stuartl/linux-stable
1
0
Fork 0
mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux-stable.git synced 2025-09-13 11:07:46 +10:00
Code Issues Releases Wiki Activity
v6.16.6
linux-stable/security/apparmor
History
Helge Deller 063b381661 apparmor: Fix 8-byte alignment for initial dfa blob streams 
commit c567de2c4f upstream.

The dfa blob stream for the aa_dfa_unpack() function is expected to be aligned
on a 8 byte boundary.

The static nulldfa_src[] and stacksplitdfa_src[] arrays store the initial
apparmor dfa blob streams, but since they are declared as an array-of-chars
the compiler and linker will only ensure a "char" (1-byte) alignment.

Add an __aligned(8) annotation to the arrays to tell the linker to always
align them on a 8-byte boundary. This avoids runtime warnings at startup on
alignment-sensitive platforms like parisc such as:

 Kernel: unaligned access to 0x7f2a584a in aa_dfa_unpack+0x124/0x788 (iir 0xca0109f)
 Kernel: unaligned access to 0x7f2a584e in aa_dfa_unpack+0x210/0x788 (iir 0xca8109c)
 Kernel: unaligned access to 0x7f2a586a in aa_dfa_unpack+0x278/0x788 (iir 0xcb01090)

Signed-off-by: Helge Deller <deller@gmx.de>
Cc: stable@vger.kernel.org
Fixes: 98b824ff89 ("apparmor: refcount the pdb")
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-08-28 16:34:16 +02:00
..
include apparmor: use the condition in AA_BUG_FMT even with debug disabled 2025-08-20 18:41:29 +02:00
.gitignore
apparmorfs.c VFS: rename lookup_one_len family to lookup_noperm and remove permission check 2025-04-08 11:24:36 +02:00
audit.c lsm: remove lsm_prop scaffolding 2024-10-11 14:34:16 -04:00
capability.c apparmor: audit_cap dedup based on subj_cred instead of profile 2024-11-26 19:21:06 -08:00
crypto.c apparmor: switch SECURITY_APPARMOR_HASH from sha1 to sha256 2023-11-19 00:47:56 -08:00
domain.c apparmor: fix x_table_lookup when stacking is not the first entry 2025-08-20 18:41:29 +02:00
file.c apparmor: shift ouid when mediating hard links in userns 2025-08-20 18:41:28 +02:00
ipc.c
Kconfig apparmor: switch SECURITY_APPARMOR_HASH from sha1 to sha256 2023-11-19 00:47:56 -08:00
label.c apparmor: Remove deadcode 2024-11-26 19:21:05 -08:00
lib.c apparmor: Remove deadcode 2024-11-26 19:21:05 -08:00
lsm.c apparmor: Fix 8-byte alignment for initial dfa blob streams 2025-08-28 16:34:16 +02:00
Makefile
match.c apparmor: fix loop detection used in conflicting attachment resolution 2025-08-15 16:39:15 +02:00
mount.c apparmor: take nosymfollow flag into account 2024-07-24 10:33:58 -07:00
net.c lsm: infrastructure management of the sock security 2024-07-29 16:54:50 -04:00
nulldfa.in
path.c apparmor: Use IS_ERR_OR_NULL() helper function 2024-11-26 19:21:05 -08:00
policy_compat.c
policy_ns.c
policy_unpack_test.c apparmor: Fix unaligned memory accesses in KUnit test 2025-08-15 16:39:16 +02:00
policy_unpack.c apparmor: document first entry is in packed perms struct is reserved 2024-11-26 19:21:05 -08:00
policy.c apparmor: Remove deadcode 2024-11-26 19:21:05 -08:00
procattr.c AppArmor: Add selfattr hooks 2023-11-12 22:54:42 -05:00
resource.c
secid.c lsm: secctx provider check on release 2024-12-04 14:59:57 -05:00
stacksplitdfa.in
task.c apparmor: add missing params to aa_may_ptrace kernel-doc comments 2023-11-19 01:19:41 -08:00