From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev,
Georgia Garcia <georgia.garcia@canonical.com>,
John Johansen <john.johansen@canonical.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.6 401/530] apparmor: pass cred through to audit info.
Date: Fri, 24 Nov 2023 17:49:27 +0000 [thread overview]
Message-ID: <20231124172040.234942754@linuxfoundation.org> (raw)
In-Reply-To: <20231124172028.107505484@linuxfoundation.org>
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: John Johansen <john.johansen@canonical.com>
[ Upstream commit 90c436a64a6e20482a9a613c47eb4af2e8a5328e ]
The cred is needed to properly audit some messages, and will be needed
in the future for uid conditional mediation. So pass it through to
where the apparmor_audit_data struct gets defined.
Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Stable-dep-of: 157a3537d6bc ("apparmor: Fix regression in mount mediation")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/apparmor/apparmorfs.c | 11 ++-
security/apparmor/capability.c | 5 +-
security/apparmor/domain.c | 97 +++++++++++-------
security/apparmor/file.c | 131 +++++++++++++++++--------
security/apparmor/include/audit.h | 1 +
security/apparmor/include/capability.h | 3 +-
security/apparmor/include/file.h | 17 ++--
security/apparmor/include/ipc.h | 4 +-
security/apparmor/include/mount.h | 21 ++--
security/apparmor/include/net.h | 6 +-
security/apparmor/include/policy.h | 9 +-
security/apparmor/include/resource.h | 3 +-
security/apparmor/include/task.h | 3 +-
security/apparmor/ipc.c | 14 ++-
security/apparmor/lsm.c | 85 +++++++++-------
security/apparmor/mount.c | 85 ++++++++++------
security/apparmor/net.c | 17 ++--
security/apparmor/policy.c | 33 ++++---
security/apparmor/resource.c | 23 +++--
security/apparmor/task.c | 31 +++---
20 files changed, 388 insertions(+), 211 deletions(-)
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index bd6a910f65282..261cef4c622fb 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -423,7 +423,7 @@ static ssize_t policy_update(u32 mask, const char __user *buf, size_t size,
/* high level check about policy management - fine grained in
* below after unpack
*/
- error = aa_may_manage_policy(label, ns, mask);
+ error = aa_may_manage_policy(current_cred(), label, ns, mask);
if (error)
goto end_section;
@@ -486,7 +486,8 @@ static ssize_t profile_remove(struct file *f, const char __user *buf,
/* high level check about policy management - fine grained in
* below after unpack
*/
- error = aa_may_manage_policy(label, ns, AA_MAY_REMOVE_POLICY);
+ error = aa_may_manage_policy(current_cred(), label, ns,
+ AA_MAY_REMOVE_POLICY);
if (error)
goto out;
@@ -1805,7 +1806,8 @@ static int ns_mkdir_op(struct mnt_idmap *idmap, struct inode *dir,
int error;
label = begin_current_label_crit_section();
- error = aa_may_manage_policy(label, NULL, AA_MAY_LOAD_POLICY);
+ error = aa_may_manage_policy(current_cred(), label, NULL,
+ AA_MAY_LOAD_POLICY);
end_current_label_crit_section(label);
if (error)
return error;
@@ -1854,7 +1856,8 @@ static int ns_rmdir_op(struct inode *dir, struct dentry *dentry)
int error;
label = begin_current_label_crit_section();
- error = aa_may_manage_policy(label, NULL, AA_MAY_LOAD_POLICY);
+ error = aa_may_manage_policy(current_cred(), label, NULL,
+ AA_MAY_LOAD_POLICY);
end_current_label_crit_section(label);
if (error)
return error;
diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c
index 58490cca035da..2fb6a2ea0b998 100644
--- a/security/apparmor/capability.c
+++ b/security/apparmor/capability.c
@@ -140,6 +140,7 @@ static int profile_capable(struct aa_profile *profile, int cap,
/**
* aa_capable - test permission to use capability
+ * @subj_cread: cred we are testing capability against
* @label: label being tested for capability (NOT NULL)
* @cap: capability to be tested
* @opts: CAP_OPT_NOAUDIT bit determines whether audit record is generated
@@ -148,12 +149,14 @@ static int profile_capable(struct aa_profile *profile, int cap,
*
* Returns: 0 on success, or else an error code.
