• John Johansen's avatar
    AppArmor: Fix sleep in invalid context from task_setrlimit · 1780f2d3
    John Johansen authored
    Affected kernels 2.6.36 - 3.0
    
    AppArmor may do a GFP_KERNEL memory allocation with task_lock(tsk->group_leader);
    held when called from security_task_setrlimit.  This will only occur when the
    task's current policy has been replaced, and the task's creds have not been
    updated before entering the LSM security_task_setrlimit() hook.
    
    BUG: sleeping function called from invalid context at mm/slub.c:847
     in_atomic(): 1, irqs_disabled(): 0, pid: 1583, name: cupsd
     2 locks held by cupsd/1583:
      #0:  (tasklist_lock){.+.+.+}, at: [<ffffffff8104dafa>] do_prlimit+0x61/0x189
      #1:  (&(&p->alloc_lock)->rlock){+.+.+.}, at: [<ffffffff8104db2d>]
    do_prlimit+0x94/0x189
     Pid: 1583, comm: cupsd Not tainted 3.0.0-rc2-git1 #7
     Call Trace:
      [<ffffffff8102ebf2>] __might_sleep+0x10d/0x112
      [<ffffffff810e6f46>] slab_pre_alloc_hook.isra.49+0x2d/0x33
      [<ffffffff810e7bc4>] kmem_cache_alloc+0x22/0x132
      [<ffffffff8105b6e6>] prepare_creds+0x35/0xe4
      [<ffffffff811c0675>] aa_replace_current_profile+0x35/0xb2
      [<ffffffff811c4d2d>] aa_current_profile+0x45/0x4c
      [<ffffffff811c4d4d>] apparmor_task_setrlimit+0x19/0x3a
      [<ffffffff811beaa5>] security_task_setrlimit+0x11/0x13
      [<ffffffff8104db6b>] do_prlimit+0xd2/0x189
      [<ffffffff8104dea9>] sys_setrlimit+0x3b/0x48
      [<ffffffff814062bb>] system_call_fastpath+0x16/0x1b
    Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
    Reported-by: default avatarMiles Lane <miles.lane@gmail.com>
    Cc: stable@kernel.org
    Signed-off-by: default avatarJames Morris <jmorris@namei.org>
    1780f2d3
lsm.c 24.6 KB