Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.19.11 2025-12-06T17:52:41+00:00 2025-12-06T17:52:41+00:00 Linus Torvalds torvalds@linux-foundation.org 2025-12-06T17:52:41+00:00 urn:sha1:eee654ca9a55fd1e8632afb119975cba6af7d4ad Pull landlock updates from Mickaël Salaün: "This mainly fixes handling of disconnected directories and adds new tests" * tag 'landlock-6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux: selftests/landlock: Add disconnected leafs and branch test suites selftests/landlock: Add tests for access through disconnected paths landlock: Improve variable scope landlock: Fix handling of disconnected directories selftests/landlock: Fix makefile header list landlock: Make docs in cred.h and domain.h visible landlock: Minor comments improvements 2025-11-26T19:20:23+00:00 Tingmao Wang m@maowtm.org 2025-09-28T23:49:49+00:00 urn:sha1:335ef80e4a9eeed6cf52b3de6d0bad6787991e20 Currently even though the structures in these files have documentation, they are not shown in the "Landlock LSM: kernel documentation" page. Signed-off-by: Tingmao Wang <m@maowtm.org> Link: https://lore.kernel.org/r/6050e764c2679cba01715653e5f1f4f17091d8f8.1759103277.git.m@maowtm.org [mic: Synchronize date] Signed-off-by: Mickaël Salaün <mic@digikod.net> 2025-10-21T03:58:29+00:00 Gopi Krishna Menon krishnagopi487@gmail.com 2025-10-17T18:11:15+00:00 urn:sha1:77cd9210271556aff955551b3e2ef0ae8a2691bd Running "make htmldocs" generates the following build error and warning in trusted-encrypted.rst: Documentation/security/keys/trusted-encrypted.rst:18: ERROR: Unexpected indentation. Documentation/security/keys/trusted-encrypted.rst:19: WARNING: Block quote ends without a blank line; unexpected unindent. Add a blank line before bullet list and fix the indentation of text to fix the build error and resolve the warning. Fixes: 38f6880759fd ("docs: trusted-encrypted: trusted-keys as protected keys") Signed-off-by: Gopi Krishna Menon <krishnagopi487@gmail.com> Reviewed-by: Randy Dunlap <rdunlap@infradead.org> Tested-by: Randy Dunlap <rdunlap@infradead.org> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2025-10-20T04:10:28+00:00 Meenakshi Aggarwal meenakshi.aggarwal@nxp.com 2025-10-06T07:17:51+00:00 urn:sha1:38f6880759fdb3caabefb4014818b9c0a6592295 Add a section in trusted key document describing the protected-keys. - Detailing need for protected keys. - Detailing the usage for protected keys. Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com> Signed-off-by: Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2025-07-29T00:16:12+00:00 Linus Torvalds torvalds@linux-foundation.org 2025-07-29T00:16:12+00:00 urn:sha1:8e736a2eeaf261213b4557778e015699da1e1c8c Pull hardening updates from Kees Cook: - Introduce and start using TRAILING_OVERLAP() helper for fixing embedded flex array instances (Gustavo A. R. Silva) - mux: Convert mux_control_ops to a flex array member in mux_chip (Thorsten Blum) - string: Group str_has_prefix() and strstarts() (Andy Shevchenko) - Remove KCOV instrumentation from __init and __head (Ritesh Harjani, Kees Cook) - Refactor and rename stackleak feature to support Clang - Add KUnit test for seq_buf API - Fix KUnit fortify test under LTO * tag 'hardening-v6.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: (22 commits) sched/task_stack: Add missing const qualifier to end_of_stack() kstack_erase: Support Clang stack depth tracking kstack_erase: Add -mgeneral-regs-only to silence Clang warnings init.h: Disable sanitizer coverage for __init and __head kstack_erase: Disable kstack_erase for all of arm compressed boot code x86: Handle KCOV __init vs inline mismatches arm64: Handle KCOV __init vs inline mismatches s390: Handle KCOV __init vs inline mismatches arm: Handle KCOV __init vs inline mismatches mips: Handle KCOV __init vs inline mismatch powerpc/mm/book3s64: Move kfence and debug_pagealloc related calls to __init section configs/hardening: Enable CONFIG_INIT_ON_FREE_DEFAULT_ON configs/hardening: Enable CONFIG_KSTACK_ERASE stackleak: Split KSTACK_ERASE_CFLAGS from GCC_PLUGINS_CFLAGS stackleak: Rename stackleak_track_stack to __sanitizer_cov_stack_depth stackleak: Rename STACKLEAK to KSTACK_ERASE seq_buf: Introduce KUnit tests string: Group str_has_prefix() and strstarts() kunit/fortify: Add back "volatile" for sizeof() constants acpi: nfit: intel: avoid multiple -Wflex-array-member-not-at-end warnings ... 