<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/security, branch v6.8-rc5</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>Merge tag 'lsm-pr-20240215' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm</title>
<updated>2024-02-16T15:58:43+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2024-02-16T15:58:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=b8ef920168141b09927ca840b767fda0f227080a'/>
<id>b8ef920168141b09927ca840b767fda0f227080a</id>
<content type='text'>
Pull lsm fix from Paul Moore:
 "One small LSM patch to fix a potential integer overflow in the newly
  added lsm_set_self_attr() syscall"

* tag 'lsm-pr-20240215' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm:
  lsm: fix integer overflow in lsm_set_self_attr() syscall
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull lsm fix from Paul Moore:
 "One small LSM patch to fix a potential integer overflow in the newly
  added lsm_set_self_attr() syscall"

* tag 'lsm-pr-20240215' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm:
  lsm: fix integer overflow in lsm_set_self_attr() syscall
</pre>
</div>
</content>
</entry>
<entry>
<title>lsm: fix integer overflow in lsm_set_self_attr() syscall</title>
<updated>2024-02-14T18:53:15+00:00</updated>
<author>
<name>Jann Horn</name>
<email>jannh@google.com</email>
</author>
<published>2024-02-14T16:05:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=d8bdd795d383a23e38ac48a40d3d223caf47b290'/>
<id>d8bdd795d383a23e38ac48a40d3d223caf47b290</id>
<content type='text'>
security_setselfattr() has an integer overflow bug that leads to
out-of-bounds access when userspace provides bogus input:
`lctx-&gt;ctx_len + sizeof(*lctx)` is checked against `lctx-&gt;len` (and,
redundantly, also against `size`), but there are no checks on
`lctx-&gt;ctx_len`.
Therefore, userspace can provide an `lsm_ctx` with `-&gt;ctx_len` set to a
value between `-sizeof(struct lsm_ctx)` and -1, and this bogus `-&gt;ctx_len`
will then be passed to an LSM module as a buffer length, causing LSM
modules to perform out-of-bounds accesses.

The following reproducer will demonstrate this under ASAN (if AppArmor is
loaded as an LSM):

```

struct lsm_ctx {
  uint64_t id;
  uint64_t flags;
  uint64_t len;
  uint64_t ctx_len;
  char ctx[];
};

int main(void) {
  size_t size = sizeof(struct lsm_ctx);
  struct lsm_ctx *ctx = malloc(size);
  ctx-&gt;id = 104/*LSM_ID_APPARMOR*/;
  ctx-&gt;flags = 0;
  ctx-&gt;len = size;
  ctx-&gt;ctx_len = -sizeof(struct lsm_ctx);
  syscall(
    460/*__NR_lsm_set_self_attr*/,
    /*attr=*/  100/*LSM_ATTR_CURRENT*/,
    /*ctx=*/   ctx,
    /*size=*/  size,
    /*flags=*/ 0
  );
}
```

Fixes: a04a1198088a ("LSM: syscalls for current process attributes")
Signed-off-by: Jann Horn &lt;jannh@google.com&gt;
Acked-by: Casey Schaufler &lt;casey@schaufler-ca.com&gt;
[PM: subj tweak, removed ref to ASAN splat that isn't included]
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
security_setselfattr() has an integer overflow bug that leads to
out-of-bounds access when userspace provides bogus input:
`lctx-&gt;ctx_len + sizeof(*lctx)` is checked against `lctx-&gt;len` (and,
redundantly, also against `size`), but there are no checks on
`lctx-&gt;ctx_len`.
Therefore, userspace can provide an `lsm_ctx` with `-&gt;ctx_len` set to a
value between `-sizeof(struct lsm_ctx)` and -1, and this bogus `-&gt;ctx_len`
will then be passed to an LSM module as a buffer length, causing LSM
modules to perform out-of-bounds accesses.

The following reproducer will demonstrate this under ASAN (if AppArmor is
loaded as an LSM):

```

struct lsm_ctx {
  uint64_t id;
  uint64_t flags;
  uint64_t len;
  uint64_t ctx_len;
  char ctx[];
};

int main(void) {
  size_t size = sizeof(struct lsm_ctx);
  struct lsm_ctx *ctx = malloc(size);
  ctx-&gt;id = 104/*LSM_ID_APPARMOR*/;
  ctx-&gt;flags = 0;
  ctx-&gt;len = size;
  ctx-&gt;ctx_len = -sizeof(struct lsm_ctx);
  syscall(
    460/*__NR_lsm_set_self_attr*/,
    /*attr=*/  100/*LSM_ATTR_CURRENT*/,
    /*ctx=*/   ctx,
    /*size=*/  size,
    /*flags=*/ 0
  );
}
```