*/
-int aa_capable(struct aa_label *label, int cap, unsigned int opts)
+int aa_capable(const struct cred *subj_cred, struct aa_label *label,
+ int cap, unsigned int opts)
{
struct aa_profile *profile;
int error = 0;
DEFINE_AUDIT_DATA(ad, LSM_AUDIT_DATA_CAP, AA_CLASS_CAP, OP_CAPABLE);
+ ad.subj_cred = subj_cred;
ad.common.u.cap = cap;
error = fn_for_each_confined(label, profile,
profile_capable(profile, cap, opts, &ad));
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index f3715cda59c52..543105cf7e334 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -31,6 +31,7 @@
/**
* may_change_ptraced_domain - check if can change profile on ptraced task
+ * @cred: cred of task changing domain
* @to_label: profile to change to (NOT NULL)
* @info: message if there is an error
*
@@ -39,28 +40,34 @@
*
* Returns: %0 or error if change not allowed
*/
-static int may_change_ptraced_domain(struct aa_label *to_label,
+static int may_change_ptraced_domain(const struct cred *to_cred,
+ struct aa_label *to_label,
const char **info)
{
struct task_struct *tracer;
struct aa_label *tracerl = NULL;
+ const struct cred *tracer_cred = NULL;
+
int error = 0;
rcu_read_lock();
tracer = ptrace_parent(current);
- if (tracer)
+ if (tracer) {
/* released below */
tracerl = aa_get_task_label(tracer);
-
+ tracer_cred = get_task_cred(tracer);
+ }
/* not ptraced */
if (!tracer || unconfined(tracerl))
goto out;
- error = aa_may_ptrace(tracerl, to_label, PTRACE_MODE_ATTACH);
+ error = aa_may_ptrace(tracer_cred, tracerl, to_cred, to_label,
+ PTRACE_MODE_ATTACH);
out:
rcu_read_unlock();
aa_put_label(tracerl);
+ put_cred(tracer_cred);
if (error)
*info = "ptrace prevents transition";
@@ -619,7 +626,8 @@ static struct aa_label *x_to_label(struct aa_profile *profile,
return new;
}
-static struct aa_label *profile_transition(struct aa_profile *profile,
+static struct aa_label *profile_transition(const struct cred *subj_cred,
+ struct aa_profile *profile,
const struct linux_binprm *bprm,
char *buffer, struct path_cond *cond,
bool *secure_exec)
@@ -709,7 +717,8 @@ static struct aa_label *profile_transition(struct aa_profile *profile,
}
audit:
- aa_audit_file(profile, &perms, OP_EXEC, MAY_EXEC, name, target, new,
+ aa_audit_file(subj_cred, profile, &perms, OP_EXEC, MAY_EXEC, name,
+ target, new,
cond->uid, info, error);
if (!new || nonewprivs) {
aa_put_label(new);
@@ -719,7 +728,8 @@ static struct aa_label *profile_transition(struct aa_profile *profile,
return new;
}
-static int profile_onexec(struct aa_profile *profile, struct aa_label *onexec,
+static int profile_onexec(const struct cred *subj_cred,
+ struct aa_profile *profile, struct aa_label *onexec,
bool stack, const struct linux_binprm *bprm,
char *buffer, struct path_cond *cond,
bool *secure_exec)
@@ -787,13 +797,15 @@ static int profile_onexec(struct aa_profile *profile, struct aa_label *onexec,
}
audit:
- return aa_audit_file(profile, &perms, OP_EXEC, AA_MAY_ONEXEC, xname,
+ return aa_audit_file(subj_cred, profile, &perms, OP_EXEC,
+ AA_MAY_ONEXEC, xname,
NULL, onexec, cond->uid, info, error);
}
/* ensure none ns domain transitions are correctly applied with onexec */
-static struct aa_label *handle_onexec(struct aa_label *label,
+static struct aa_label *handle_onexec(const struct cred *subj_cred,
+ struct aa_label *label,
struct aa_label *onexec, bool stack,
const struct linux_binprm *bprm,
char *buffer, struct path_cond *cond,
