tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

AppArmor: Allow apparmor to handle unaligned dfa tables

The dfa tables can originate from kernel or userspace and 8-byte alignment
isn't always guaranteed and as such may trigger unaligned memory accesses
on various architectures. Resulting in the following

[   73.901376] WARNING: CPU: 0 PID: 341 at security/apparmor/match.c:316 aa_dfa_unpack+0x6cc/0x720
[   74.015867] Modules linked in: binfmt_misc evdev flash sg drm drm_panel_orientation_quirks backlight i2c_core configfs nfnetlink autofs4 ext4 crc16 mbcache jbd2 hid_generic usbhid sr_mod hid cdrom
sd_mod ata_generic ohci_pci ehci_pci ehci_hcd ohci_hcd pata_ali libata sym53c8xx scsi_transport_spi tg3 scsi_mod usbcore libphy scsi_common mdio_bus usb_common
[   74.428977] CPU: 0 UID: 0 PID: 341 Comm: apparmor_parser Not tainted 6.18.0-rc6+ #9 NONE
[   74.536543] Call Trace:
[   74.568561] [<0000000000434c24>] dump_stack+0x8/0x18
[   74.633757] [<0000000000476438>] __warn+0xd8/0x100
[   74.696664] [<00000000004296d4>] warn_slowpath_fmt+0x34/0x74
[   74.771006] [<00000000008db28c>] aa_dfa_unpack+0x6cc/0x720
[   74.843062] [<00000000008e643c>] unpack_pdb+0xbc/0x7e0
[   74.910545] [<00000000008e7740>] unpack_profile+0xbe0/0x1300
[   74.984888] [<00000000008e82e0>] aa_unpack+0xe0/0x6a0
[   75.051226] [<00000000008e3ec4>] aa_replace_profiles+0x64/0x1160
[   75.130144] [<00000000008d4d90>] policy_update+0xf0/0x280
[   75.201057] [<00000000008d4fc8>] profile_replace+0xa8/0x100
[   75.274258] [<0000000000766bd0>] vfs_write+0x90/0x420
[   75.340594] [<00000000007670cc>] ksys_write+0x4c/0xe0
[   75.406932] [<0000000000767174>] sys_write+0x14/0x40
[   75.472126] [<0000000000406174>] linux_sparc_syscall+0x34/0x44
[   75.548802] ---[ end trace 0000000000000000 ]---
[   75.609503] dfa blob stream 0xfff0000008926b96 not aligned.
[   75.682695] Kernel unaligned access at TPC[8db2a8] aa_dfa_unpack+0x6e8/0x720

Work around it by using the get_unaligned_xx() helpers.

Fixes: e6e8bf418850d ("apparmor: fix restricted endian type warnings for dfa unpack")
Reported-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Closes: https://github.com/sparclinux/issues/issues/30
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: John Johansen <john.johansen@canonical.com>

authored by

Helge Deller and committed by
John Johansen 64802f73 1c90ed1f

+8 -7
+8 -7
security/apparmor/match.c
··· 15 15 #include <linux/vmalloc.h> 16 16 #include <linux/err.h> 17 17 #include <linux/kref.h> 18 + #include <linux/unaligned.h> 18 19 19 20 #include "include/lib.h" 20 21 #include "include/match.h" ··· 43 42 /* loaded td_id's start at 1, subtract 1 now to avoid doing 44 43 * it every time we use td_id as an index 45 44 */ 46 - th.td_id = be16_to_cpu(*(__be16 *) (blob)) - 1; 45 + th.td_id = get_unaligned_be16(blob) - 1; 47 46 if (th.td_id > YYTD_ID_MAX) 48 47 goto out; 49 - th.td_flags = be16_to_cpu(*(__be16 *) (blob + 2)); 50 - th.td_lolen = be32_to_cpu(*(__be32 *) (blob + 8)); 48 + th.td_flags = get_unaligned_be16(blob + 2); 49 + th.td_lolen = get_unaligned_be32(blob + 8); 51 50 blob += sizeof(struct table_header); 52 51 53 52 if (!(th.td_flags == YYTD_DATA16 || th.td_flags == YYTD_DATA32 || ··· 314 313 if (size < sizeof(struct table_set_header)) 315 314 goto fail; 316 315 317 - if (ntohl(*(__be32 *) data) != YYTH_MAGIC) 316 + if (get_unaligned_be32(data) != YYTH_MAGIC) 318 317 goto fail; 319 318 320 - hsize = ntohl(*(__be32 *) (data + 4)); 319 + hsize = get_unaligned_be32(data + 4); 321 320 if (size < hsize) 322 321 goto fail; 323 322 324 - dfa->flags = ntohs(*(__be16 *) (data + 12)); 323 + dfa->flags = get_unaligned_be16(data + 12); 325 324 if (dfa->flags & ~(YYTH_FLAGS)) 326 325 goto fail; 327 326 ··· 330 329 * if (dfa->flags & YYTH_FLAGS_OOB_TRANS) { 331 330 * if (hsize < 16 + 4) 332 331 * goto fail; 333 - * dfa->max_oob = ntol(*(__be32 *) (data + 16)); 332 + * dfa->max_oob = get_unaligned_be32(data + 16); 334 333 * if (dfa->max <= MAX_OOB_SUPPORTED) { 335 334 * pr_err("AppArmor DFA OOB greater than supported\n"); 336 335 * goto fail;