Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v7.0-rc7 2026-02-22T01:09:51+00:00 2026-02-22T01:09:51+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-22T01:06:51+00:00 urn:sha1:323bbfcf1ef8836d0d2ad9e2c1f1c684f0e3b5b3 This is the exact same thing as the 'alloc_obj()' version, only much smaller because there are a lot fewer users of the *alloc_flex() interface. As with alloc_obj() version, this was done entirely with mindless brute force, using the same script, except using 'flex' in the pattern rather than 'objs*'. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2026-02-21T09:02:28+00:00 Kees Cook kees@kernel.org 2026-02-21T07:49:23+00:00 urn:sha1:69050f8d6d075dc01af7a5f2f550a8067510366f This is the result of running the Coccinelle script from scripts/coccinelle/api/kmalloc_objs.cocci. The script is designed to avoid scalar types (which need careful case-by-case checking), and instead replace kmalloc-family calls that allocate struct or union object instances: Single allocations: kmalloc(sizeof(TYPE), ...) are replaced with: kmalloc_obj(TYPE, ...) Array allocations: kmalloc_array(COUNT, sizeof(TYPE), ...) are replaced with: kmalloc_objs(TYPE, COUNT, ...) Flex array allocations: kmalloc(struct_size(PTR, FAM, COUNT), ...) are replaced with: kmalloc_flex(*PTR, FAM, COUNT, ...) (where TYPE may also be *VAR) The resulting allocations no longer return "void *", instead returning "TYPE *". Signed-off-by: Kees Cook <kees@kernel.org> 2026-02-18T18:45:36+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-18T18:45:36+00:00 urn:sha1:23b0f90ba871f096474e1c27c3d14f455189d2d9 Pull sysctl updates from Joel Granados: - Remove macros from proc handler converters Replace the proc converter macros with "regular" functions. Though it is more verbose than the macro version, it helps when debugging and better aligns with coding-style.rst. - General cleanup Remove superfluous ctl_table forward declarations. Const qualify the memory_allocation_profiling_sysctl and loadpin_sysctl_table arrays. Add missing kernel doc to proc_dointvec_conv. - Testing This series was run through sysctl selftests/kunit test suite in x86_64. And went into linux-next after rc4, giving it a good 3 weeks of testing * tag 'sysctl-7.00-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/sysctl/sysctl: sysctl: replace SYSCTL_INT_CONV_CUSTOM macro with functions sysctl: Replace unidirectional INT converter macros with functions sysctl: Add kernel doc to proc_douintvec_conv sysctl: Replace UINT converter macros with functions sysctl: Add CONFIG_PROC_SYSCTL guards for converter macros sysctl: clarify proc_douintvec_minmax doc sysctl: Return -ENOSYS from proc_douintvec_conv when CONFIG_PROC_SYSCTL=n sysctl: Remove unused ctl_table forward declarations loadpin: Implement custom proc_handler for enforce alloc_tag: move memory_allocation_profiling_sysctls into .rodata sysctl: Add missing kernel-doc for proc_dointvec_conv 2026-01-21T03:44:19+00:00 Randy Dunlap rdunlap@infradead.org 2025-12-15T00:51:56+00:00 urn:sha1:24c776355f4097316a763005434ffff716aa21a8 Remove <linux/hex.h> from <linux/kernel.h> and update all users/callers of hex.h interfaces to directly #include <linux/hex.h> as part of the process of putting kernel.h on a diet. Removing hex.h from kernel.h means that 36K C source files don't have to pay the price of parsing hex.h for the roughly 120 C source files that need it. This change has been build-tested with allmodconfig on most ARCHes. Also, all users/callers of <linux/hex.h> in the entire source tree have been updated if needed (if not already #included). Link: https://lkml.kernel.org/r/20251215005206.2362276-1-rdunlap@infradead.org Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Reviewed-by: Andy Shevchenko <andriy.shevchenko@intel.com> Cc: Ingo Molnar <mingo@kernel.org> Cc: Yury Norov (NVIDIA) <yury.norov@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> 