Ubuntu
linux package

apparmor spam log with warnings on Preempt kernels

Bug #1323526 reported by John Johansen on 2014-05-27

This bug affects 1 person

	Status	Importance	Assigned to
linux (Ubuntu)	Fix Released	Undecided	John Johansen
Trusty	Confirmed	Undecided	Unassigned
Utopic	Fix Released	Undecided	John Johansen

Bug Description

    The apparmor/dbus support needs to allocate buffers in
    atomic context (i.e: holding a spinlock) since that is
    not possible, it declares a static per cpu array of
    buffers and has accessor macros to get and put buffers.

    Since the buffer array is a per cpu variable, it can
    only be concurrently accessed by the same cpu and this
    can only happen if the kernel is preempted.

So the get_buffers() macro disables preemption with
preempt_disable() so the buffer can be accessed safely.

    Grabbing a spinlock also makes the kernel to disable
    preemption so a raw __get_buffers() function can be used
    in this case that does not call preempt_disable().

The raw __get_buffers() function was called from file_path_perm()
since a spinlock was held by the calling revalidate_tty() function.

    But this is not the only place where file_path_perm() is called,
    it is also called by match_file() which is not in atomic context
    and thus doesn't disable preemption before so the __get_buffers()
    macro was complaining with a WARN_ON(preempt_count() <= 0) and
    spamming the console constantly.

This patch fix the issue by always calling {get,put}_buffers() since
preempt_{disable,enable}() functions are nestable.

Related branches

lp:ubuntu/utopic-proposed/linux-flo

lp:ubuntu/utopic-proposed/linux-hammerhead

John Johansen (jjohansen) on 2014-05-27

Changed in linux (Ubuntu Trusty):
status:	New → Confirmed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-05-29:

This bug was fixed in the package linux - 3.15.0-4.8

---------------
linux (3.15.0-4.8) utopic; urgency=low

[ Andy Whitcroft ]

  * Release Tracking Bug
    - LP: #1324107
  * [Config] enable SECURITY_APPARMOR_UNCONFINED_INIT

[ Javier Martinez Canillas ]

* SAUCE: (no-up) apparmor: fix bug that constantly spam the console
- LP: #1323526

[ John Johansen ]

  * SAUCE: (no-up) apparmor: Sync to apparmor3 - alpha6 snapshot
    - LP: #1323528
  * SAUCE: (no-up) apparmor: fix apparmor spams log with warning message
    - LP: #1308761
  * SAUCE: (no-up) apparmor: fix refcount bug in apparmor pivotroot
    - LP: #1308765
  * SAUCE: (no-up): apparmor: fix apparmor refcount bug in apparmor_kill
    - LP: #1308764
  * SAUCE: (no-up): apparmor: use custom write_is_locked macro
    - LP: #1323530

[ Kamal Mostafa ]

* [Config] add debian/gbp.conf

[ Tim Gardner ]

* [Config] CONFIG_SATA_AHCI=m for ppc64el
- LP: #1323980
-- Andy Whitcroft <email address hidden> Wed, 28 May 2014 12:47:17 +0100

Changed in linux (Ubuntu Utopic):
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package