On 1/14/26 09:42, Zygmunt Krynicki wrote:
W dniu 13.01.2026 o 18:35 Ryan Lee pisze:
In policy_unpack.c:unpack_perms_table, the perms struct is allocated via
kcalloc, with the position being reset if the allocation fails. However,
the error path results in -EPROTO being retured instead of -ENOMEM. Fix
this to return the correct error code.
Reported-by: Zygmunt Krynicki <[email protected]>
Fixes: fd1b2b95a2117 ("apparmor: add the ability for policy to specify
a permission table")
Signed-off-by: Ryan Lee <[email protected]>
---
security/apparmor/policy_unpack.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/security/apparmor/policy_unpack.c
b/security/apparmor/policy_unpack.c
index 019430225e4a..2280a8f7a843 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -700,8 +700,10 @@ static ssize_t unpack_perms_table(struct aa_ext
*e, struct aa_perms **perms)
if (!aa_unpack_array(e, NULL, &size))
goto fail_reset;
*perms = kcalloc(size, sizeof(struct aa_perms), GFP_KERNEL);
- if (!*perms)
- goto fail_reset;
+ if (!*perms) {
+ e->pos = pos;
+ return -ENOMEM;
+ }
for (i = 0; i < size; i++) {
if (!unpack_perm(e, version, &(*perms)[i]))
goto fail;
--
2.43.0
This looks good.
I'm unfamiliar with kernel acked protocol so I'll refrain from that.
Essentially here, since you reviewed the patch you could add a
Reviewed-by: Zygmunt Krynicki <[email protected]>
like Tyler did.
You can find the tag descriptions in
Documentation/process/5.Posting.rst
search for "tags in common"
