archives/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-03-08 03:04:51 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/security
History
Helge Deller c567de2c4f apparmor: Fix 8-byte alignment for initial dfa blob streams 
The dfa blob stream for the aa_dfa_unpack() function is expected to be aligned
on a 8 byte boundary.

The static nulldfa_src[] and stacksplitdfa_src[] arrays store the initial
apparmor dfa blob streams, but since they are declared as an array-of-chars
the compiler and linker will only ensure a "char" (1-byte) alignment.

Add an __aligned(8) annotation to the arrays to tell the linker to always
align them on a 8-byte boundary. This avoids runtime warnings at startup on
alignment-sensitive platforms like parisc such as:

 Kernel: unaligned access to 0x7f2a584a in aa_dfa_unpack+0x124/0x788 (iir 0xca0109f)
 Kernel: unaligned access to 0x7f2a584e in aa_dfa_unpack+0x210/0x788 (iir 0xca8109c)
 Kernel: unaligned access to 0x7f2a586a in aa_dfa_unpack+0x278/0x788 (iir 0xcb01090)

Signed-off-by: Helge Deller <deller@gmx.de>
Cc: stable@vger.kernel.org
Fixes: 98b824ff89 ("apparmor: refcount the pdb")
Signed-off-by: John Johansen <john.johansen@canonical.com>
2025-07-20 02:19:27 -07:00
..
apparmor apparmor: Fix 8-byte alignment for initial dfa blob streams 2025-07-20 02:19:27 -07:00
bpf bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0 2024-09-11 10:11:36 -07:00
integrity lsm/stable-6.13 PR 20241129 2024-11-30 18:14:56 -08:00
ipe ipe: fallback to platform keyring also if key in trusted keyring is rejected 2024-10-18 12:14:53 -07:00
keys KEYS: trusted: dcp: fix NULL dereference in AEAD crypto operation 2024-11-04 21:24:24 +02:00
landlock the bulk of struct fd memory safety stuff 2024-11-18 12:24:06 -08:00
loadpin fdget(), more trivial conversions 2024-11-03 01:28:06 -05:00
lockdown lockdown: Make lockdown_lsmid static 2024-08-15 12:11:42 -04:00
safesetid lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
selinux - The series "resource: A couple of cleanups" from Andy Shevchenko 2024-11-25 16:09:48 -08:00
smack lsm: remove lsm_prop scaffolding 2024-10-11 14:34:16 -04:00
tomoyo tomoyo: revert CONFIG_SECURITY_TOMOYO_LKM support 2024-10-04 11:41:22 -04:00
yama sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
commoncap.c lsm: Refactor return value of LSM hook vm_enough_memory 2024-07-31 14:46:51 -04:00
device_cgroup.c device_cgroup: Fix kernel-doc warnings in device_cgroup 2023-06-21 09:30:49 -04:00
inode.c lsm: Use IS_ERR_OR_NULL() helper function 2024-08-29 11:12:13 -04:00
Kconfig lsm/stable-6.12 PR 20240911 2024-09-16 18:19:47 +02:00
Kconfig.hardening hardening: Adjust dependencies in selection of MODVERSIONS 2024-09-28 13:56:03 -07:00
lsm_audit.c security: replace memcpy() with get_task_comm() 2024-11-05 17:12:29 -08:00
lsm_syscalls.c lsm: use 32-bit compatible data types in LSM syscalls 2024-03-14 11:31:26 -04:00
Makefile lsm: add IPE lsm 2024-08-19 22:36:26 -04:00
min_addr.c sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
security.c \n 2024-11-21 09:55:45 -08:00