2026-01-05T12:45:19+00:00 Joel Granados joel.granados@kernel.org 2025-12-05T08:43:11+00:00 urn:sha1:a2564d0688db20a1ee1660f45d7823075feb12a7 Add a new static variable (loadpin_root_writable) to keep the write-ability state of enforce. Remove set_sysctl and const qualify loadpin_sysctl_table (moves into .rodata) as there is no longer need to change the value of extra1. The new proc_handler_loadpin returns -EINVAL when loadpin_root_writable is false and the kernel var (enforce) is being written. The old way of modifying the write-ability of enforce stays in loadpin_check and is still set by calling sb_is_writable. Signed-off-by: Joel Granados <joel.granados@kernel.org> 2025-10-22T23:24:25+00:00 Paul Moore paul@paul-moore.com 2025-02-18T22:11:32+00:00 urn:sha1:b0374e79a83c89f2a85f39364e215ac749ea2f31 Acked-by: Kees Cook <kees@kernel.org> Reviewed-by: John Johansen <john.johhansen@canonical.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2025-10-22T23:24:18+00:00 Paul Moore paul@paul-moore.com 2025-02-12T19:45:06+00:00 urn:sha1:9f9dc69e06ecbc61e7a50b823b82a78daf130dc0 Reduce the duplication between the lsm_id struct and the DEFINE_LSM() definition by linking the lsm_id struct directly into the individual LSM's DEFINE_LSM() instance. Linking the lsm_id into the LSM definition also allows us to simplify the security_add_hooks() function by removing the code which populates the lsm_idlist[] array and moving it into the normal LSM startup code where the LSM list is parsed and the individual LSMs are enabled, making for a cleaner implementation with less overhead at boot. Reviewed-by: Kees Cook <kees@kernel.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2025-03-03T17:35:50+00:00 Arulpandiyan Vadivel arulpandiyan.vadivel@siemens.com 2025-03-02T10:38:31+00:00 urn:sha1:d73ef9ec8794c4dad25774d655a8f284ad9ff641 Updated the MODULE_COMPRESS_NONE with MODULE_COMPRESS as it was no longer available from kernel modules. As MODULE_COMPRESS and MODULE_DECOMPRESS depends on MODULES removing MODULES as well. Fixes: c7ff693fa209 ("module: Split modules_install compression and in-kernel decompression") Signed-off-by: Arulpandiyan Vadivel <arulpandiyan.vadivel@siemens.com> Link: https://lore.kernel.org/r/20250302103831.285381-1-arulpandiyan.vadivel@siemens.com Signed-off-by: Kees Cook <kees@kernel.org> 2024-11-03T06:28:06+00:00 Al Viro viro@zeniv.linux.org.uk 2024-07-20T01:19:02+00:00 urn:sha1:8152f8201088350c76bb9685cd5990dd51d59aff all failure exits prior to fdget() leave the scope, all matching fdput() are immediately followed by leaving the scope. [xfs_ioc_commit_range() chunk moved here as well] Reviewed-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2024-08-13T02:00:43+00:00 Al Viro viro@zeniv.linux.org.uk 2024-05-31T18:12:01+00:00 urn:sha1:1da91ea87aefe2c25b68c9f96947a9271ba6325d For any changes of struct fd representation we need to turn existing accesses to fields into calls of wrappers. Accesses to struct fd::flags are very few (3 in linux/file.h, 1 in net/socket.c, 3 in fs/overlayfs/file.c and 3 more in explicit initializers). Those can be dealt with in the commit converting to new layout; accesses to struct fd::file are too many for that. This commit converts (almost) all of f.file to fd_file(f). It's not entirely mechanical ('file' is used as a member name more than just in struct fd) and it does not even attempt to distinguish the uses in pointer context from those in boolean context; the latter will be eventually turned into a separate helper (fd_empty()). NOTE: mass conversion to fd_empty(), tempting as it might be, is a bad idea; better do that piecewise in commit that convert from fdget...() to CLASS(...). [conflicts in fs/fhandle.c, kernel/bpf/syscall.c, mm/memcontrol.c caught by git; fs/stat.c one got caught by git grep] [fs/xattr.c conflict] Reviewed-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>