2025-07-22T04:35:01+00:00 Kees Cook kees@kernel.org 2025-07-17T23:25:06+00:00 urn:sha1:57fbad15c2eee77276a541c616589b32976d2b8e In preparation for adding Clang sanitizer coverage stack depth tracking that can support stack depth callbacks: - Add the new top-level CONFIG_KSTACK_ERASE option which will be implemented either with the stackleak GCC plugin, or with the Clang stack depth callback support. - Rename CONFIG_GCC_PLUGIN_STACKLEAK as needed to CONFIG_KSTACK_ERASE, but keep it for anything specific to the GCC plugin itself. - Rename all exposed "STACKLEAK" names and files to "KSTACK_ERASE" (named for what it does rather than what it protects against), but leave as many of the internals alone as possible to avoid even more churn. While here, also split "prev_lowest_stack" into CONFIG_KSTACK_ERASE_METRICS, since that's the only place it is referenced from. Suggested-by: Ingo Molnar <mingo@kernel.org> Link: https://lore.kernel.org/r/20250717232519.2984886-1-kees@kernel.org Signed-off-by: Kees Cook <kees@kernel.org> 2025-06-16T15:01:22+00:00 Christian Brauner brauner@kernel.org 2025-06-12T13:25:23+00:00 urn:sha1:70e3ee31282d293c794fb5bbec8efe495c32044b Align the naming with the rest of our helpers exposed outside of core vfs. Link: https://lore.kernel.org/20250612-work-coredump-massage-v1-9-315c0c34ba94@kernel.org Signed-off-by: Christian Brauner <brauner@kernel.org> 2025-03-28T19:42:53+00:00 Linus Torvalds torvalds@linux-foundation.org 2025-03-28T19:42:53+00:00 urn:sha1:15cb9a2b66fc623843c68bd508e2731782ae6570 Pull tpm updates from Jarkko Sakkinen: "This contains a new driver: a TPM FF-A driver. FF comes from Firmware Framework, and A comes from Arm's A-profile. FF-A is essentially a standard mechanism to communicate with TrustZone apps such as TPM. Other than that, this includes a pile of fixes and small improvments" * tag 'tpmdd-next-6.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd: tpm: Make chip->{status,cancel,req_canceled} opt MAINTAINERS: TPM DEVICE DRIVER: add missing includes tpm: End any active auth session before shutdown Documentation: tpm: Add documentation for the CRB FF-A interface tpm_crb: Add support for the ARM FF-A start method ACPICA: Add start method for ARM FF-A tpm_crb: Clean-up and refactor check for idle support tpm_crb: ffa_tpm: Implement driver compliant to CRB over FF-A tpm/tpm_ftpm_tee: fix struct ftpm_tee_private documentation tpm, tpm_tis: Workaround failed command reception on Infineon devices tpm, tpm_tis: Fix timeout handling when waiting for TPM status tpm: Convert warn to dbg in tpm2_start_auth_session() tpm: Lazily flush auth session when getting random data tpm: ftpm_tee: remove incorrect of_match_ptr annotation tpm: do not start chip while suspended 2025-03-27T13:34:05+00:00 Stuart Yoder stuart.yoder@arm.com 2025-03-12T21:58:28+00:00 urn:sha1:da086d4e7282477fc0d907550dacb8f7be3af3c7 Add documentation providing details of how the CRB driver interacts with ARM FF-A. [jarkko: Fine-tuned the commit message.] Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Stuart Yoder <stuart.yoder@arm.com> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> 2025-03-26T12:59:49+00:00 Mickaël Salaün mic@digikod.net 2025-03-20T19:07:17+00:00 urn:sha1:8e2dd47b10e77452733eae23cc83078fa29c1e9a Because audit is dedicated to the system administrator, create a new entry in Documentation/admin-guide/LSM . Extend other Landlock documentation's pages with this new one. Extend UAPI with the new log flags. Extend the guiding principles with logs. Cc: Günther Noack <gnoack@google.com> Cc: Paul Moore <paul@paul-moore.com> Link: https://lore.kernel.org/r/20250320190717.2287696-29-mic@digikod.net Signed-off-by: Mickaël Salaün <mic@digikod.net>