From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Fri, 24 Apr 2026 16:22:21 +0000 (-0700)
Subject: Merge tag 'apparmor-pr-2026-04-23' of git://git.kernel.org/pub/scm/linux/kernel/git... 
X-Git-Tag: v7.1-rc1~32
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=eefe0b9dee5db64ec87707c8e44f31851f257389;p=thirdparty%2Fkernel%2Fstable.git

Merge tag 'apparmor-pr-2026-04-23' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor

Pull apparmor updates from John Johansen:
 "Cleanups
   - Use sysfs_emit in param_get_{audit,mode}
   - Remove redundant if check in sk_peer_get_label
   - Replace memcpy + NUL termination with kmemdup_nul in do_setattr

  Bug Fixes:
   - Fix aa_dfa_unpack's error handling in aa_setup_dfa_engine
   - Fix string overrun due to missing termination
   - Fix wrong dentry in RENAME_EXCHANGE uid check
   - fix unpack_tags to properly return error in failure cases
   - fix dfa size check
   - return error on namespace mismatch in verify_header
   - use target task's context in apparmor_getprocattr()"

* tag 'apparmor-pr-2026-04-23' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor:
  apparmor/lsm: Fix aa_dfa_unpack's error handling in aa_setup_dfa_engine
  apparmor: Fix string overrun due to missing termination
  apparmor: Fix wrong dentry in RENAME_EXCHANGE uid check
  apparmor: fix unpack_tags to properly return error in failure cases
  apparmor: fix dfa size check
  apparmor: Use sysfs_emit in param_get_{audit,mode}
  apparmor: Remove redundant if check in sk_peer_get_label
  apparmor: Replace memcpy + NUL termination with kmemdup_nul in do_setattr
  apparmor: return error on namespace mismatch in verify_header
  apparmor: use target task's context in apparmor_getprocattr()
---

eefe0b9dee5db64ec87707c8e44f31851f257389
diff --cc security/apparmor/match.c
index e9fac67e5178c,4704b5904b150..3a2c6cf02b3c7
--- a/security/apparmor/match.c
+++ b/security/apparmor/match.c
@@@ -157,13 -157,12 +157,13 @@@ static int verify_dfa(struct aa_dfa *df
  
  	state_count = dfa->tables[YYTD_ID_BASE]->td_lolen;
  	trans_count = dfa->tables[YYTD_ID_NXT]->td_lolen;
- 	if (state_count == 0)
+ 	if (state_count < 2)
  		goto out;
  	for (i = 0; i < state_count; i++) {
 -		if (!(BASE_TABLE(dfa)[i] & MATCH_FLAG_DIFF_ENCODE) &&
 -		    (DEFAULT_TABLE(dfa)[i] >= state_count))
 +		if (DEFAULT_TABLE(dfa)[i] >= state_count) {
 +			pr_err("AppArmor DFA default state out of bounds");
  			goto out;
 +		}
  		if (BASE_TABLE(dfa)[i] & MATCH_FLAGS_INVALID) {
  			pr_err("AppArmor DFA state with invalid match flags");
  			goto out;