MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 23:13:01 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
a2cb8818a3
linux-yocto/security/apparmor
History
Helge Deller 063b381661 apparmor: Fix 8-byte alignment for initial dfa blob streams 
commit c567de2c4f upstream.

The dfa blob stream for the aa_dfa_unpack() function is expected to be aligned
on a 8 byte boundary.

The static nulldfa_src[] and stacksplitdfa_src[] arrays store the initial
apparmor dfa blob streams, but since they are declared as an array-of-chars
the compiler and linker will only ensure a "char" (1-byte) alignment.

Add an __aligned(8) annotation to the arrays to tell the linker to always
align them on a 8-byte boundary. This avoids runtime warnings at startup on
alignment-sensitive platforms like parisc such as:

 Kernel: unaligned access to 0x7f2a584a in aa_dfa_unpack+0x124/0x788 (iir 0xca0109f)
 Kernel: unaligned access to 0x7f2a584e in aa_dfa_unpack+0x210/0x788 (iir 0xca8109c)
 Kernel: unaligned access to 0x7f2a586a in aa_dfa_unpack+0x278/0x788 (iir 0xcb01090)

Signed-off-by: Helge Deller <deller@gmx.de>
Cc: stable@vger.kernel.org
Fixes: 98b824ff89 ("apparmor: refcount the pdb")
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-08-28 16:34:16 +02:00
..
include apparmor: use the condition in AA_BUG_FMT even with debug disabled 2025-08-20 18:41:29 +02:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
apparmorfs.c VFS: rename lookup_one_len family to lookup_noperm and remove permission check 2025-04-08 11:24:36 +02:00
audit.c lsm: remove lsm_prop scaffolding 2024-10-11 14:34:16 -04:00
capability.c apparmor: audit_cap dedup based on subj_cred instead of profile 2024-11-26 19:21:06 -08:00
crypto.c apparmor: switch SECURITY_APPARMOR_HASH from sha1 to sha256 2023-11-19 00:47:56 -08:00
domain.c apparmor: fix x_table_lookup when stacking is not the first entry 2025-08-20 18:41:29 +02:00
file.c apparmor: shift ouid when mediating hard links in userns 2025-08-20 18:41:28 +02:00
ipc.c apparmor: refcount the pdb 2023-10-18 15:30:47 -07:00
Kconfig apparmor: switch SECURITY_APPARMOR_HASH from sha1 to sha256 2023-11-19 00:47:56 -08:00
label.c apparmor: Remove deadcode 2024-11-26 19:21:05 -08:00
lib.c apparmor: Remove deadcode 2024-11-26 19:21:05 -08:00
lsm.c apparmor: Fix 8-byte alignment for initial dfa blob streams 2025-08-28 16:34:16 +02:00
Makefile + Features 2022-12-14 13:42:09 -08:00
match.c apparmor: fix loop detection used in conflicting attachment resolution 2025-08-15 16:39:15 +02:00
mount.c apparmor: take nosymfollow flag into account 2024-07-24 10:33:58 -07:00
net.c lsm: infrastructure management of the sock security 2024-07-29 16:54:50 -04:00
nulldfa.in apparmor: cleanup add proper line wrapping to nulldfa.in 2018-02-09 11:30:01 -08:00
path.c apparmor: Use IS_ERR_OR_NULL() helper function 2024-11-26 19:21:05 -08:00
policy_compat.c apparmor: fixup return comments for kernel doc cleanups by Gaosheng Cui 2023-08-08 13:12:19 -07:00
policy_ns.c apparmor: remove unused functions in policy_ns.c/.h 2023-10-15 21:44:31 -07:00
policy_unpack_test.c apparmor: Fix unaligned memory accesses in KUnit test 2025-08-15 16:39:16 +02:00
policy_unpack.c apparmor: document first entry is in packed perms struct is reserved 2024-11-26 19:21:05 -08:00
policy.c apparmor: Remove deadcode 2024-11-26 19:21:05 -08:00
procattr.c AppArmor: Add selfattr hooks 2023-11-12 22:54:42 -05:00
resource.c apparmor: pass cred through to audit info. 2023-10-18 15:30:38 -07:00
secid.c lsm: secctx provider check on release 2024-12-04 14:59:57 -05:00
stacksplitdfa.in apparmor: use the dfa to do label parse string splitting 2018-02-09 11:30:01 -08:00
task.c apparmor: add missing params to aa_may_ptrace kernel-doc comments 2023-11-19 01:19:41 -08:00