Fixes: a04a1198088a ("LSM: syscalls for current process attributes")
Signed-off-by: Jann Horn &lt;jannh@google.com&gt;
Acked-by: Casey Schaufler &lt;casey@schaufler-ca.com&gt;
[PM: subj tweak, removed ref to ASAN splat that isn't included]
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'lsm-pr-20240131' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm</title>
<updated>2024-02-01T18:00:28+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2024-02-01T18:00:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=6d805afaf02e64e83a687182dd1214a703d4cf0f'/>
<id>6d805afaf02e64e83a687182dd1214a703d4cf0f</id>
<content type='text'>
Pull lsm fixes from Paul Moore:
 "Two small patches to fix some problems relating to LSM hook return
  values and how the individual LSMs interact"

* tag 'lsm-pr-20240131' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm:
  lsm: fix default return value of the socket_getpeersec_*() hooks
  lsm: fix the logic in security_inode_getsecctx()
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull lsm fixes from Paul Moore:
 "Two small patches to fix some problems relating to LSM hook return
  values and how the individual LSMs interact"

* tag 'lsm-pr-20240131' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm:
  lsm: fix default return value of the socket_getpeersec_*() hooks
  lsm: fix the logic in security_inode_getsecctx()
</pre>
</div>
</content>
</entry>
<entry>
<title>lsm: fix default return value of the socket_getpeersec_*() hooks</title>
<updated>2024-01-30T22:01:54+00:00</updated>
<author>
<name>Ondrej Mosnacek</name>
<email>omosnace@redhat.com</email>
</author>
<published>2024-01-26T18:45:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=5a287d3d2b9de2b3e747132c615599907ba5c3c1'/>
<id>5a287d3d2b9de2b3e747132c615599907ba5c3c1</id>
<content type='text'>
For these hooks the true "neutral" value is -EOPNOTSUPP, which is
currently what is returned when no LSM provides this hook and what LSMs
return when there is no security context set on the socket. Correct the
value in &lt;linux/lsm_hooks.h&gt; and adjust the dispatch functions in
security/security.c to avoid issues when the BPF LSM is enabled.

Cc: stable@vger.kernel.org
Fixes: 98e828a0650f ("security: Refactor declaration of LSM hooks")
Signed-off-by: Ondrej Mosnacek &lt;omosnace@redhat.com&gt;
[PM: subject line tweak]
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
For these hooks the true "neutral" value is -EOPNOTSUPP, which is
currently what is returned when no LSM provides this hook and what LSMs
return when there is no security context set on the socket. Correct the
value in &lt;linux/lsm_hooks.h&gt; and adjust the dispatch functions in
security/security.c to avoid issues when the BPF LSM is enabled.

Cc: stable@vger.kernel.org
Fixes: 98e828a0650f ("security: Refactor declaration of LSM hooks")
Signed-off-by: Ondrej Mosnacek &lt;omosnace@redhat.com&gt;
[PM: subject line tweak]
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>lsm: fix the logic in security_inode_getsecctx()</title>
<updated>2024-01-26T22:19:00+00:00</updated>
<author>
<name>Ondrej Mosnacek</name>
<email>omosnace@redhat.com</email>
</author>
<published>2024-01-26T10:44:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=99b817c173cd213671daecd25ca27f56b0c7c4ec'/>
<id>99b817c173cd213671daecd25ca27f56b0c7c4ec</id>
<content type='text'>
The inode_getsecctx LSM hook has previously been corrected to have
-EOPNOTSUPP instead of 0 as the default return value to fix BPF LSM
behavior. However, the call_int_hook()-generated loop in
security_inode_getsecctx() was left treating 0 as the neutral value, so
after an LSM returns 0, the loop continues to try other LSMs, and if one
of them returns a non-zero value, the function immediately returns with
said value. So in a situation where SELinux and the BPF LSMs registered
this hook, -EOPNOTSUPP would be incorrectly returned whenever SELinux
returned 0.

Fix this by open-coding the call_int_hook() loop and making it use the
correct LSM_RET_DEFAULT() value as the neutral one, similar to what
other hooks do.

