From 388ce305326619a825a03973ea595d44201bcea3 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sat, 4 Jul 2020 00:23:47 +0200 Subject: [PATCH] Drop "apparmor: don't try to replace stale label in ptraceme check" --- debian/changelog | 4 +- ...ry-to-replace-stale-label-in-ptracem.patch | 43 ------------------- debian/patches/series | 1 - 3 files changed, 1 insertion(+), 47 deletions(-) delete mode 100644 debian/patches/bugfix/all/apparmor-don-t-try-to-replace-stale-label-in-ptracem.patch diff --git a/debian/changelog b/debian/changelog index 61788ece8..9de5ee7b6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -898,7 +898,7 @@ linux (4.19.131-1) UNRELEASED; urgency=medium - ALSA: hda/realtek - Enable the headset of ASUS B9450FA with ALC294 - ALSA: hda/realtek: Enable mute LED on an HP system - ALSA: hda/realtek - Enable micmute LED on and HP system - - apparmor: don't try to replace stale label in ptraceme check + - apparmor: don't try to replace stale label in ptraceme check (Closes: #963493) - ibmveth: Fix max MTU limit - mld: fix memory leak in ipv6_mc_destroy_dev() - net: bridge: enfore alignment for ethernet address @@ -1013,8 +1013,6 @@ linux (4.19.131-1) UNRELEASED; urgency=medium [ Salvatore Bonaccorso ] * [rt] Add new signing key for Tom Zanussi - * apparmor: don't try to replace stale label in ptraceme check - (Closes: #963493) * nfsd: apply umask on fs without ACL support (Closes: #962254) * [rt] Update to 4.19.120-rt52 * [rt] Update to 4.19.124-rt53 diff --git a/debian/patches/bugfix/all/apparmor-don-t-try-to-replace-stale-label-in-ptracem.patch b/debian/patches/bugfix/all/apparmor-don-t-try-to-replace-stale-label-in-ptracem.patch deleted file mode 100644 index 412997510..000000000 --- a/debian/patches/bugfix/all/apparmor-don-t-try-to-replace-stale-label-in-ptracem.patch +++ /dev/null @@ -1,43 +0,0 @@ -From: Jann Horn -Date: Sat, 29 Sep 2018 03:49:26 +0200 -Subject: apparmor: don't try to replace stale label in ptraceme check -Origin: https://git.kernel.org/linus/ca3fde5214e1d24f78269b337d3f22afd6bf445e -Bug-Debian: https://bugs.debian.org/963493 - -begin_current_label_crit_section() must run in sleepable context because -when label_is_stale() is true, aa_replace_current_label() runs, which uses -prepare_creds(), which can sleep. - -Until now, the ptraceme access check (which runs with tasklist_lock held) -violated this rule. - -Fixes: b2d09ae449ced ("apparmor: move ptrace checks to using labels") -Reported-by: Cyrill Gorcunov -Reported-by: kernel test robot -Signed-off-by: Jann Horn -Signed-off-by: John Johansen ---- - security/apparmor/lsm.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c -index 2c842f24821b..d08aac05c65a 100644 ---- a/security/apparmor/lsm.c -+++ b/security/apparmor/lsm.c -@@ -132,11 +132,11 @@ static int apparmor_ptrace_traceme(struct task_struct *parent) - struct aa_label *tracer, *tracee; - int error; - -- tracee = begin_current_label_crit_section(); -+ tracee = __begin_current_label_crit_section(); - tracer = aa_get_task_label(parent); - error = aa_may_ptrace(tracer, tracee, AA_PTRACE_TRACE); - aa_put_label(tracer); -- end_current_label_crit_section(tracee); -+ __end_current_label_crit_section(tracee); - - return error; - } --- -2.27.0 - diff --git a/debian/patches/series b/debian/patches/series index 95f4f0333..3a3dc0e5b 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -100,7 +100,6 @@ bugfix/all/kbuild-include-addtree-remove-quotes-before-matching-path.patch debian/revert-objtool-fix-config_stack_validation-y-warning.patch bugfix/all/mt76-use-the-correct-hweight8-function.patch bugfix/all/rtc-s35390a-set-uie_unsupported.patch -bugfix/all/apparmor-don-t-try-to-replace-stale-label-in-ptracem.patch bugfix/all/nfsd-apply-umask-on-fs-without-ACL-support.patch # Miscellaneous features