@@ -810,26 +822,28 @@ static struct aa_label *handle_onexec(struct aa_label *label,
if (!stack) {
error = fn_for_each_in_ns(label, profile,
- profile_onexec(profile, onexec, stack,
+ profile_onexec(subj_cred, profile, onexec, stack,
bprm, buffer, cond, unsafe));
if (error)
return ERR_PTR(error);
new = fn_label_build_in_ns(label, profile, GFP_KERNEL,
aa_get_newest_label(onexec),
- profile_transition(profile, bprm, buffer,
+ profile_transition(subj_cred, profile, bprm,
+ buffer,
cond, unsafe));
} else {
/* TODO: determine how much we want to loosen this */
error = fn_for_each_in_ns(label, profile,
- profile_onexec(profile, onexec, stack, bprm,
+ profile_onexec(subj_cred, profile, onexec, stack, bprm,
buffer, cond, unsafe));
if (error)
return ERR_PTR(error);
new = fn_label_build_in_ns(label, profile, GFP_KERNEL,
aa_label_merge(&profile->label, onexec,
GFP_KERNEL),
- profile_transition(profile, bprm, buffer,
+ profile_transition(subj_cred, profile, bprm,
+ buffer,
cond, unsafe));
}
@@ -838,7 +852,8 @@ static struct aa_label *handle_onexec(struct aa_label *label,
/* TODO: get rid of GLOBAL_ROOT_UID */
error = fn_for_each_in_ns(label, profile,
- aa_audit_file(profile, &nullperms, OP_CHANGE_ONEXEC,
+ aa_audit_file(subj_cred, profile, &nullperms,
+ OP_CHANGE_ONEXEC,
AA_MAY_ONEXEC, bprm->filename, NULL,
onexec, GLOBAL_ROOT_UID,
"failed to build target label", -ENOMEM));
@@ -857,6 +872,7 @@ int apparmor_bprm_creds_for_exec(struct linux_binprm *bprm)
{
struct aa_task_ctx *ctx;
struct aa_label *label, *new = NULL;
+ const struct cred *subj_cred;
struct aa_profile *profile;
char *buffer = NULL;
const char *info = NULL;
@@ -869,6 +885,7 @@ int apparmor_bprm_creds_for_exec(struct linux_binprm *bprm)
file_inode(bprm->file)->i_mode
};
+ subj_cred = current_cred();
ctx = task_ctx(current);
AA_BUG(!cred_label(bprm->cred));
AA_BUG(!ctx);
@@ -895,11 +912,12 @@ int apparmor_bprm_creds_for_exec(struct linux_binprm *bprm)
/* Test for onexec first as onexec override other x transitions. */
if (ctx->onexec)
- new = handle_onexec(label, ctx->onexec, ctx->token,
+ new = handle_onexec(subj_cred, label, ctx->onexec, ctx->token,
bprm, buffer, &cond, &unsafe);
else
new = fn_label_build(label, profile, GFP_KERNEL,
- profile_transition(profile, bprm, buffer,
+ profile_transition(subj_cred, profile, bprm,
+ buffer,
&cond, &unsafe));
AA_BUG(!new);
@@ -934,7 +952,7 @@ int apparmor_bprm_creds_for_exec(struct linux_binprm *bprm)
if (bprm->unsafe & (LSM_UNSAFE_PTRACE)) {
/* TODO: test needs to be profile of label to new */
- error = may_change_ptraced_domain(new, &info);
+ error = may_change_ptraced_domain(bprm->cred, new, &info);
if (error)
goto audit;
}
@@ -971,7 +989,8 @@ int apparmor_bprm_creds_for_exec(struct linux_binprm *bprm)
audit:
error = fn_for_each(label, profile,
- aa_audit_file(profile, &nullperms, OP_EXEC, MAY_EXEC,
+ aa_audit_file(current_cred(), profile, &nullperms,
+ OP_EXEC, MAY_EXEC,
bprm->filename, NULL, new,
vfsuid_into_kuid(vfsuid), info, error));
aa_put_label(new);
@@ -987,7 +1006,8 @@ int apparmor_bprm_creds_for_exec(struct linux_binprm *bprm)
*
* Returns: label for hat transition OR ERR_PTR. Does NOT return NULL
*/
-static struct aa_label *build_change_hat(struct aa_profile *profile,
+static struct aa_label *build_change_hat(const struct cred *subj_cred,
+ struct aa_profile *profile,
const char *name, bool sibling)
{
struct aa_profile *root, *hat = NULL;
