Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=master 2026-04-14T15:00:10+00:00 2026-04-14T15:00:10+00:00 Tetsuo Handa penguin-kernel@I-love.SAKURA.ne.jp 2026-04-14T15:00:10+00:00 urn:sha1:8fc1ad90075f54797197827787ac691bf410b07b TOMOYO is treating numeric fields (including inode->i_ino) as "unsigned long". Now that commit 0b2600f81cef ("treewide: change inode->i_ino from unsigned long to u64") went upstream, update affected portions in TOMOYO. While an administrator might write a rule that compares inode->i_ino with an immediate value, this patch changes type of variable for inode->i_ino to "u64" but does not change type of variable for the corresponding immediate value to "u64" due to the following reasons. It is likely that rules that compare inode->i_ino are for testing whether the directories involved in e.g. rename() operation are the same (i.e. comparison between two inode->i_ino values rather than one inode->i_ino value and one immediate value). It unlikely makes sense to compare inode->i_ino with an immediate value larger than UINT_MAX. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> 2026-02-21T09:02:28+00:00 Kees Cook kees@kernel.org 2026-02-21T07:49:23+00:00 urn:sha1:69050f8d6d075dc01af7a5f2f550a8067510366f This is the result of running the Coccinelle script from scripts/coccinelle/api/kmalloc_objs.cocci. The script is designed to avoid scalar types (which need careful case-by-case checking), and instead replace kmalloc-family calls that allocate struct or union object instances: Single allocations: kmalloc(sizeof(TYPE), ...) are replaced with: kmalloc_obj(TYPE, ...) Array allocations: kmalloc_array(COUNT, sizeof(TYPE), ...) are replaced with: kmalloc_objs(TYPE, COUNT, ...) Flex array allocations: kmalloc(struct_size(PTR, FAM, COUNT), ...) are replaced with: kmalloc_flex(*PTR, FAM, COUNT, ...) (where TYPE may also be *VAR) The resulting allocations no longer return "void *", instead returning "TYPE *". Signed-off-by: Kees Cook <kees@kernel.org> 2026-01-28T19:45:25+00:00 Marco Elver elver@google.com 2026-01-19T09:05:55+00:00 urn:sha1:41539433b32d71aea9f7ada84dc6a8bd014ca50d Convert lock initialization to scoped guarded initialization where lock-guarded members are initialized in the same scope. This ensures the context analysis treats the context as active during member initialization. This is required to avoid errors once implicit context assertion is removed. Signed-off-by: Marco Elver <elver@google.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://patch.msgid.link/20260119094029.1344361-6-elver@google.com 2026-01-05T15:43:36+00:00 Marco Elver elver@google.com 2025-12-19T15:40:23+00:00 urn:sha1:87335b61a23bd10e4aec132bd3a48a009d406973 Enable context analysis for security/tomoyo. This demonstrates a larger conversion to use Clang's context analysis. The benefit is additional static checking of locking rules, along with better documentation. Tomoyo makes use of several synchronization primitives, yet its clear design made it relatively straightforward to enable context analysis. One notable finding was: security/tomoyo/gc.c:664:20: error: reading variable 'write_buf' requires holding mutex '&tomoyo_io_buffer::io_sem' 664 | is_write = head->write_buf != NULL; For which Tetsuo writes: "Good catch. This should be data_race(), for tomoyo_write_control() might concurrently update head->write_buf from non-NULL to non-NULL with head->io_sem held." Signed-off-by: Marco Elver <elver@google.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://patch.msgid.link/20251219154418.3592607-35-elver@google.com 2025-12-14T03:21:02+00:00 Linus Torvalds torvalds@linux-foundation.org 2025-12-14T03:21:02+00:00 urn:sha1:4cfc21494ac6dd8518b0ebbc73cf625523ddd870 Pull tomoyo update from Tetsuo Handa: "Trivial optimization" * tag 'tomoyo-pr-20251212' of git://git.code.sf.net/p/tomoyo/tomoyo: tomoyo: Use local kmap in tomoyo_dump_page() 2025-12-01T14:05:26+00:00 Davidlohr Bueso dave@stgolabs.net 2025-11-28T22:27:47+00:00 urn:sha1:a9ea3a2e081d29350b7a3c0731729efbc70458b8 Replace the now deprecated kmap_atomic() with kmap_local_page(). The memcpy does not need atomic semantics, and the removed comment is now stale - this patch now makes it in sync again. Last but not least, highmem is going to be removed[0]. Link: https://lore.kernel.org/all/4ff89b72-03ff-4447-9d21-dd6a5fe1550f@app.fastmail.com/ [0] Signed-off-by: Davidlohr Bueso <dave@stgolabs.net> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> 2025-10-22T23:24:26+00:00 Paul Moore paul@paul-moore.com 2025-02-18T22:23:02+00:00 urn:sha1:9484ae129593d16d6a9cac0fe54beebe1aa32458 Reviewed-by: Kees Cook <kees@kernel.org> Reviewed-by: John Johansen <john.johhansen@canonical.com> Acked-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> Signed-off-by: Paul Moore <paul@paul-moore.com> 2025-10-22T23:24:18+00:00 Paul Moore paul@paul-moore.com 2025-02-12T19:45:06+00:00 urn:sha1:9f9dc69e06ecbc61e7a50b823b82a78daf130dc0 Reduce the duplication between the lsm_id struct and the DEFINE_LSM() definition by linking the lsm_id struct directly into the individual LSM's DEFINE_LSM() instance. Linking the lsm_id into the LSM definition also allows us to simplify the security_add_hooks() function by removing the code which populates the lsm_idlist[] array and moving it into the normal LSM startup code where the LSM list is parsed and the individual LSMs are enabled, making for a cleaner implementation with less overhead at boot. Reviewed-by: Kees Cook <kees@kernel.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2025-09-01T13:31:34+00:00 Simon Schuster schuster.simon@siemens-energy.com 2025-09-01T13:09:51+00:00 urn:sha1:edd3cb05c00a040dc72bed20b14b5ba865188bce With the introduction of clone3 in commit 7f192e3cd316 ("fork: add clone3") the effective bit width of clone_flags on all architectures was increased from 32-bit to 64-bit, with a new type of u64 for the flags. However, for most consumers of clone_flags the interface was not changed from the previous type of unsigned long. While this works fine as long as none of the new 64-bit flag bits (CLONE_CLEAR_SIGHAND and CLONE_INTO_CGROUP) are evaluated, this is still undesirable in terms of the principle of least surprise. Thus, this commit fixes all relevant interfaces of callees to sys_clone3/copy_process (excluding the architecture-specific copy_thread) to consistently pass clone_flags as u64, so that no truncation to 32-bit integers occurs on 32-bit architectures. Signed-off-by: Simon Schuster <schuster.simon@siemens-energy.com> Link: https://lore.kernel.org/20250901-nios2-implement-clone3-v2-2-53fcf5577d57@siemens-energy.com Acked-by: David Hildenbrand <david@redhat.com> Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com> Reviewed-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Christian Brauner <brauner@kernel.org> 2025-01-30T15:27:44+00:00 Tetsuo Handa penguin-kernel@I-love.SAKURA.ne.jp 2025-01-30T15:27:44+00:00 urn:sha1:bdc35f164b0f60480b2f5e098bb8f3c0cea05cd2 Commit 08ae2487b202 ("tomoyo: automatically use patterns for several situations in learning mode") replaced only $PID part of procfs pathname with \$ pattern. But it turned out that we need to also replace $TID part and $FD part to make this functionality useful for e.g. /bin/lsof . Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>