Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=master 2026-04-15T22:19:45+00:00 2026-04-15T22:19:45+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-04-15T22:19:45+00:00 urn:sha1:8801e23b5b0dcf7d9c2291cc0901628dc1006145 Pull IPE update from Fan Wu: "A single commit from Evan Ducas that fixes several spelling and grammar mistakes in the IPE documentation. There are no functional changes" * tag 'ipe-pr-20260413' of git://git.kernel.org/pub/scm/linux/kernel/git/wufan/ipe: docs: security: ipe: fix typos and grammar 2026-04-13T22:58:49+00:00 Evan Ducas evan.j.ducas@gmail.com 2026-03-08T18:07:34+00:00 urn:sha1:d46515ec0b1d4ae07f8f437515c43cfb6eb61ffa Fix several spelling and grammar mistakes in the IPE documentation. No functional change. Signed-off-by: Evan Ducas <evan.j.ducas@gmail.com> Acked-by: Bagas Sanjaya <bagasdotme@gmail.com> Acked-by: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Fan Wu <wufan@kernel.org> 2026-04-07T16:51:06+00:00 Günther Noack gnoack3000@gmail.com 2026-03-27T16:48:29+00:00 urn:sha1:ae97330d1bd6a97646c2842d117577236cb40913 * Add a new access right LANDLOCK_ACCESS_FS_RESOLVE_UNIX, which controls the lookup operations for named UNIX domain sockets. The resolution happens during connect() and sendmsg() (depending on socket type). * Change access_mask_t from u16 to u32 (see below) * Hook into the path lookup in unix_find_bsd() in af_unix.c, using a LSM hook. Make policy decisions based on the new access rights * Increment the Landlock ABI version. * Minor test adaptations to keep the tests working. * Document the design rationale for scoped access rights, and cross-reference it from the header documentation. With this access right, access is granted if either of the following conditions is met: * The target socket's filesystem path was allow-listed using a LANDLOCK_RULE_PATH_BENEATH rule, *or*: * The target socket was created in the same Landlock domain in which LANDLOCK_ACCESS_FS_RESOLVE_UNIX was restricted. In case of a denial, connect() and sendmsg() return EACCES, which is the same error as it is returned if the user does not have the write bit in the traditional UNIX file system permissions of that file. The access_mask_t type grows from u16 to u32 to make space for the new access right. This also doubles the size of struct layer_access_masks from 32 byte to 64 byte. To avoid memory layout inconsistencies between architectures (especially m68k), pack and align struct access_masks [2]. Document the (possible future) interaction between scoped flags and other access rights in struct landlock_ruleset_attr, and summarize the rationale, as discussed in code review leading up to [3]. This feature was created with substantial discussion and input from Justin Suess, Tingmao Wang and Mickaël Salaün. Cc: Tingmao Wang <m@maowtm.org> Cc: Justin Suess <utilityemal77@gmail.com> Cc: Kuniyuki Iwashima <kuniyu@google.com> Suggested-by: Jann Horn <jannh@google.com> Link[1]: https://github.com/landlock-lsm/linux/issues/36 Link[2]: https://lore.kernel.org/all/20260401.Re1Eesu1Yaij@digikod.net/ Link[3]: https://lore.kernel.org/all/20260205.8531e4005118@gnoack.org/ Signed-off-by: Günther Noack <gnoack3000@gmail.com> Acked-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Link: https://lore.kernel.org/r/20260327164838.38231-5-gnoack3000@gmail.com [mic: Fix kernel-doc formatting, pack and align access_masks] Signed-off-by: Mickaël Salaün <mic@digikod.net> 2026-01-30T03:57:27+00:00 Nayna Jain nayna@linux.ibm.com 2026-01-27T14:52:28+00:00 urn:sha1:1d72a02d65a733ad124bacc2db3fb90fa81a612b Update Documentation/security/keys/trusted-encrypted.rst and Documentation/ admin-guide/kernel-parameters.txt with PowerVM Key Wrapping Module (PKWM) as a new trust source Signed-off-by: Nayna Jain <nayna@linux.ibm.com> Signed-off-by: Srish Srinivasan <ssrish@linux.ibm.com> Tested-by: Nayna Jain <nayna@linux.ibm.com> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Madhavan Srinivasan <maddy@linux.ibm.com> Link: https://patch.msgid.link/20260127145228.48320-7-ssrish@linux.ibm.com 2025-12-06T17:52:41+00:00 Linus Torvalds torvalds@linux-foundation.org 2025-12-06T17:52:41+00:00 urn:sha1:eee654ca9a55fd1e8632afb119975cba6af7d4ad Pull landlock updates from Mickaël Salaün: "This mainly fixes handling of disconnected directories and adds new tests" * tag 'landlock-6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux: selftests/landlock: Add disconnected leafs and branch test suites selftests/landlock: Add tests for access through disconnected paths landlock: Improve variable scope landlock: Fix handling of disconnected directories selftests/landlock: Fix makefile header list landlock: Make docs in cred.h and domain.h