apparmor: don't try to replace stale label in ptraceme check
BugLink: https://bugs.launchpad.net/bugs/1887715 [ Upstream commit ca3fde52 ] begin_current_label_crit_section() must run in sleepable context because when label_is_stale() is true, aa_replace_current_label() runs, which uses prepare_creds(), which can sleep. Until now, the ptraceme access check (which runs with tasklist_lock held) violated this rule. Fixes: b2d09ae4 ("apparmor: move ptrace checks to using labels") Reported-by:Cyrill Gorcunov <gorcunov@gmail.com> Reported-by:
kernel test robot <rong.a.chen@intel.com> Signed-off-by:
Jann Horn <jannh@google.com> Signed-off-by:
John Johansen <john.johansen@canonical.com> Signed-off-by:
Sasha Levin <sashal@kernel.org> Signed-off-by:
Kamal Mostafa <kamal@canonical.com> Signed-off-by:
Kelsey Skunberg <kelsey.skunberg@canonical.com> (cherry picked from commit c9cb63e400e1584d80ccf297bfb96e2c50448a5e) Signed-off-by:
Shrirang Bagul <shrirang.bagul@canonical.com>
Loading
Please sign in to comment