From 656d4cfbe1257e53e8ff277fdc3d2546dbc207e8 Mon Sep 17 00:00:00 2001
From: Sasha Levin <sashal@kernel.org>
Date: Fri, 26 Jun 2020 23:40:42 -0400
Subject: [PATCH] Fixes for 4.19

Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 ...ry-to-replace-stale-label-in-ptracem.patch | 47 +++++++++++++++++++
 queue-4.19/series                             |  1 +
 2 files changed, 48 insertions(+)
 create mode 100644 queue-4.19/apparmor-don-t-try-to-replace-stale-label-in-ptracem.patch

diff --git a/queue-4.19/apparmor-don-t-try-to-replace-stale-label-in-ptracem.patch b/queue-4.19/apparmor-don-t-try-to-replace-stale-label-in-ptracem.patch
new file mode 100644
index 00000000000..6e5bd760432
--- /dev/null
+++ b/queue-4.19/apparmor-don-t-try-to-replace-stale-label-in-ptracem.patch
@@ -0,0 +1,47 @@
+From f08a0b4e3b9a258cabbe7c05c3c30eb9c1d8678e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 29 Sep 2018 03:49:26 +0200
+Subject: apparmor: don't try to replace stale label in ptraceme check
+
+From: Jann Horn <jannh@google.com>
+
+[ Upstream commit ca3fde5214e1d24f78269b337d3f22afd6bf445e ]
+
+begin_current_label_crit_section() must run in sleepable context because
+when label_is_stale() is true, aa_replace_current_label() runs, which uses
+prepare_creds(), which can sleep.
+
+Until now, the ptraceme access check (which runs with tasklist_lock held)
+violated this rule.
+
+Fixes: b2d09ae449ced ("apparmor: move ptrace checks to using labels")
+Reported-by: Cyrill Gorcunov <gorcunov@gmail.com>
+Reported-by: kernel test robot <rong.a.chen@intel.com>
+Signed-off-by: Jann Horn <jannh@google.com>
+Signed-off-by: John Johansen <john.johansen@canonical.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ security/apparmor/lsm.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
+index 5e32fe434140e..898752b818dc5 100644
+--- a/security/apparmor/lsm.c
++++ b/security/apparmor/lsm.c
+@@ -130,11 +130,11 @@ static int apparmor_ptrace_traceme(struct task_struct *parent)
+ 	struct aa_label *tracer, *tracee;
+ 	int error;
+ 
+-	tracee = begin_current_label_crit_section();
++	tracee = __begin_current_label_crit_section();
+ 	tracer = aa_get_task_label(parent);
+ 	error = aa_may_ptrace(tracer, tracee, AA_PTRACE_TRACE);
+ 	aa_put_label(tracer);
+-	end_current_label_crit_section(tracee);
++	__end_current_label_crit_section(tracee);
+ 
+ 	return error;
+ }
+-- 
+2.25.1
+
diff --git a/queue-4.19/series b/queue-4.19/series
index 0a0113aaef5..40b1064c9d4 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -15,3 +15,4 @@ alsa-hda-realtek-add-headset-button-supported-for-th.patch
 alsa-hda-realtek-enable-the-headset-of-asus-b9450fa-.patch
 alsa-hda-realtek-enable-mute-led-on-an-hp-system.patch
 alsa-hda-realtek-enable-micmute-led-on-and-hp-system.patch
+apparmor-don-t-try-to-replace-stale-label-in-ptracem.patch
-- 
2.47.3