Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.1.168 2022-07-19T09:57:15+00:00 2022-07-19T09:57:15+00:00 John Johansen john.johansen@canonical.com 2022-03-25T12:20:02+00:00 urn:sha1:f567e7fada03d4c9c5f646a439ad2356371c4147 The policydb permission set has left the xbits unused. Make them available for mediation. Signed-off-by: John Johansen <john.johansen@canonical.com> 2021-11-11T22:47:32+00:00 Linus Torvalds torvalds@linux-foundation.org 2021-11-11T22:47:32+00:00 urn:sha1:5593a733f968521444df84902901902233c17d8f Pull apparmor updates from John Johansen: "Features - use per file locks for transactional queries - update policy management capability checks to work with LSM stacking Bug Fixes: - check/put label on apparmor_sk_clone_security() - fix error check on update of label hname - fix introspection of of task mode for unconfined tasks Cleanups: - avoid -Wempty-body warning - remove duplicated 'Returns:' comments - fix doc warning - remove unneeded one-line hook wrappers - use struct_size() helper in kzalloc() - fix zero-length compiler warning in AA_BUG() - file.h: delete duplicated word - delete repeated words in comments - remove repeated declaration" * tag 'apparmor-pr-2021-11-10' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor: apparmor: remove duplicated 'Returns:' comments apparmor: remove unneeded one-line hook wrappers apparmor: Use struct_size() helper in kzalloc() apparmor: fix zero-length compiler warning in AA_BUG() apparmor: use per file locks for transactional queries apparmor: fix doc warning apparmor: Remove the repeated declaration apparmor: avoid -Wempty-body warning apparmor: Fix internal policy capable check for policy management apparmor: fix error check security: apparmor: delete repeated words in comments security: apparmor: file.h: delete duplicated word apparmor: switch to apparmor to internal capable check for policy management apparmor: update policy capable checks to use a label apparmor: fix introspection of of task mode for unconfined tasks apparmor: check/put label on apparmor_sk_clone_security() 2021-02-07T12:15:08+00:00 Randy Dunlap rdunlap@infradead.org 2021-01-25T19:53:50+00:00 urn:sha1:ef70454508c00a415a41156a19cb771a186c55d0 Delete the doubled word "then" in a comment. Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Reviewed-by: Seth Arnold <seth.arnold@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2020-08-07T18:33:22+00:00 Waiman Long longman@redhat.com 2020-08-07T06:18:13+00:00 urn:sha1:453431a54934d917153c65211b2dabf45562ca88 As said by Linus: A symmetric naming is only helpful if it implies symmetries in use. Otherwise it's actively misleading. In "kzalloc()", the z is meaningful and an important part of what the caller wants. In "kzfree()", the z is actively detrimental, because maybe in the future we really _might_ want to use that "memfill(0xdeadbeef)" or something. The "zero" part of the interface isn't even _relevant_. The main reason that kzfree() exists is to clear sensitive information that should not be leaked to other future users of the same memory objects. Rename kzfree() to kfree_sensitive() to follow the example of the recently added kvfree_sensitive() and make the intention of the API more explicit. In addition, memzero_explicit() is used to clear the memory to make sure that it won't get optimized away by the compiler. The renaming is done by using the command sequence: git grep -w --name-only kzfree |\ xargs sed -i 's/kzfree/kfree_sensitive/' followed by some editing of the kfree_sensitive() kerneldoc and adding a kzfree backward compatibility macro in slab.h. [akpm@linux-foundation.org: fs/crypto/inline_crypt.c needs linux/slab.h] [akpm@linux-foundation.org: fix fs/crypto/inline_crypt.c some more] Suggested-by: Joe Perches <joe@perches.com> Signed-off-by: Waiman Long <longman@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Acked-by: David Howells <dhowells@redhat.com> Acked-by: Michal Hocko <mhocko@suse.com> Acked-by: Johannes Weiner <hannes@cmpxchg.org> Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Cc: James Morris <jmorris@namei.org> Cc: "Serge E. Hallyn" <serge@hallyn.com> Cc: Joe Perches <joe@perches.