@@ -1019,7 +1039,8 @@ static struct aa_label *build_change_hat(struct aa_profile *profile,
aa_put_profile(root);
audit:
- aa_audit_file(profile, &nullperms, OP_CHANGE_HAT, AA_MAY_CHANGEHAT,
+ aa_audit_file(subj_cred, profile, &nullperms, OP_CHANGE_HAT,
+ AA_MAY_CHANGEHAT,
name, hat ? hat->base.hname : NULL,
hat ? &hat->label : NULL, GLOBAL_ROOT_UID, info,
error);
@@ -1035,7 +1056,8 @@ static struct aa_label *build_change_hat(struct aa_profile *profile,
*
* Returns: label for hat transition or ERR_PTR. Does not return NULL
*/
-static struct aa_label *change_hat(struct aa_label *label, const char *hats[],
+static struct aa_label *change_hat(const struct cred *subj_cred,
+ struct aa_label *label, const char *hats[],
int count, int flags)
{
struct aa_profile *profile, *root, *hat = NULL;
@@ -1111,7 +1133,8 @@ static struct aa_label *change_hat(struct aa_label *label, const char *hats[],
*/
/* TODO: get rid of GLOBAL_ROOT_UID */
if (count > 1 || COMPLAIN_MODE(profile)) {
- aa_audit_file(profile, &nullperms, OP_CHANGE_HAT,
+ aa_audit_file(subj_cred, profile, &nullperms,
+ OP_CHANGE_HAT,
AA_MAY_CHANGEHAT, name, NULL, NULL,
GLOBAL_ROOT_UID, info, error);
}
@@ -1120,7 +1143,8 @@ static struct aa_label *change_hat(struct aa_label *label, const char *hats[],
build:
new = fn_label_build_in_ns(label, profile, GFP_KERNEL,
- build_change_hat(profile, name, sibling),
+ build_change_hat(subj_cred, profile, name,
+ sibling),
aa_get_label(&profile->label));
if (!new) {
info = "label build failed";
@@ -1150,7 +1174,7 @@ static struct aa_label *change_hat(struct aa_label *label, const char *hats[],
*/
int aa_change_hat(const char *hats[], int count, u64 token, int flags)
{
- const struct cred *cred;
+ const struct cred *subj_cred;
struct aa_task_ctx *ctx = task_ctx(current);
struct aa_label *label, *previous, *new = NULL, *target = NULL;
struct aa_profile *profile;
@@ -1159,8 +1183,8 @@ int aa_change_hat(const char *hats[], int count, u64 token, int flags)
int error = 0;
/* released below */
- cred = get_current_cred();
- label = aa_get_newest_cred_label(cred);
+ subj_cred = get_current_cred();
+ label = aa_get_newest_cred_label(subj_cred);
previous = aa_get_newest_label(ctx->previous);
/*
@@ -1180,7 +1204,7 @@ int aa_change_hat(const char *hats[], int count, u64 token, int flags)
}
if (count) {
- new = change_hat(label, hats, count, flags);
+ new = change_hat(subj_cred, label, hats, count, flags);
AA_BUG(!new);
if (IS_ERR(new)) {
error = PTR_ERR(new);
@@ -1189,7 +1213,8 @@ int aa_change_hat(const char *hats[], int count, u64 token, int flags)
goto out;
}
- error = may_change_ptraced_domain(new, &info);
+ /* target cred is the same as current except new label */
+ error = may_change_ptraced_domain(subj_cred, new, &info);
if (error)
goto fail;
@@ -1242,7 +1267,7 @@ int aa_change_hat(const char *hats[], int count, u64 token, int flags)
aa_put_label(new);
aa_put_label(previous);
aa_put_label(label);
- put_cred(cred);
+ put_cred(subj_cred);
return error;
@@ -1252,7 +1277,7 @@ int aa_change_hat(const char *hats[], int count, u64 token, int flags)
fail:
fn_for_each_in_ns(label, profile,
- aa_audit_file(profile, &perms, OP_CHANGE_HAT,
+ aa_audit_file(subj_cred, profile, &perms, OP_CHANGE_HAT,
AA_MAY_CHANGEHAT, NULL, NULL, target,
GLOBAL_ROOT_UID, info, error));
@@ -1261,6 +1286,7 @@ int aa_change_hat(const char *hats[], int count, u64 token, int flags)
