| Message ID | ab8e6cbb-c46d-41bd-0a0d-43530ee37386@canonical.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [GIT,PULL] apparmor updates for 5.5 | expand |
On Tue, Dec 3, 2019 at 12:33 PM John Johansen <john.johansen@canonical.com> wrote: > > + Bug fixes > - fix sparse warning for type-casting of current->real_cred That fix is wrong. Yes, it removes the warning. It's still wrong. The proper way to remove the warning is to use the proper accessor to read the current real_cred. And that will point out that the cred needs to be 'const'. IOW, it should do const struct cred *cred = current_real_cred(); instead. I have done the pull without doing that change, but this is a REALLY IMPORTANT issue! Don't just "fix warnings". The warnings had a reason, you need to _think_ about them. This is doubly true in code that claims to be about "security". Seriously. apparmor can't just be a "let's do random things and hope for the best". Linus
The pull request you sent on Tue, 3 Dec 2019 12:33:43 -0800:
> git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor tags/apparmor-pr-2019-12-03
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/79e178a57dae819ae724065b47c25720494cc9f2
Thank you!
Hi Linus, Sorry I didn't manage to get these out before last weeks vacation. Can you please pull the following changes for apparmor Thanks! - John The following changes since commit 582549e3fbe137eb6ce9be591aca25c2222a36b4: Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma (2019-04-10 09:39:04 -1000) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor tags/apparmor-pr-2019-12-03 for you to fetch changes up to 341c1fda5e17156619fb71acfc7082b2669b4b72: apparmor: make it so work buffers can be allocated from atomic context (2019-11-22 16:41:08 -0800) ---------------------------------------------------------------- + Features - increase left match history buffer size to provide inproved conflict resolution in overlapping execution rules. - switch buffer allocation to use a memory pool and GFP_KERNEL where possible. - add compression of policy blobs to reduce memory usage. + Cleanups - fix spelling mistake "immutible" -> "immutable" + Bug fixes - fix unsigned len comparison in update_for_len macro - fix sparse warning for type-casting of current->real_cred ---------------------------------------------------------------- Bharath Vedartham (1): apparmor: Force type-casting of current->real_cred Chris Coulson (1): apparmor: Initial implementation of raw policy blob compression Colin Ian King (2): apparmor: fix spelling mistake "immutible" -> "immutable" apparmor: fix unsigned len comparison with less than zero John Johansen (7): apparmor: fix blob compression build failure on ppc apparmor: fix missing ZLIB defines apparmor: fix blob compression when ns is forced on a policy load apparmor: increase left match history buffer size apparmor: fix wrong buffer allocation in aa_new_mount apparmor: reduce rcu_read_lock scope for aa_file_perm mediation apparmor: make it so work buffers can be allocated from atomic context Sebastian Andrzej Siewior (2): apparmor: Use a memory pool instead per-CPU caches apparmor: Switch to GFP_KERNEL where possible security/apparmor/Kconfig | 2 + security/apparmor/apparmorfs.c | 130 +++++++++++++++++++- security/apparmor/domain.c | 46 +++---- security/apparmor/file.c | 45 ++++--- security/apparmor/include/apparmor.h | 1 + security/apparmor/include/file.h | 2 +- security/apparmor/include/match.h | 3 +- security/apparmor/include/path.h | 50 +------- security/apparmor/include/policy_unpack.h | 8 +- security/apparmor/label.c | 12 +- security/apparmor/lsm.c | 198 ++++++++++++++++++++++++------ security/apparmor/match.c | 6 +- security/apparmor/mount.c | 67 +++++++--- security/apparmor/policy.c | 5 +- security/apparmor/policy_unpack.c | 116 ++++++++++++++++- 15 files changed, 526 insertions(+), 165 deletions(-)