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: David Rientjes <rientjes@google.com> Cc: Dan Carpenter <dan.carpenter@oracle.com> Cc: "Jason A . Donenfeld" <Jason@zx2c4.com> Link: http://lkml.kernel.org/r/20200616154311.12314-3-longman@redhat.com Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2019-12-03T20:51:35+00:00 Linus Torvalds torvalds@linux-foundation.org 2019-12-03T20:51:35+00:00 urn:sha1:79e178a57dae819ae724065b47c25720494cc9f2 Pull apparmor updates from John Johansen: "Features: - increase left match history buffer size to provide improved conflict resolution in overlapping execution rules. - switch buffer allocation to use a memory pool and GFP_KERNEL where possible. - add compression of policy blobs to reduce memory usage. Cleanups: - fix spelling mistake "immutible" -> "immutable" Bug fixes: - fix unsigned len comparison in update_for_len macro - fix sparse warning for type-casting of current->real_cred" * tag 'apparmor-pr-2019-12-03' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor: apparmor: make it so work buffers can be allocated from atomic context apparmor: reduce rcu_read_lock scope for aa_file_perm mediation apparmor: fix wrong buffer allocation in aa_new_mount apparmor: fix unsigned len comparison with less than zero apparmor: increase left match history buffer size apparmor: Switch to GFP_KERNEL where possible apparmor: Use a memory pool instead per-CPU caches apparmor: Force type-casting of current->real_cred apparmor: fix spelling mistake "immutible" -> "immutable" apparmor: fix blob compression when ns is forced on a policy load apparmor: fix missing ZLIB defines apparmor: fix blob compression build failure on ppc apparmor: Initial implementation of raw policy blob compression 2019-11-23T00:41:08+00:00 John Johansen john.johansen@canonical.com 2019-09-14T10:34:06+00:00 urn:sha1:341c1fda5e17156619fb71acfc7082b2669b4b72 In some situations AppArmor needs to be able to use its work buffers from atomic context. Add the ability to specify when in atomic context and hold a set of work buffers in reserve for atomic context to reduce the chance that a large work buffer allocation will need to be done. Fixes: df323337e507 ("apparmor: Use a memory pool instead per-CPU caches") Signed-off-by: John Johansen <john.johansen@canonical.com> 2019-06-05T15:37:17+00:00 Thomas Gleixner tglx@linutronix.de 2019-06-01T08:08:55+00:00 urn:sha1:b886d83c5b621abc84ff9616f14c529be3f6b147 Based on 1 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation version 2 of the license extracted by the scancode license scanner the SPDX license identifier GPL-2.0-only has been chosen to replace the boilerplate/reference in 315 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Reviewed-by: Armijn Hemel <armijn@tjaldur.nl> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190531190115.503150771@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-01-08T21:18:44+00:00 Casey Schaufler casey@schaufler-ca.com 2018-11-12T20:02:49+00:00 urn:sha1:33bf60cabcc7687b194a689b068b65e9ecd556be Move management of the file->f_security blob out of the individual security modules and into the infrastructure. The modules no longer allocate or free the data, instead they tell the infrastructure how much space they require. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> [kees: adjusted for ordered init series] Signed-off-by: Kees Cook <keescook@chromium.org> 2017-08-01T19:03:06+00:00 Kees Cook keescook@chromium.org 2017-07-18T22:25:24+00:00 urn:sha1:993b3ab0642e57da5de6bef11dd50db7e2fc3b7e The AppArmor bprm_secureexec hook can be merged with the bprm_set_creds hook since it's dealing with the same information, and all of the details are finalized during the first call to the bprm_set_creds hook via prepare_binprm() (subsequent calls due to binfmt_script, etc, are ignored via bprm->called_set_creds). Here, all the comments describe how secureexec is actually calculated during bprm_set_creds, so this actually does it, drops the bprm flag that was being used internally by AppArmor, and drops the bprm_secureexec hook. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: John Johansen <john.johansen@canonical.com> Reviewed-by: James Morris <james.l.morris@oracle.com> Acked-by: Serge Hallyn <serge@hallyn.com> 2017-06-11T00:11:44+00:00 John Johansen john.johansen@canonical.com 2017-06-09T23:06:21+00:00 urn:sha1:8014370f1257619226b79cb6de8e28563fbbc070 Signed-off-by: John Johansen <john.johansen@canonical.com>