static int change_profile_perms_wrapper(const char *op, const char *name,
+ const struct cred *subj_cred,
struct aa_profile *profile,
struct aa_label *target, bool stack,
u32 request, struct aa_perms *perms)
@@ -1275,7 +1301,8 @@ static int change_profile_perms_wrapper(const char *op, const char *name,
rules->file.start[AA_CLASS_FILE],
perms);
if (error)
- error = aa_audit_file(profile, perms, op, request, name,
+ error = aa_audit_file(subj_cred, profile, perms, op, request,
+ name,
NULL, target, GLOBAL_ROOT_UID, info,
error);
@@ -1304,6 +1331,7 @@ int aa_change_profile(const char *fqname, int flags)
const char *auditname = fqname; /* retain leading & if stack */
bool stack = flags & AA_CHANGE_STACK;
struct aa_task_ctx *ctx = task_ctx(current);
+ const struct cred *subj_cred = get_current_cred();
int error = 0;
char *op;
u32 request;
@@ -1381,6 +1409,7 @@ int aa_change_profile(const char *fqname, int flags)
*/
error = fn_for_each_in_ns(label, profile,
change_profile_perms_wrapper(op, auditname,
+ subj_cred,
profile, target, stack,
request, &perms));
if (error)
@@ -1391,7 +1420,7 @@ int aa_change_profile(const char *fqname, int flags)
check:
/* check if tracing task is allowed to trace target domain */
- error = may_change_ptraced_domain(target, &info);
+ error = may_change_ptraced_domain(subj_cred, target, &info);
if (error && !fn_for_each_in_ns(label, profile,
COMPLAIN_MODE(profile)))
goto audit;
@@ -1451,7 +1480,8 @@ int aa_change_profile(const char *fqname, int flags)
audit:
error = fn_for_each_in_ns(label, profile,
- aa_audit_file(profile, &perms, op, request, auditname,
+ aa_audit_file(subj_cred,
+ profile, &perms, op, request, auditname,
NULL, new ? new : target,
GLOBAL_ROOT_UID, info, error));
@@ -1459,6 +1489,7 @@ int aa_change_profile(const char *fqname, int flags)
aa_put_label(new);
aa_put_label(target);
aa_put_label(label);
+ put_cred(subj_cred);
return error;
}
diff --git a/security/apparmor/file.c b/security/apparmor/file.c
index 5bfa70a972071..6fd21324a097f 100644
--- a/security/apparmor/file.c
+++ b/security/apparmor/file.c
@@ -45,7 +45,7 @@ static void file_audit_cb(struct audit_buffer *ab, void *va)
{
struct common_audit_data *sa = va;
struct apparmor_audit_data *ad = aad(sa);
- kuid_t fsuid = current_fsuid();
+ kuid_t fsuid = ad->subj_cred ? ad->subj_cred->fsuid : current_fsuid();
char str[10];
if (ad->request & AA_AUDIT_FILE_MASK) {
@@ -77,6 +77,7 @@ static void file_audit_cb(struct audit_buffer *ab, void *va)
/**
* aa_audit_file - handle the auditing of file operations
+ * @subj_cred: cred of the subject
* @profile: the profile being enforced (NOT NULL)
* @perms: the permissions computed for the request (NOT NULL)
* @op: operation being mediated
@@ -90,7 +91,8 @@ static void file_audit_cb(struct audit_buffer *ab, void *va)
*
* Returns: %0 or error on failure
*/
-int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms,
+int aa_audit_file(const struct cred *subj_cred,
+ struct aa_profile *profile, struct aa_perms *perms,
const char *op, u32 request, const char *name,
const char *target, struct aa_label *tlabel,
kuid_t ouid, const char *info, int error)
@@ -98,6 +100,7 @@ int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms,
int type = AUDIT_APPARMOR_AUTO;
DEFINE_AUDIT_DATA(ad, LSM_AUDIT_DATA_TASK, AA_CLASS_FILE, op);
+ ad.subj_cred = subj_cred;
ad.request = request;
ad.name = name;
ad.fs.target = target;
