From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Thu, 12 Mar 2026 17:58:02 +0000 (-0700)
Subject: Merge tag 'apparmor-pr-mainline-2026-03-09' of git://git.kernel.org/pub/scm/linux... 
X-Git-Tag: v7.0-rc4~38
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=281f36d4a9970c206c2c44042904d4e34c092fbe;p=thirdparty%2Fkernel%2Flinux.git

Merge tag 'apparmor-pr-mainline-2026-03-09' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor

Pull AppArmor fixes from John Johansen:
 - fix race between freeing data and fs accessing it
 - fix race on unreferenced rawdata dereference
 - fix differential encoding verification
 - fix unconfined unprivileged local user can do privileged policy management
 - Fix double free of ns_name in aa_replace_profiles()
 - fix missing bounds check on DEFAULT table in verify_dfa()
 - fix side-effect bug in match_char() macro usage
 - fix: limit the number of levels of policy namespaces
 - replace recursive profile removal with iterative approach
 - fix memory leak in verify_header
 - validate DFA start states are in bounds in unpack_pdb

* tag 'apparmor-pr-mainline-2026-03-09' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor:
  apparmor: fix race between freeing data and fs accessing it
  apparmor: fix race on rawdata dereference
  apparmor: fix differential encoding verification
  apparmor: fix unprivileged local user can do privileged policy management
  apparmor: Fix double free of ns_name in aa_replace_profiles()
  apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
  apparmor: fix side-effect bug in match_char() macro usage
  apparmor: fix: limit the number of levels of policy namespaces
  apparmor: replace recursive profile removal with iterative approach
  apparmor: fix memory leak in verify_header
  apparmor: validate DFA start states are in bounds in unpack_pdb
---

281f36d4a9970c206c2c44042904d4e34c092fbe