Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.18.22 2026-01-23T10:21:22+00:00 2026-01-23T10:21:22+00:00 Günther Noack gnoack3000@gmail.com 2026-01-01T13:40:58+00:00 urn:sha1:d91cee31906a873bcc123d06eda4efa4835c8d0f [ Upstream commit 15e8d739fda1084d81f7d3813e9600eba6e0f134 ] Add a missing close(srv_fd) call, and use EXPECT_EQ() to check the result. Signed-off-by: Günther Noack <gnoack3000@gmail.com> Fixes: f83d51a5bdfe ("selftests/landlock: Check IOCTL restrictions for named UNIX domain sockets") Link: https://lore.kernel.org/r/20260101134102.25938-2-gnoack3000@gmail.com [mic: Use EXPECT_EQ() and update commit message] Signed-off-by: Mickaël Salaün <mic@digikod.net> Signed-off-by: Sasha Levin <sashal@kernel.org> 2026-01-23T10:21:22+00:00 Matthieu Buffet matthieu@buffet.re 2025-12-01T00:36:31+00:00 urn:sha1:a45001796aa004025c7c352c42362582a79f595d [ Upstream commit e1a57c33590a50a6639798e60a597af4a23b0340 ] Remove bind() call on a client socket that doesn't make sense. Since strlen(cli_un.sun_path) returns a random value depending on stack garbage, that many uninitialized bytes are read from the stack as an unix socket address. This creates random test failures due to the bind address being invalid or already in use if the same stack value comes up twice. Fixes: f83d51a5bdfe ("selftests/landlock: Check IOCTL restrictions for named UNIX domain sockets") Signed-off-by: Matthieu Buffet <matthieu@buffet.re> Reviewed-by: Günther Noack <gnoack@google.com> Link: https://lore.kernel.org/r/20251201003631.190817-1-matthieu@buffet.re Signed-off-by: Mickaël Salaün <mic@digikod.net> Signed-off-by: Sasha Levin <sashal@kernel.org> 2026-01-23T10:21:21+00:00 Matthieu Buffet matthieu@buffet.re 2025-10-27T19:07:24+00:00 urn:sha1:c589bc64336672ebdc3fd83c563a6529aa138735 [ Upstream commit bd09d9a05cf04028f639e209b416bacaeffd4909 ] The nominal error code for bind(AF_UNSPEC) on an IPv6 socket is -EAFNOSUPPORT, not -EINVAL. -EINVAL is only returned when the supplied address struct is too short, which happens to be the case in current selftests because they treat AF_UNSPEC like IPv4 sockets do: as an alias for AF_INET (which is a 16-byte struct instead of the 24 bytes required by IPv6 sockets). Make the union large enough for any address (by adding struct sockaddr_storage to the union), and make AF_UNSPEC addresses large enough for any family. Test for -EAFNOSUPPORT instead, and add a dedicated test case for truncated inputs with -EINVAL. Fixes: a549d055a22e ("selftests/landlock: Add network tests") Signed-off-by: Matthieu Buffet <matthieu@buffet.re> Link: https://lore.kernel.org/r/20251027190726.626244-2-matthieu@buffet.re Signed-off-by: Mickaël Salaün <mic@digikod.net> Signed-off-by: Sasha Levin <sashal@kernel.org> 2025-12-18T13:03:22+00:00 Matthieu Buffet matthieu@buffet.re 2025-10-27T01:14:40+00:00 urn:sha1:c1b149b698e29cf576744773fd18b4662cc4c47c [ Upstream commit e61462232a58bddd818fa6a913a9a2e76fd3634f ] Make all headers part of make's dependencies computations. Otherwise, updating audit.h, common.h, scoped_base_variants.h, scoped_common.h, scoped_multiple_domain_variants.h, or wrappers.h, re-running make and running selftests could lead to testing stale headers. Fixes: 6a500b22971c ("selftests/landlock: Add tests for audit flags and domain IDs") Fixes: fefcf0f7cf47 ("selftests/landlock: Test abstract UNIX socket scoping") Fixes: 5147779d5e1b ("selftests/landlock: Add wrappers.h") Signed-off-by: Matthieu Buffet <matthieu@buffet.re> Link: https://lore.kernel.org/r/20251027011440.1838514-1-matthieu@buffet.re Signed-off-by: Mickaël Salaün <mic@digikod.net> Signed-off-by: Sasha Levin <sashal@kernel.org> 2025-09-13T23:55:16+00:00 Bala-Vignesh-Reddy reddybalavignesh9979@gmail.com 2025-08-21T10:11:59+00:00 urn:sha1:a7498388b099f08219bad5f19d00e436da27fbf9 