Cc: stable@vger.kernel.org
Reported-by: Stephen Smalley &lt;stephen.smalley.work@gmail.com&gt;
Link: https://lore.kernel.org/selinux/CAEjxPJ4ev-pasUwGx48fDhnmjBnq_Wh90jYPwRQRAqXxmOKD4Q@mail.gmail.com/
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2257983
Fixes: b36995b8609a ("lsm: fix default return value for inode_getsecctx")
Signed-off-by: Ondrej Mosnacek &lt;omosnace@redhat.com&gt;
Reviewed-by: Casey Schaufler &lt;casey@schaufler-ca.com&gt;
[PM: subject line tweak]
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The inode_getsecctx LSM hook has previously been corrected to have
-EOPNOTSUPP instead of 0 as the default return value to fix BPF LSM
behavior. However, the call_int_hook()-generated loop in
security_inode_getsecctx() was left treating 0 as the neutral value, so
after an LSM returns 0, the loop continues to try other LSMs, and if one
of them returns a non-zero value, the function immediately returns with
said value. So in a situation where SELinux and the BPF LSMs registered
this hook, -EOPNOTSUPP would be incorrectly returned whenever SELinux
returned 0.

Fix this by open-coding the call_int_hook() loop and making it use the
correct LSM_RET_DEFAULT() value as the neutral one, similar to what
other hooks do.

Cc: stable@vger.kernel.org
Reported-by: Stephen Smalley &lt;stephen.smalley.work@gmail.com&gt;
Link: https://lore.kernel.org/selinux/CAEjxPJ4ev-pasUwGx48fDhnmjBnq_Wh90jYPwRQRAqXxmOKD4Q@mail.gmail.com/
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2257983
Fixes: b36995b8609a ("lsm: fix default return value for inode_getsecctx")
Signed-off-by: Ondrej Mosnacek &lt;omosnace@redhat.com&gt;
Reviewed-by: Casey Schaufler &lt;casey@schaufler-ca.com&gt;
[PM: subject line tweak]
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'integrity-v6.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity</title>
<updated>2024-01-25T00:51:59+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2024-01-25T00:51:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=f22face166ef6327fe5b2cab61d2a78578b94534'/>
<id>f22face166ef6327fe5b2cab61d2a78578b94534</id>
<content type='text'>
Pull integrity fix from Mimi Zohar:
 "Revert patch that required user-provided key data, since keys can be
  created from kernel-generated random numbers"

* tag 'integrity-v6.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
  Revert "KEYS: encrypted: Add check for strsep"
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull integrity fix from Mimi Zohar:
 "Revert patch that required user-provided key data, since keys can be
  created from kernel-generated random numbers"

* tag 'integrity-v6.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
  Revert "KEYS: encrypted: Add check for strsep"
</pre>
</div>
</content>
</entry>
<entry>
<title>Revert "KEYS: encrypted: Add check for strsep"</title>
<updated>2024-01-24T21:11:59+00:00</updated>
<author>
<name>Mimi Zohar</name>
<email>zohar@linux.ibm.com</email>
</author>
<published>2024-01-24T19:21:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=1ed4b563100230ea68821a2b25a3d9f25388a3e6'/>
<id>1ed4b563100230ea68821a2b25a3d9f25388a3e6</id>
<content type='text'>
This reverts commit b4af096b5df5dd131ab796c79cedc7069d8f4882.

New encrypted keys are created either from kernel-generated random
numbers or user-provided decrypted data.  Revert the change requiring
user-provided decrypted data.

Reported-by: Vishal Verma &lt;vishal.l.verma@intel.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This reverts commit b4af096b5df5dd131ab796c79cedc7069d8f4882.

New encrypted keys are created either from kernel-generated random
numbers or user-provided decrypted data.  Revert the change requiring
user-provided decrypted data.

Reported-by: Vishal Verma &lt;vishal.l.verma@intel.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>exec: Check __FMODE_EXEC instead of in_execve for LSMs</title>
<updated>2024-01-24T19:38:58+00:00</updated>
<author>
<name>Kees Cook</name>
<email>keescook@chromium.org</email>
</author>
<published>2024-01-24T19:22:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=4759ff71f23e1a9cba001009abab68cde6dc327a'/>
<id>4759ff71f23e1a9cba001009abab68cde6dc327a</id>
<content type='text'>
After commit 978ffcbf00d8 ("execve: open the executable file before
doing anything else"), current-&gt;in_execve was no longer in sync with the
open(). This broke AppArmor and TOMOYO which depend on this flag to
distinguish "open" operations from being "exec" operations.

Instead of moving around in_execve, switch to using __FMODE_EXEC, which
is where the "is this an exec?" intent is stored. Note that TOMOYO still
uses in_execve around cred handling.

