Pull apparmor updates from John Johansen:
"Another round of bug fixing and some code cleanups, there are no new
features. The biggest thing to note is Georgia is being added to help
co-maintain apparmor.
Cleanups:
- replace get_zeroed_page() with kzalloc()
- remove unnecessary goto and associated label
- change fn_label_build() to return err on failure instead of NULL or
err
- free rawdata as soon as possible
- use explicit instead of implicit flex array in rawdata_f_data
- use __label_make_stale in __aa_proxy_redirect
- return correct error by propagate -ENOMEM correctly in unpack_table
- aa_label_alloc use aa_label_free on alloc failure
- add a conditional version of get_newest_label
Bug Fixes:
- mediate the implicit connect of TCP fast open sendmsg
- fix C23ism of label immediately before a declaration
- fix kernel-doc warnings
- fix spelling mistakes
- fix use-after-free in rawdata dedup loop
- Fix inverted comparison in cache_hold_inc()
- fix uninitialized pointer passed to audit_log_untrustedstring()
- don't audit files pointing to aa_null.dentry
- put secmark label after secid lookup
- fix aa_getprocattr free procattr leak on format failure
- release exe file resources on path failure
- fail policy unpack on accept2 allocation failure
- Fix return in ns_mkdir_op
- remove or add symlinks to rawdata according to export_binary
- fix NULL pointer dereference in unpack_pdb
- fix potential UAF in aa_replace_profiles
- grab ns lock and refresh when looking up changehat child profiles
- enable differential encoding
- check label build before no_new_privs test
- conditionally compile get_loaddata_common_ref()
- fix unix socket mediation cache update, and leak"
* tag 'apparmor-pr-2026-06-22' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor: (35 commits)
apparmor: advertise the tcp fast open fix is applied
apparmor: mediate the implicit connect of TCP fast open sendmsg
apparmor: fix label can not be immediately before a declaration
apparmor: fix kernel-doc warnings
apparmor: replace get_zeroed_page() with kzalloc()
security: apparmor: fix two spelling mistakes
apparmor: fix use-after-free in rawdata dedup loop
apparmor: Fix inverted comparison in cache_hold_inc()
apparmor: fix uninitialised pointer passed to audit_log_untrustedstring()
apparmor: don't audit files pointing to aa_null.dentry
apparmor: put secmark label after secid lookup
apparmor: aa_getprocattr free procattr leak on format failure
apparmor: remove unnecessary goto and associated label
apparmor: release exe file resources on path failure
apparmor: fail policy unpack on accept2 allocation failure
apparmor: Fix return in ns_mkdir_op
apparmor: remove or add symlinks to rawdata according to export_binary
apparmor: fix NULL pointer dereference in unpack_pdb
apparmor: make fn_label_build() capable of handling not supported
apparmor: change fn_label_build() call to not return NULL
...
projects / thirdparty / linux.git / commitdiff
