MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 15:03:53 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
72b82d56b8
linux-yocto/security
History
Helge Deller 785e79e1d3 apparmor: Fix 8-byte alignment for initial dfa blob streams 
commit c567de2c4f upstream.

The dfa blob stream for the aa_dfa_unpack() function is expected to be aligned
on a 8 byte boundary.

The static nulldfa_src[] and stacksplitdfa_src[] arrays store the initial
apparmor dfa blob streams, but since they are declared as an array-of-chars
the compiler and linker will only ensure a "char" (1-byte) alignment.

Add an __aligned(8) annotation to the arrays to tell the linker to always
align them on a 8-byte boundary. This avoids runtime warnings at startup on
alignment-sensitive platforms like parisc such as:

 Kernel: unaligned access to 0x7f2a584a in aa_dfa_unpack+0x124/0x788 (iir 0xca0109f)
 Kernel: unaligned access to 0x7f2a584e in aa_dfa_unpack+0x210/0x788 (iir 0xca8109c)
 Kernel: unaligned access to 0x7f2a586a in aa_dfa_unpack+0x278/0x788 (iir 0xcb01090)

Signed-off-by: Helge Deller <deller@gmx.de>
Cc: stable@vger.kernel.org
Fixes: 98b824ff89 ("apparmor: refcount the pdb")
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-08-28 16:30:56 +02:00
..
apparmor apparmor: Fix 8-byte alignment for initial dfa blob streams 2025-08-28 16:30:56 +02:00
bpf bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0 2024-09-11 10:11:36 -07:00
integrity ima: process_measurement() needlessly takes inode_lock() on MAY_READ 2025-05-29 11:02:00 +02:00
ipe ipe: fallback to platform keyring also if key in trusted keyring is rejected 2024-10-18 12:14:53 -07:00
keys keys: Fix UAF in key_put() 2025-03-28 22:03:30 +01:00
landlock landlock: Prepare to add second errata 2025-04-20 10:15:56 +02:00
loadpin introduce fd_file(), convert all accessors to it. 2024-08-12 22:00:43 -04:00
lockdown lockdown: Make lockdown_lsmid static 2024-08-15 12:11:42 -04:00
safesetid safesetid: check size of policy writes 2025-02-17 10:04:49 +01:00
selinux selinux: change security_compute_sid to return the ssid or tsid on match 2025-07-10 16:05:04 +02:00
smack smack: Revert "smackfs: Added check catlen" 2025-05-29 11:02:48 +02:00
tomoyo tomoyo: don't emit warning in tomoyo_write_control() 2025-02-17 10:04:50 +01:00
yama sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
commoncap.c lsm: Refactor return value of LSM hook vm_enough_memory 2024-07-31 14:46:51 -04:00
device_cgroup.c
inode.c securityfs: don't pin dentries twice, once is enough... 2025-08-20 18:30:21 +02:00
Kconfig lsm/stable-6.12 PR 20240911 2024-09-16 18:19:47 +02:00
Kconfig.hardening hardening: Adjust dependencies in selection of MODVERSIONS 2024-09-28 13:56:03 -07:00
lsm_audit.c
lsm_syscalls.c lsm: use 32-bit compatible data types in LSM syscalls 2024-03-14 11:31:26 -04:00
Makefile lsm: add IPE lsm 2024-08-19 22:36:26 -04:00
min_addr.c sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
security.c bcachefs: do not use PF_MEMALLOC_NORECLAIM 2024-10-09 12:47:18 -07:00