From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Fri, 7 Jul 2023 16:55:31 +0000 (-0700)
Subject: Merge tag 'apparmor-pr-2023-07-06' of git://git.kernel.org/pub/scm/linux/kernel/git... 
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=70806ee18a871140a73a2524a29865e1d904348c;p=linux.git

Merge tag 'apparmor-pr-2023-07-06' of git://git./linux/kernel/git/jj/linux-apparmor

Pull apparmor updates from John Johansen:

 - fix missing error check for rhashtable_insert_fast

 - add missing failure check in compute_xmatch_perms

 - fix policy_compat permission remap with extended permissions

 - fix profile verification and enable it

 - fix kzalloc perms tables for shared dfas

 - Fix kernel-doc header for verify_dfa_accept_index

 - aa_buffer: Convert 1-element array to flexible array

 - Return directly after a failed kzalloc() in two functions

 - fix use of strcpy in policy_unpack_test

 - fix kernel-doc complaints

 - Fix some kernel-doc comments

* tag 'apparmor-pr-2023-07-06' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor:
  apparmor: Fix kernel-doc header for verify_dfa_accept_index
  apparmor: fix: kzalloc perms tables for shared dfas
  apparmor: fix profile verification and enable it
  apparmor: fix policy_compat permission remap with extended permissions
  apparmor: aa_buffer: Convert 1-element array to flexible array
  apparmor: add missing failure check in compute_xmatch_perms
  apparmor: fix missing error check for rhashtable_insert_fast
  apparmor: Return directly after a failed kzalloc() in two functions
  AppArmor: Fix some kernel-doc comments
  apparmor: fix use of strcpy in policy_unpack_test
  apparmor: fix kernel-doc complaints
---

70806ee18a871140a73a2524a29865e1d904348c
diff --cc security/apparmor/policy_compat.c
index cc89d1e88fb74,7ff9184ace294..0cb02da8a3193
--- a/security/apparmor/policy_compat.c
+++ b/security/apparmor/policy_compat.c
@@@ -159,8 -160,10 +160,9 @@@ static struct aa_perms *compute_fperms(
  	table = kvcalloc(state_count * 2, sizeof(struct aa_perms), GFP_KERNEL);
  	if (!table)
  		return NULL;
+ 	*size = state_count * 2;
  
 -	/* zero init so skip the trap state (state == 0) */
 -	for (state = 1; state < state_count; state++) {
 +	for (state = 0; state < state_count; state++) {
  		table[state * 2] = compute_fperms_user(dfa, state);
  		table[state * 2 + 1] = compute_fperms_other(dfa, state);
  	}