FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team
Reload this Page UBUNTU: SAUCE: AppArmor: Fix cap audit_caching preemption disabling

 
 
LinkBack Thread Tools
 
Old 11-09-2009, 07:41 PM
John Johansen
 
Default UBUNTU: SAUCE: AppArmor: Fix cap audit_caching preemption disabling
BugLink: http://bugs.launchpad.net/bugs/479102

The auditing code of capabilities, has a simple cache to reduce capability
messages flooding the audit logs. Checking and updating the cache
disables kernel preemption. One potential exit path does not properly
put the per cpu var, thus not reenabling preemption.

Signed-off-by: John Johansen <john.johansen@canonical.com>
---
ubuntu/apparmor/capability.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/ubuntu/apparmor/capability.c b/ubuntu/apparmor/capability.c
index 65b91cf..5bb2eca 100644
--- a/ubuntu/apparmor/capability.c
+++ b/ubuntu/apparmor/capability.c
@@ -72,6 +72,7 @@ static int aa_audit_caps(struct aa_profile *profile, struct aa_audit_caps *sa)
/* Do simple duplicate message elimination */
ent = &get_cpu_var(audit_cache);
if (sa->base.task == ent->task && cap_raised(ent->caps, sa->cap)) {
+ put_cpu_var(audit_cache);
if (PROFILE_COMPLAIN(profile))
return 0;
return sa->base.error;
--
1.6.3.3


--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 11-10-2009, 05:29 PM
John Johansen
 
Default UBUNTU: SAUCE: AppArmor: Fix cap audit_caching preemption disabling
BugLink: http://bugs.launchpad.net/bugs/479102

SRU Justification: Failing to put_cpu_var means that kernel preemption is
disabled for the task. This will affect all confined processes that try
to audit a capability message (so an process that has capability violation
or is in learning mode and would have a capability violation).

The auditing code of capabilities, has a simple cache to reduce capability
messages flooding the audit logs. Checking and updating the cache
disables kernel preemption. One potential exit path does not properly
put the per cpu var, thus not reenabling preemption.

Signed-off-by: John Johansen <john.johansen@canonical.com>
---
ubuntu/apparmor/capability.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/ubuntu/apparmor/capability.c b/ubuntu/apparmor/capability.c
index 65b91cf..5bb2eca 100644
--- a/ubuntu/apparmor/capability.c
+++ b/ubuntu/apparmor/capability.c
@@ -72,6 +72,7 @@ static int aa_audit_caps(struct aa_profile *profile, struct aa_audit_caps *sa)
/* Do simple duplicate message elimination */
ent = &get_cpu_var(audit_cache);
if (sa->base.task == ent->task && cap_raised(ent->caps, sa->cap)) {
+ put_cpu_var(audit_cache);
if (PROFILE_COMPLAIN(profile))
return 0;
return sa->base.error;
--
1.6.3.3


--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 03:32 AM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org

Contact Us - Linux Archive - Archive - Top -