Reported-by: Kevin Locke &lt;kevin@kevinlocke.name&gt;
Closes: https://lore.kernel.org/all/ZbE4qn9_h14OqADK@kevinlocke.name
Suggested-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Fixes: 978ffcbf00d8 ("execve: open the executable file before doing anything else")
Cc: Josh Triplett &lt;josh@joshtriplett.org&gt;
Cc: John Johansen &lt;john.johansen@canonical.com&gt;
Cc: Paul Moore &lt;paul@paul-moore.com&gt;
Cc: James Morris &lt;jmorris@namei.org&gt;
Cc: Serge E. Hallyn &lt;serge@hallyn.com&gt;
Cc: Kentaro Takeda &lt;takedakn@nttdata.co.jp&gt;
Cc: Tetsuo Handa &lt;penguin-kernel@I-love.SAKURA.ne.jp&gt;
Cc: Alexander Viro &lt;viro@zeniv.linux.org.uk&gt;
Cc: Christian Brauner &lt;brauner@kernel.org&gt;
Cc: Jan Kara &lt;jack@suse.cz&gt;
Cc: Eric Biederman &lt;ebiederm@xmission.com&gt;
Cc: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Cc: Sebastian Andrzej Siewior &lt;bigeasy@linutronix.de&gt;
Cc:  &lt;linux-fsdevel@vger.kernel.org&gt;
Cc:  &lt;linux-mm@kvack.org&gt;
Cc:  &lt;apparmor@lists.ubuntu.com&gt;
Cc:  &lt;linux-security-module@vger.kernel.org&gt;
Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
After commit 978ffcbf00d8 ("execve: open the executable file before
doing anything else"), current-&gt;in_execve was no longer in sync with the
open(). This broke AppArmor and TOMOYO which depend on this flag to
distinguish "open" operations from being "exec" operations.

Instead of moving around in_execve, switch to using __FMODE_EXEC, which
is where the "is this an exec?" intent is stored. Note that TOMOYO still
uses in_execve around cred handling.

Reported-by: Kevin Locke &lt;kevin@kevinlocke.name&gt;
Closes: https://lore.kernel.org/all/ZbE4qn9_h14OqADK@kevinlocke.name
Suggested-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Fixes: 978ffcbf00d8 ("execve: open the executable file before doing anything else")
Cc: Josh Triplett &lt;josh@joshtriplett.org&gt;
Cc: John Johansen &lt;john.johansen@canonical.com&gt;
Cc: Paul Moore &lt;paul@paul-moore.com&gt;
Cc: James Morris &lt;jmorris@namei.org&gt;
Cc: Serge E. Hallyn &lt;serge@hallyn.com&gt;
Cc: Kentaro Takeda &lt;takedakn@nttdata.co.jp&gt;
Cc: Tetsuo Handa &lt;penguin-kernel@I-love.SAKURA.ne.jp&gt;
Cc: Alexander Viro &lt;viro@zeniv.linux.org.uk&gt;
Cc: Christian Brauner &lt;brauner@kernel.org&gt;
Cc: Jan Kara &lt;jack@suse.cz&gt;
Cc: Eric Biederman &lt;ebiederm@xmission.com&gt;
Cc: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Cc: Sebastian Andrzej Siewior &lt;bigeasy@linutronix.de&gt;
Cc:  &lt;linux-fsdevel@vger.kernel.org&gt;
Cc:  &lt;linux-mm@kvack.org&gt;
Cc:  &lt;apparmor@lists.ubuntu.com&gt;
Cc:  &lt;linux-security-module@vger.kernel.org&gt;
Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'apparmor-pr-2024-01-18' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor</title>
<updated>2024-01-19T18:53:55+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2024-01-19T18:53:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=237c31cb5d83b3f77715f6d6a185f46a5ee4ec88'/>
<id>237c31cb5d83b3f77715f6d6a185f46a5ee4ec88</id>
<content type='text'>
Pull AppArmor updates from John Johansen:
 "This adds a single feature, switch the hash used to check policy from
  sha1 to sha256

  There are fixes for two memory leaks, and refcount bug and a potential
  crash when a profile name is empty. Along with a couple minor code
  cleanups.

  Summary:

  Features
   - switch policy hash from sha1 to sha256

  Bug Fixes
   - Fix refcount leak in task_kill
   - Fix leak of pdb objects and trans_table
   - avoid crash when parse profie name is empty

  Cleanups
   - add static to stack_msg and nulldfa
   - more kernel-doc cleanups"

* tag 'apparmor-pr-2024-01-18' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor:
  apparmor: Fix memory leak in unpack_profile()
  apparmor: avoid crash when parsed profile name is empty
  apparmor: fix possible memory leak in unpack_trans_table
  apparmor: free the allocated pdb objects
  apparmor: Fix ref count leak in task_kill
  apparmor: cleanup network hook comments
  apparmor: add missing params to aa_may_ptrace kernel-doc comments
  apparmor: declare nulldfa as static
  apparmor: declare stack_msg as static
  apparmor: switch SECURITY_APPARMOR_HASH from sha1 to sha256
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull AppArmor updates from John Johansen:
 "This adds a single feature, switch the hash used to check policy from
  sha1 to sha256

  There are fixes for two memory leaks, and refcount bug and a potential
  crash when a profile name is empty. Along with a couple minor code
  cleanups.