@@ -141,7 +144,21 @@ int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms,
return aa_audit(type, profile, &ad, file_audit_cb);
}
-static int path_name(const char *op, struct aa_label *label,
+/**
+ * is_deleted - test if a file has been completely unlinked
+ * @dentry: dentry of file to test for deletion (NOT NULL)
+ *
+ * Returns: true if deleted else false
+ */
+static inline bool is_deleted(struct dentry *dentry)
+{
+ if (d_unlinked(dentry) && d_backing_inode(dentry)->i_nlink == 0)
+ return true;
+ return false;
+}
+
+static int path_name(const char *op, const struct cred *subj_cred,
+ struct aa_label *label,
const struct path *path, int flags, char *buffer,
const char **name, struct path_cond *cond, u32 request)
{
@@ -153,7 +170,8 @@ static int path_name(const char *op, struct aa_label *label,
labels_profile(label)->disconnected);
if (error) {
fn_for_each_confined(label, profile,
- aa_audit_file(profile, &nullperms, op, request, *name,
+ aa_audit_file(subj_cred,
+ profile, &nullperms, op, request, *name,
NULL, NULL, cond->uid, info, error));
return error;
}
@@ -207,9 +225,9 @@ aa_state_t aa_str_perms(struct aa_policydb *file_rules, aa_state_t start,
return state;
}
-static int __aa_path_perm(const char *op, struct aa_profile *profile,
- const char *name, u32 request,
- struct path_cond *cond, int flags,
+static int __aa_path_perm(const char *op, const struct cred *subj_cred,
+ struct aa_profile *profile, const char *name,
+ u32 request, struct path_cond *cond, int flags,
struct aa_perms *perms)
{
struct aa_ruleset *rules = list_first_entry(&profile->rules,
@@ -222,12 +240,14 @@ static int __aa_path_perm(const char *op, struct aa_profile *profile,
name, cond, perms);
if (request & ~perms->allow)
e = -EACCES;
- return aa_audit_file(profile, perms, op, request, name, NULL, NULL,
+ return aa_audit_file(subj_cred,
+ profile, perms, op, request, name, NULL, NULL,
cond->uid, NULL, e);
}
-static int profile_path_perm(const char *op, struct aa_profile *profile,
+static int profile_path_perm(const char *op, const struct cred *subj_cred,
+ struct aa_profile *profile,
const struct path *path, char *buffer, u32 request,
struct path_cond *cond, int flags,
struct aa_perms *perms)
@@ -238,18 +258,19 @@ static int profile_path_perm(const char *op, struct aa_profile *profile,
if (profile_unconfined(profile))
return 0;
- error = path_name(op, &profile->label, path,
+ error = path_name(op, subj_cred, &profile->label, path,
flags | profile->path_flags, buffer, &name, cond,
request);
if (error)
return error;
- return __aa_path_perm(op, profile, name, request, cond, flags,
- perms);
+ return __aa_path_perm(op, subj_cred, profile, name, request, cond,
+ flags, perms);
}
/**
* aa_path_perm - do permissions check & audit for @path
* @op: operation being checked
+ * @subj_cred: subject cred
* @label: profile being enforced (NOT NULL)
* @path: path to check permissions of (NOT NULL)
* @flags: any additional path flags beyond what the profile specifies
@@ -258,7 +279,8 @@ static int profile_path_perm(const char *op, struct aa_profile *profile,
*
* Returns: %0 else error if access denied or other error
*/
-int aa_path_perm(const char *op, struct aa_label *label,
+int aa_path_perm(const char *op, const struct cred *subj_cred,
+ struct aa_label *label,
const struct path *path, int flags, u32 request,
struct path_cond *cond)
{
@@ -273,8 +295,8 @@ int aa_path_perm(const char *op, struct aa_label *label,
