Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.6.131 2025-04-25T08:45:57+00:00 2025-04-25T08:45:57+00:00 Mickaël Salaün mic@digikod.net 2025-03-18T16:14:37+00:00 urn:sha1:efde4462b3217e777f385c8d2ade960de3d9666e commit 15383a0d63dbcd63dc7e8d9ec1bf3a0f7ebf64ac upstream. Some fixes may require user space to check if they are applied on the running kernel before using a specific feature. For instance, this applies when a restriction was previously too restrictive and is now getting relaxed (e.g. for compatibility reasons). However, non-visible changes for legitimate use (e.g. security fixes) do not require an erratum. Because fixes are backported down to a specific Landlock ABI, we need a way to avoid cherry-pick conflicts. The solution is to only update a file related to the lower ABI impacted by this issue. All the ABI files are then used to create a bitmask of fixes. The new errata interface is similar to the one used to get the supported Landlock ABI version, but it returns a bitmask instead because the order of fixes may not match the order of versions, and not all fixes may apply to all versions. The actual errata will come with dedicated commits. The description is not actually used in the code but serves as documentation. Create the landlock_abi_version symbol and use its value to check errata consistency. Update test_base's create_ruleset_checks_ordering tests and add errata tests. This commit is backportable down to the first version of Landlock. Fixes: 3532b0b4352c ("landlock: Enable user space to infer supported features") Cc: Günther Noack <gnoack@google.com> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20250318161443.279194-3-mic@digikod.net Signed-off-by: Mickaël Salaün <mic@digikod.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2025-02-08T08:52:02+00:00 Mickaël Salaün mic@digikod.net 2025-01-08T15:43:28+00:00 urn:sha1:627f67b6d0999361abcfd5514f731070da93f6fd [ Upstream commit 2107c35128ad751b201eb92fe91443450d9e5c37 ] The global variable errno may not be set in test_execute(). Do not use it in related error message. Cc: Günther Noack <gnoack@google.com> Fixes: e1199815b47b ("selftests/landlock: Add user space tests") Link: https://lore.kernel.org/r/20250108154338.1129069-21-mic@digikod.net Signed-off-by: Mickaël Salaün <mic@digikod.net> Signed-off-by: Sasha Levin <sashal@kernel.org> 2024-08-03T06:54:17+00:00 Mickaël Salaün mic@digikod.net 2024-07-24T14:54:26+00:00 urn:sha1:27be7ff9ffb4ab9570de36debcb45d5b61f753e4 commit cc374782b6ca0fd634482391da977542443d3368 upstream. Check that keyctl(KEYCTL_SESSION_TO_PARENT) preserves the parent's restrictions. Fixes: e1199815b47b ("selftests/landlock: Add user space tests") Co-developed-by: Jann Horn <jannh@google.com> Signed-off-by: Jann Horn <jannh@google.com> Link: https://lore.kernel.org/r/20240724.Ood5aige9she@digikod.net Signed-off-by: Mickaël Salaün <mic@digikod.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2024-02-23T08:24:48+00:00 Hu Yadi hu.yadi@h3c.com 2024-01-24T02:29:08+00:00 urn:sha1:854357db2f93c97365574fad6b5b31d12a13b24c [ Upstream commit 40b7835e74e0383be308d528c5e0e41b3bf72ade ] One issue comes up while building selftest/landlock/fs_test on my side (gcc 7.3/glibc-2.28/kernel-4.19). gcc -Wall -O2 -isystem fs_test.c -lcap -o selftests/landlock/fs_test fs_test.c:4575:9: error: initializer element is not constant .mnt = mnt_tmp, ^~~~~~~ Signed-off-by: Hu Yadi <hu.yadi@h3c.com> Suggested-by: Jiao <jiaoxupo@h3c.com> Reviewed-by: Berlin <berlin@h3c.com> Link: https://lore.kernel.org/r/20240124022908.42100-1-hu.yadi@h3c.com Fixes: 04f9070e99a4 ("selftests/landlock: Add tests for pseudo filesystems") [mic: Factor out mount's data string and make mnt_tmp static] Signed-off-by: Mickaël Salaün <mic@digikod.net> Signed-off-by: Sasha Levin <sashal@kernel.org> 2023-08-30T16:53:08+00:00 Ding Xiang dingxiang@cmss.chinamobile.com 2023-08-30T10:11:48+00:00 urn:sha1:2a2015495142ee0a35711b5dcf7b215c31489f27 The opened file should be closed