Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v7.0.10 2026-02-22T01:09:51+00:00 2026-02-22T01:09:51+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-22T00:37:42+00:00 urn:sha1:bf4afc53b77aeaa48b5409da5c8da6bb4eff7f43 This was done entirely with mindless brute force, using git grep -l '\<k[vmz]*alloc_objs*(.*, GFP_KERNEL)' | xargs sed -i 's/\(alloc_objs*(.*\), GFP_KERNEL)/\1)/' to convert the new alloc_obj() users that had a simple GFP_KERNEL argument to just drop that argument. Note that due to the extreme simplicity of the scripting, any slightly more complex cases spread over multiple lines would not be triggered: they definitely exist, but this covers the vast bulk of the cases, and the resulting diff is also then easier to check automatically. For the same reason the 'flex' versions will be done as a separate conversion. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2026-02-21T09:02:28+00:00 Kees Cook kees@kernel.org 2026-02-21T07:49:23+00:00 urn:sha1:69050f8d6d075dc01af7a5f2f550a8067510366f This is the result of running the Coccinelle script from scripts/coccinelle/api/kmalloc_objs.cocci. The script is designed to avoid scalar types (which need careful case-by-case checking), and instead replace kmalloc-family calls that allocate struct or union object instances: Single allocations: kmalloc(sizeof(TYPE), ...) are replaced with: kmalloc_obj(TYPE, ...) Array allocations: kmalloc_array(COUNT, sizeof(TYPE), ...) are replaced with: kmalloc_objs(TYPE, COUNT, ...) Flex array allocations: kmalloc(struct_size(PTR, FAM, COUNT), ...) are replaced with: kmalloc_flex(*PTR, FAM, COUNT, ...) (where TYPE may also be *VAR) The resulting allocations no longer return "void *", instead returning "TYPE *". Signed-off-by: Kees Cook <kees@kernel.org> 2026-02-20T22:46:31+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-20T22:46:31+00:00 urn:sha1:233a0c0f4498309f98d98a4b6543fa05a12d9587 Pull ecryptfs updates from Tyler Hicks: "This consists of some really minor typo fixes that fell through the cracks and some more recent code cleanups: - Comment typo fixes - Removal of an unused function declaration - Use strscpy() instead of the deprecated strcpy() - Use string copying helpers instead of memcpy() and manually terminating strings" * tag 'ecryptfs-7.0-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs: ecryptfs: Replace memcpy + NUL termination in ecryptfs_copy_filename ecryptfs: Drop redundant NUL terminations after calling ecryptfs_to_hex ecryptfs: Replace memcpy + NUL termination in ecryptfs_new_file_context ecryptfs: Replace strcpy with strscpy in ecryptfs_validate_options ecryptfs: Replace strcpy with strscpy in ecryptfs_cipher_code_to_string ecryptfs: Replace strcpy with strscpy in ecryptfs_set_default_crypt_stat_vals ecryptfs: simplify list initialization in ecryptfs_parse_packet_set() ecryptfs: Remove unused declartion ecryptfs_fill_zeros() ecryptfs: Fix packet format comment in parse_tag_67_packet() ecryptfs: comment typo fix ecryptfs: keystore: Fix typo 'the the' in comment 2026-01-29T09:06:59+00:00 Amir Goldstein amir73il@gmail.com 2026-01-28T13:24:05+00:00 urn:sha1:55fb177d3a0346106974749374ae2191ba250825 Rename the helper is_dot_dotdot() into the name_ namespace and add complementary helpers to check for dot and dotdot names individually. Signed-off-by: Amir Goldstein <amir73il@gmail.com> Link: https://patch.msgid.link/20260128132406.23768-3-amir73il@gmail.com Reviewed-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Christian Brauner <brauner@kernel.org> 2026-01-13T02:21:27+00:00 Thorsten Blum thorsten.blum@linux.dev 2026-01-11T13:12:58+00:00 urn:sha1:99853d9daef240a45e161d0e33487cda4810b999 Use kmemdup_nul() to copy 'name' instead of using memcpy() followed by a manual NUL termination. Remove the local return variable and the goto label to simplify the code. No functional changes. Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> Acked-by: Tyler Hicks <code@tyhicks.com> Signed-off-by: Tyler Hicks <code@tyhicks.com> 2025-12-23T21:23:23+00:00 Thorsten Blum thorsten.blum@linux.dev 2025-12-19T21:32:33+00:00 urn:sha1:e8fb5ec8934312df0a8f28b5514733acdf7ba722 Use strscpy() to copy the NUL-terminated '->global_default_cipher_name' to the destination buffer instead of using memcpy() followed by a manual NUL termination. Remove the now-unused local variable 'cipher_name_len'. Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> Signed-off-by: Tyler Hicks <code@tyhicks.com> 2025-12-23T21:23:23+00:00 Thorsten Blum thorsten.blum@linux.dev 2025-12-13T11:04:52+00:00 urn:sha1:c82f77a4ac9589a5d73d4caaa439fa670c684455 strcpy() has been deprecated [1] because it performs no bounds checking on the destination buffer, which can lead to buffer overflows. Since the parameter 'char *str' is just a pointer with no size information, extend the function with a 'size' parameter to pass the destination buffer's size as an additional argument. Adjust the call sites accordingly. Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1] Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> Signed-off-by: Tyler Hicks <code@tyhicks.com> 2025-12-23T21:23:23+00:00 Thorsten Blum thorsten.blum@linux.dev 2025-12-13T11:04:50+00:00 urn:sha1:3bdc6cace25c3c7adfc073bb763bb52c9d1282c8 strcpy() has been deprecated [1] because it performs no bounds checking on the destination buffer, which can lead to buffer overflows. Replace it with the safer strscpy(). Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1] Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> Signed-off-by: Tyler Hicks <code@tyhicks.com> 2025-12-23T21:23:20+00:00 Zipeng Zhang zhangzipeng0@foxmail.com 2023-03-20T02:04:28+00:00 urn:sha1:9383d8205c1591f49d66cb53b3a5b0f15e9ff703 Comment typo fix "vitual" -> "virtual". Signed-off-by: Zipeng Zhang <zhangzipeng0@foxmail.com> Signed-off-by: Tyler Hicks <code@tyhicks.com> 2025-10-31T09:12:35+00:00 Eric Biggers ebiggers@kernel.org 2025-10-11T20:00:10+00:00 urn:sha1:0bbb838f385aa7073510b727706a9c0215c8cd9f eCryptfs uses MD5 for a couple unusual purposes: to "mix" the key into the IVs for file contents encryption (similar to ESSIV), and to prepend some key-dependent bytes to the plaintext when encrypting filenames (which is useless since eCryptfs encrypts the filenames with ECB). Currently, eCryptfs computes these MD5 hashes using the crypto_shash API. Update it to instead use the MD5 library API. This is simpler and faster: the library doesn't require memory allocations, can't fail, and provides direct access to MD5 without overhead such as indirect calls. To preserve the existing behavior of eCryptfs support being disabled when the kernel is booted with "fips=1", make ecryptfs_get_tree() check fips_enabled itself. Previously it relied on crypto_alloc_shash("md5") failing. I don't know for sure that this is actually needed; e.g., it could be argued that eCryptfs's use of MD5 isn't for a security purpose as far as FIPS is concerned. But this preserves the existing behavior. Tested by verifying that an existing eCryptfs can still be mounted with a kernel that has this commit, with all the files matching. Also tested creating a filesystem with this commit and mounting+reading it without. Signed-off-by: Eric Biggers <ebiggers@kernel.org> Link: https://patch.msgid.link/20251011200010.193140-1-ebiggers@kernel.org Acked-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Christian Brauner <brauner@kernel.org>