\nSRU Justification:\n\n[Impact]\n\nWhen receiving file descriptors via SCM_RIGHTS, both the socket pointer\nand the socket's sk pointer can be NULL during socket setup or teardown,\ncausing NULL pointer dereferences in __unix_needs_revalidation().\n\nThis is a regression in AppArmor 5.0.0 (kernel 6.17+) where the new\n__unix_needs_revalidation() function was added without proper NULL checks.\n\n[  287.713912] BUG: kernel NULL pointer dereference, address: 0000000000000018\n[  287.714922] #PF: supervisor read access in kernel mode\n[  287.715653] #PF: error_code(0x0000) - not-present page\n[  287.716378] PGD 0 P4D 0 \n[  287.716749] Oops: Oops: 0000 [#1] SMP NOPTI\n[  287.717347] CPU: 0 UID: 1000000 PID: 7587 Comm: aa-exec Tainted: G            E       6.17.13+ #19 PREEMPT(voluntary) \n[  287.718806] Tainted: [E]=UNSIGNED_MODULE\n[  287.719370] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[  287.720729] RIP: 0010:aa_file_perm+0xb9/0x3b0\n\n[Fix]\n\nCherry-pick uptream linux commit:\ne2938ad00b21340c0362562dfedd7cfec0554d67\n\n[Test Plan]\n\nRun the following POC and check that creating the nested-vm doesn't\ncause a NULL pointer dereference in dmesg\n\ncat << EOF > poc.sh\n#!/bin/bash\nset -eux\n\n# VM inside container causes a kernel NULL pointer dereference on 6.17\nif [[ \"$(uname -r)\" =~ ^6\\.17\\.0 ]]; then\n  echo \"::warning:: 6.17 kernel detected, expect failure then check 'dmesg'\"\nelse\n  echo \"::info:: 6.17 kernel NOT detected, expect success and consider switching to 'linux-image-generic-hwe-24.04'\"\nfi\n\nsnap install lxd --channel latest/edge\nlxd init --auto\n\n# prepare ctn to be used for nested VM testing\nlxc init ubuntu-minimal-daily:24.04 ctn -c security.devlxd.images=true -c security.nesting=true -s default\nlxc config device add ctn kvm unix-char source=/dev/kvm\nlxc config device add ctn vhost-net unix-char source=/dev/vhost-net\nlxc config device add ctn vhost-vsock unix-char source=/dev/vhost-vsock\nlxc config device add ctn vsock unix-char source=/dev/vsock\n\nlxc start ctn\nsleep 30\nlxc exec ctn -- snap wait system seed.loaded\n\nlxc exec ctn -- snap install lxd --channel latest/edge\nlxc exec ctn -- lxd init --auto\n\n# launch small nested VM\nlxc exec ctn -- lxc launch ubuntu-minimal-daily:24.04 nested-vm --vm -c limits.memory=512MiB -d root,size=3584MiB\n\n# cleanup\nlxc delete -f ctn\nEOF\n\n[Where problems could occur]\n\nThe regression can be considered as low since both fixes have been\napplied to the upstream kernel.\n\nSystem Administrator (1):\n  apparmor: fix NULL pointer dereference in __unix_needs_revalidation\n\n security/apparmor/file.c | 3 +++\n 1 file changed, 3 insertions(+)"}