before return, otherwise resource leak will occur. Signed-off-by: Ding Xiang <dingxiang@cmss.chinamobile.com> Link: https://lore.kernel.org/r/20230830101148.3738-1-dingxiang@cmss.chinamobile.com Fixes: 3de64b656b3c ("selftests/landlock: Add supports_filesystem() helper") Signed-off-by: Mickaël Salaün <mic@digikod.net> 2023-06-12T19:26:23+00:00 Mickaël Salaün mic@digikod.net 2023-06-12T19:14:30+00:00 urn:sha1:35ca4239929737bdc021ee923f97ebe7aff8fcc4 Add tests for the hostfs filesystems to make sure it has a consistent inode management, which is required for Landlock's file hierarchy identification. This adds 5 new tests for layout3_fs with the hostfs variant. Add hostfs to the new (architecture-specific) config.um file. The hostfs filesystem, only available for an User-Mode Linux kernel, is special because we cannot explicitly mount it. The layout3_fs.hostfs variant tests are skipped if the current test directory is not backed by this filesystem. The layout3_fs.hostfs.tag_inode_dir_child and layout3_fs.hostfs.tag_inode_file tests pass thanks to a previous commit fixing hostfs inode management. Without this fix, the deny-by-default policy would apply and all access requests would be denied. Link: https://lore.kernel.org/r/20230612191430.339153-7-mic@digikod.net Signed-off-by: Mickaël Salaün <mic@digikod.net> 2023-06-12T19:26:23+00:00 Mickaël Salaün mic@digikod.net 2023-06-12T19:14:29+00:00 urn:sha1:04f9070e99a4c5d60f05436f63e470c19b579e24 Add generic and read-only tests for 6 pseudo filesystems to make sure they have a consistent inode management, which is required for Landlock's file hierarchy identification: - tmpfs - ramfs - cgroup2 - proc - sysfs Update related kernel configuration to support these new filesystems, remove useless CONFIG_SECURITY_PATH, and sort all entries. If these filesystems are not supported by the kernel running tests, the related tests are skipped. Expanding variants, this adds 25 new tests for layout3_fs: - tag_inode_dir_parent - tag_inode_dir_mnt - tag_inode_dir_child - tag_inode_dir_file - release_inodes Test coverage for security/landlock with kernel debug code: - 94.7% of 835 lines according to gcc/gcov-12 - 93.0% of 852 lines according to gcc/gcov-13 Test coverage for security/landlock without kernel debug code: - 95.5% of 624 lines according to gcc/gcov-12 - 93.1% of 641 lines according to gcc/gcov-13 Link: https://lore.kernel.org/r/20230612191430.339153-6-mic@digikod.net Signed-off-by: Mickaël Salaün <mic@digikod.net> 2023-06-12T19:26:22+00:00 Mickaël Salaün mic@digikod.net 2023-06-12T19:14:28+00:00 urn:sha1:55ab3fbe8333148e9c21477ffdc4edbe1f568f55 Add a new struct mnt_opt to define a mount point with the mount_opt() helper. This doesn't change tests but prepare for the next commit. Link: https://lore.kernel.org/r/20230612191430.339153-5-mic@digikod.net Signed-off-by: Mickaël Salaün <mic@digikod.net> 2023-06-12T19:26:21+00:00 Mickaël Salaün mic@digikod.net 2023-06-12T19:14:27+00:00 urn:sha1:3de64b656b3c827d7d194558b0ae3a09400b116d Replace supports_overlayfs() with supports_filesystem() to be able to check several filesystems. This will be useful in a following commit. Only check for overlay filesystem once in the setup step, and then rely on self->skip_test. Cc: Guenter Roeck <groeck@chromium.org> Cc: Jeff Xu <jeffxu@google.com> Link: https://lore.kernel.org/r/20230612191430.339153-4-mic@digikod.net Signed-off-by: Mickaël Salaün <mic@digikod.net> 2023-06-12T19:26:21+00:00 Mickaël Salaün mic@digikod.net 2023-06-12T19:14:26+00:00 urn:sha1:592efeb4a07ee46204c0f87001455c28f4743dea Add and use a layout0 test fixture to not populate the tmpfs filesystem if it is not required for tests: unknown_access_rights, proc_nsfs, unpriv and max_layers. This doesn't change these tests but it speeds up their setup and makes them less prone to error. This prepare the ground for a next commit. Link: https://lore.kernel.org/r/20230612191430.339153-3-mic@digikod.net Signed-off-by: Mickaël Salaün <mic@digikod.net>