visible landlock: Minor comments improvements 2025-11-26T19:20:23+00:00 Tingmao Wang m@maowtm.org 2025-09-28T23:49:49+00:00 urn:sha1:335ef80e4a9eeed6cf52b3de6d0bad6787991e20 Currently even though the structures in these files have documentation, they are not shown in the "Landlock LSM: kernel documentation" page. Signed-off-by: Tingmao Wang <m@maowtm.org> Link: https://lore.kernel.org/r/6050e764c2679cba01715653e5f1f4f17091d8f8.1759103277.git.m@maowtm.org [mic: Synchronize date] Signed-off-by: Mickaël Salaün <mic@digikod.net> 2025-10-21T03:58:29+00:00 Gopi Krishna Menon krishnagopi487@gmail.com 2025-10-17T18:11:15+00:00 urn:sha1:77cd9210271556aff955551b3e2ef0ae8a2691bd Running "make htmldocs" generates the following build error and warning in trusted-encrypted.rst: Documentation/security/keys/trusted-encrypted.rst:18: ERROR: Unexpected indentation. Documentation/security/keys/trusted-encrypted.rst:19: WARNING: Block quote ends without a blank line; unexpected unindent. Add a blank line before bullet list and fix the indentation of text to fix the build error and resolve the warning. Fixes: 38f6880759fd ("docs: trusted-encrypted: trusted-keys as protected keys") Signed-off-by: Gopi Krishna Menon <krishnagopi487@gmail.com> Reviewed-by: Randy Dunlap <rdunlap@infradead.org> Tested-by: Randy Dunlap <rdunlap@infradead.org> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2025-10-20T04:10:28+00:00 Meenakshi Aggarwal meenakshi.aggarwal@nxp.com 2025-10-06T07:17:51+00:00 urn:sha1:38f6880759fdb3caabefb4014818b9c0a6592295 Add a section in trusted key document describing the protected-keys. - Detailing need for protected keys. - Detailing the usage for protected keys. Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com> Signed-off-by: Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2025-07-29T00:16:12+00:00 Linus Torvalds torvalds@linux-foundation.org 2025-07-29T00:16:12+00:00 urn:sha1:8e736a2eeaf261213b4557778e015699da1e1c8c Pull hardening updates from Kees Cook: - Introduce and start using TRAILING_OVERLAP() helper for fixing embedded flex array instances (Gustavo A. R. Silva) - mux: Convert mux_control_ops to a flex array member in mux_chip (Thorsten Blum) - string: Group str_has_prefix() and strstarts() (Andy Shevchenko) - Remove KCOV instrumentation from __init and __head (Ritesh Harjani, Kees Cook) - Refactor and rename stackleak feature to support Clang - Add KUnit test for seq_buf API - Fix KUnit fortify test under LTO * tag 'hardening-v6.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: (22 commits) sched/task_stack: Add missing const qualifier to end_of_stack() kstack_erase: Support Clang stack depth tracking kstack_erase: Add -mgeneral-regs-only to silence Clang warnings init.h: Disable sanitizer coverage for __init and __head kstack_erase: Disable kstack_erase for all of arm compressed boot code x86: Handle KCOV __init vs inline mismatches arm64: Handle KCOV __init vs inline mismatches s390: Handle KCOV __init vs inline mismatches arm: Handle KCOV __init vs inline mismatches mips: Handle KCOV __init vs inline mismatch powerpc/mm/book3s64: Move kfence and debug_pagealloc related calls to __init section configs/hardening: Enable CONFIG_INIT_ON_FREE_DEFAULT_ON configs/hardening: Enable CONFIG_KSTACK_ERASE stackleak: Split KSTACK_ERASE_CFLAGS from GCC_PLUGINS_CFLAGS stackleak: Rename stackleak_track_stack to __sanitizer_cov_stack_depth stackleak: Rename STACKLEAK to KSTACK_ERASE seq_buf: Introduce KUnit tests string: Group str_has_prefix() and strstarts() kunit/fortify: Add back "volatile" for sizeof() constants acpi: nfit: intel: avoid multiple -Wflex-array-member-not-at-end warnings ... 2025-07-22T04:35:01+00:00 Kees Cook kees@kernel.org 2025-07-17T23:25:06+00:00 urn:sha1:57fbad15c2eee77276a541c616589b32976d2b8e In preparation for adding Clang sanitizer coverage stack depth tracking that can support stack depth callbacks: - Add the new top-level CONFIG_KSTACK_ERASE option which will be implemented either with the stackleak GCC plugin, or with the Clang stack depth callback support. - Rename CONFIG_GCC_PLUGIN_STACKLEAK as needed to CONFIG_KSTACK_ERASE, but keep it for anything specific to the GCC plugin itself. - Rename all exposed "STACKLEAK" names and files to "KSTACK_ERASE" (named for what it does rather than what it protects against), but leave as many of the internals alone as possible to avoid even more churn. While here, also split "prev_lowest_stack" into CONFIG_KSTACK_ERASE_METRICS, since that's the only place it is referenced from. Suggested-by: Ingo Molnar <mingo@kernel.org> Link: https://lore.kernel.org/r/20250717232519.2984886-1-kees@kernel.org Signed-off-by: Kees Cook <kees@kernel.org>