if (!buffer)
return -ENOMEM;
error = fn_for_each_confined(label, profile,
- profile_path_perm(op, profile, path, buffer, request,
- cond, flags, &perms));
+ profile_path_perm(op, subj_cred, profile, path, buffer,
+ request, cond, flags, &perms));
aa_put_buffer(buffer);
@@ -301,7 +323,8 @@ static inline bool xindex_is_subset(u32 link, u32 target)
return true;
}
-static int profile_path_link(struct aa_profile *profile,
+static int profile_path_link(const struct cred *subj_cred,
+ struct aa_profile *profile,
const struct path *link, char *buffer,
const struct path *target, char *buffer2,
struct path_cond *cond)
@@ -315,13 +338,15 @@ static int profile_path_link(struct aa_profile *profile,
aa_state_t state;
int error;
- error = path_name(OP_LINK, &profile->label, link, profile->path_flags,
+ error = path_name(OP_LINK, subj_cred, &profile->label, link,
+ profile->path_flags,
buffer, &lname, cond, AA_MAY_LINK);
if (error)
goto audit;
/* buffer2 freed below, tname is pointer in buffer2 */
- error = path_name(OP_LINK, &profile->label, target, profile->path_flags,
+ error = path_name(OP_LINK, subj_cred, &profile->label, target,
+ profile->path_flags,
buffer2, &tname, cond, AA_MAY_LINK);
if (error)
goto audit;
@@ -381,12 +406,14 @@ static int profile_path_link(struct aa_profile *profile,
error = 0;
audit:
- return aa_audit_file(profile, &lperms, OP_LINK, request, lname, tname,
+ return aa_audit_file(subj_cred,
+ profile, &lperms, OP_LINK, request, lname, tname,
NULL, cond->uid, info, error);
}
/**
* aa_path_link - Handle hard link permission check
+ * @subj_cred: subject cred
* @label: the label being enforced (NOT NULL)
* @old_dentry: the target dentry (NOT NULL)
* @new_dir: directory the new link will be created in (NOT NULL)
@@ -403,7 +430,8 @@ static int profile_path_link(struct aa_profile *profile,
*
* Returns: %0 if allowed else error
*/
-int aa_path_link(struct aa_label *label, struct dentry *old_dentry,
+int aa_path_link(const struct cred *subj_cred,
+ struct aa_label *label, struct dentry *old_dentry,
const struct path *new_dir, struct dentry *new_dentry)
{
struct path link = { .mnt = new_dir->mnt, .dentry = new_dentry };
@@ -424,8 +452,8 @@ int aa_path_link(struct aa_label *label, struct dentry *old_dentry,
goto out;
error = fn_for_each_confined(label, profile,
- profile_path_link(profile, &link, buffer, &target,
- buffer2, &cond));
+ profile_path_link(subj_cred, profile, &link, buffer,
+ &target, buffer2, &cond));
out:
aa_put_buffer(buffer);
aa_put_buffer(buffer2);
@@ -453,7 +481,8 @@ static void update_file_ctx(struct aa_file_ctx *fctx, struct aa_label *label,
spin_unlock(&fctx->lock);
}
-static int __file_path_perm(const char *op, struct aa_label *label,
+static int __file_path_perm(const char *op, const struct cred *subj_cred,
+ struct aa_label *label,
struct aa_label *flabel, struct file *file,
u32 request, u32 denied, bool in_atomic)
{
@@ -480,7 +509,8 @@ static int __file_path_perm(const char *op, struct aa_label *label,
/* check every profile in task label not in current cache */
error = fn_for_each_not_in_set(flabel, label, profile,
- profile_path_perm(op, profile, &file->f_path, buffer,
+ profile_path_perm(op, subj_cred, profile,
+ &file->f_path, buffer,
request, &cond, flags, &perms));
if (denied && !error) {
/*
@@ -493,12 +523,14 @@ static int __file_path_perm(const char *op, struct aa_label *label,