Several selftests subdirectories duplicated the define __maybe_unused, leading to redundant code. Move to kselftest.h header and remove other definitions. This addresses the duplication noted in the proc-pid-vm warning fix Link: https://lkml.kernel.org/r/20250821101159.2238-1-reddybalavignesh9979@gmail.com Signed-off-by: Bala-Vignesh-Reddy <reddybalavignesh9979@gmail.com> Suggested-by: Andrew Morton <akpm@linux-foundation.org> Link:https://lore.kernel.org/lkml/20250820143954.33d95635e504e94df01930d0@linux-foundation.org/ Reviewed-by: Wei Yang <richard.weiyang@gmail.com> Acked-by: SeongJae Park <sj@kernel.org> Reviewed-by: Ming Lei <ming.lei@redhat.com> Acked-by: Mickal Salan <mic@digikod.net> [landlock] Cc: Shuah Khan <shuah@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> 2025-06-19T11:55:41+00:00 Mickaël Salaün mic@digikod.net 2025-06-06T11:08:09+00:00 urn:sha1:dae01387e6a9bbce31f6c62839733ab8b63e16f3 This test checks that a rule on a directory used as a mount point does not grant access to the mount covering it. It is a generalization of the bind mount case in layout3_fs.hostfs.release_inodes [1] that tests hidden mount points. Cc: Günther Noack <gnoack@google.com> Cc: Song Liu <song@kernel.org> Cc: Tingmao Wang <m@maowtm.org> Link: https://lore.kernel.org/r/20250606.zo5aekae6Da6@digikod.net [1] Link: https://lore.kernel.org/r/20250606110811.211297-1-mic@digikod.net Signed-off-by: Mickaël Salaün <mic@digikod.net> 2025-06-19T11:55:40+00:00 Song Liu song@kernel.org 2025-06-05T21:44:16+00:00 urn:sha1:dc58130bc38f09b162aa3b216f8b8f1e0a56127b We are hitting build error on CentOS 9: audit_test.c:232:40: error: ‘O_CLOEXEC’ undeclared (...) Fix this by including fcntl.h. Signed-off-by: Song Liu <song@kernel.org> Link: https://lore.kernel.org/r/20250605214416.1885878-1-song@kernel.org Fixes: 6b4566400a29 ("selftests/landlock: Add PID tests for audit records") Signed-off-by: Mickaël Salaün <mic@digikod.net> 2025-06-19T11:55:38+00:00 Mickaël Salaün mic@digikod.net 2025-05-28T14:44:25+00:00 urn:sha1:94a7ce26428d3a7ceb46c503ed726160578b9fcc The audit_init_filter_exe() helper incorrectly checks the readlink(2) error because an unsigned integer is used to store the result. Use a signed integer for this check. Reported-by: Dan Carpenter <dan.carpenter@linaro.org> Closes: https://lore.kernel.org/r/aDbFwyZ_fM-IO7sC@stanley.mountain Fixes: 6a500b22971c ("selftests/landlock: Add tests for audit flags and domain IDs") Reviewed-by: Günther Noack <gnoack@google.com> Link: https://lore.kernel.org/r/20250528144426.1709063-1-mic@digikod.net Signed-off-by: Mickaël Salaün <mic@digikod.net> 2025-04-11T10:53:22+00:00 Mickaël Salaün mic@digikod.net 2025-04-10T17:17:23+00:00 urn:sha1:6b4566400a2919e6c1137404c53d7cf1ada559aa Add audit.thread tests to check that the PID tied to a domain is not a thread ID but the thread group ID. These new tests would not pass without the previous TGID fix. Extend matches_log_domain_allocated() to check against the PID that created the domain. Test coverage for security/landlock is 93.6% of 1524 lines according to gcc/gcov-14. Cc: Christian Brauner <brauner@kernel.org> Cc: Günther Noack <gnoack@google.com> Cc: Paul Moore <paul@paul-moore.com> Link: https://lore.kernel.org/r/20250410171725.1265860-3-mic@digikod.net Signed-off-by: Mickaël Salaün <mic@digikod.net> 2025-04-11T10:53:20+00:00 Mickaël Salaün mic@digikod.net 2025-04-10T17:17:22+00:00 urn:sha1:e4a0f9e0cacd93094b619616426a273e0bc9107e The audit fixture needlessly stores and manages domain_stack. Move it to the audit.layers tests. This will be useful to reuse the audit fixture with the next patch. Cc: Günther Noack <gnoack@google.com> Link: https://lore.kernel.org/r/20250410171725.1265860-2-mic@digikod.net Signed-off-by: Mickaël Salaün <mic@digikod.net>