  Summary:

  Features
   - switch policy hash from sha1 to sha256

  Bug Fixes
   - Fix refcount leak in task_kill
   - Fix leak of pdb objects and trans_table
   - avoid crash when parse profie name is empty

  Cleanups
   - add static to stack_msg and nulldfa
   - more kernel-doc cleanups"

* tag 'apparmor-pr-2024-01-18' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor:
  apparmor: Fix memory leak in unpack_profile()
  apparmor: avoid crash when parsed profile name is empty
  apparmor: fix possible memory leak in unpack_trans_table
  apparmor: free the allocated pdb objects
  apparmor: Fix ref count leak in task_kill
  apparmor: cleanup network hook comments
  apparmor: add missing params to aa_may_ptrace kernel-doc comments
  apparmor: declare nulldfa as static
  apparmor: declare stack_msg as static
  apparmor: switch SECURITY_APPARMOR_HASH from sha1 to sha256
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'pull-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs</title>
<updated>2024-01-12T04:23:50+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2024-01-12T04:23:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=488926926a1653adfda3f662355907c896524487'/>
<id>488926926a1653adfda3f662355907c896524487</id>
<content type='text'>
Pull misc filesystem updates from Al Viro:
 "Misc cleanups (the part that hadn't been picked by individual fs
  trees)"

* tag 'pull-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  apparmorfs: don't duplicate kfree_link()
  orangefs: saner arguments passing in readdir guts
  ocfs2_find_match(): there's no such thing as NULL or negative -&gt;d_parent
  reiserfs_add_entry(): get rid of pointless namelen checks
  __ocfs2_add_entry(), ocfs2_prepare_dir_for_insert(): namelen checks
  ext4_add_entry(): -&gt;d_name.len is never 0
  befs: d_obtain_alias(ERR_PTR(...)) will do the right thing
  affs: d_obtain_alias(ERR_PTR(...)) will do the right thing
  /proc/sys: use d_splice_alias() calling conventions to simplify failure exits
  hostfs: use d_splice_alias() calling conventions to simplify failure exits
  udf_fiiter_add_entry(): check for zero -&gt;d_name.len is bogus...
  udf: d_obtain_alias(ERR_PTR(...)) will do the right thing...
  udf: d_splice_alias() will do the right thing on ERR_PTR() inode
  nfsd: kill stale comment about simple_fill_super() requirements
  bfs_add_entry(): get rid of pointless -&gt;d_name.len checks
  nilfs2: d_obtain_alias(ERR_PTR(...)) will do the right thing...
  zonefs: d_splice_alias() will do the right thing on ERR_PTR() inode
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull misc filesystem updates from Al Viro:
 "Misc cleanups (the part that hadn't been picked by individual fs
  trees)"

* tag 'pull-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  apparmorfs: don't duplicate kfree_link()
  orangefs: saner arguments passing in readdir guts
  ocfs2_find_match(): there's no such thing as NULL or negative -&gt;d_parent
  reiserfs_add_entry(): get rid of pointless namelen checks
  __ocfs2_add_entry(), ocfs2_prepare_dir_for_insert(): namelen checks
  ext4_add_entry(): -&gt;d_name.len is never 0
  befs: d_obtain_alias(ERR_PTR(...)) will do the right thing
  affs: d_obtain_alias(ERR_PTR(...)) will do the right thing
  /proc/sys: use d_splice_alias() calling conventions to simplify failure exits
  hostfs: use d_splice_alias() calling conventions to simplify failure exits
  udf_fiiter_add_entry(): check for zero -&gt;d_name.len is bogus...
  udf: d_obtain_alias(ERR_PTR(...)) will do the right thing...
  udf: d_splice_alias() will do the right thing on ERR_PTR() inode
  nfsd: kill stale comment about simple_fill_super() requirements
  bfs_add_entry(): get rid of pointless -&gt;d_name.len checks
  nilfs2: d_obtain_alias(ERR_PTR(...)) will do the right thing...
  zonefs: d_splice_alias() will do the right thing on ERR_PTR() inode
</pre>
</div>
</content>
</entry>
</feed>