*/
if (label == flabel)
error = fn_for_each(label, profile,
- profile_path_perm(op, profile, &file->f_path,
+ profile_path_perm(op, subj_cred,
+ profile, &file->f_path,
buffer, request, &cond, flags,
&perms));
else
error = fn_for_each_not_in_set(label, flabel, profile,
- profile_path_perm(op, profile, &file->f_path,
+ profile_path_perm(op, subj_cred,
+ profile, &file->f_path,
buffer, request, &cond, flags,
&perms));
}
@@ -510,7 +542,8 @@ static int __file_path_perm(const char *op, struct aa_label *label,
return error;
}
-static int __file_sock_perm(const char *op, struct aa_label *label,
+static int __file_sock_perm(const char *op, const struct cred *subj_cred,
+ struct aa_label *label,
struct aa_label *flabel, struct file *file,
u32 request, u32 denied)
{
@@ -524,11 +557,12 @@ static int __file_sock_perm(const char *op, struct aa_label *label,
return 0;
/* TODO: improve to skip profiles cached in flabel */
- error = aa_sock_file_perm(label, op, request, sock);
+ error = aa_sock_file_perm(subj_cred, label, op, request, sock);
if (denied) {
/* TODO: improve to skip profiles checked above */
/* check every profile in file label to is cached */
- last_error(error, aa_sock_file_perm(flabel, op, request, sock));
+ last_error(error, aa_sock_file_perm(subj_cred, flabel, op,
+ request, sock));
}
if (!error)
update_file_ctx(file_ctx(file), label, request);
@@ -539,6 +573,7 @@ static int __file_sock_perm(const char *op, struct aa_label *label,
/**
* aa_file_perm - do permission revalidation check & audit for @file
* @op: operation being checked
+ * @subj_cred: subject cred
* @label: label being enforced (NOT NULL)
* @file: file to revalidate access permissions on (NOT NULL)
* @request: requested permissions
@@ -546,7 +581,8 @@ static int __file_sock_perm(const char *op, struct aa_label *label,
*
* Returns: %0 if access allowed else error
*/
-int aa_file_perm(const char *op, struct aa_label *label, struct file *file,
+int aa_file_perm(const char *op, const struct cred *subj_cred,
+ struct aa_label *label, struct file *file,
u32 request, bool in_atomic)
{
struct aa_file_ctx *fctx;
@@ -582,19 +618,19 @@ int aa_file_perm(const char *op, struct aa_label *label, struct file *file,
/* TODO: label cross check */
if (file->f_path.mnt && path_mediated_fs(file->f_path.dentry))
- error = __file_path_perm(op, label, flabel, file, request,
- denied, in_atomic);
+ error = __file_path_perm(op, subj_cred, label, flabel, file,
+ request, denied, in_atomic);
else if (S_ISSOCK(file_inode(file)->i_mode))
- error = __file_sock_perm(op, label, flabel, file, request,
- denied);
+ error = __file_sock_perm(op, subj_cred, label, flabel, file,
+ request, denied);
aa_put_label(flabel);
done:
return error;
}
-static void revalidate_tty(struct aa_label *label)
+static void revalidate_tty(const struct cred *subj_cred, struct aa_label *label)
{
struct tty_struct *tty;
int drop_tty = 0;
@@ -612,8 +648,8 @@ static void revalidate_tty(struct aa_label *label)
struct tty_file_private, list);
file = file_priv->file;
- if (aa_file_perm(OP_INHERIT, label, file, MAY_READ | MAY_WRITE,
- IN_ATOMIC))
+ if (aa_file_perm(OP_INHERIT, subj_cred, label, file,
+ MAY_READ | MAY_WRITE, IN_ATOMIC))
drop_tty = 1;
}
spin_unlock(&tty->files_lock);
@@ -623,12 +659,17 @@ static void revalidate_tty(struct aa_label *label)
no_tty();
}
+struct cred_label {
+ const struct cred *cred;
+ struct aa_label *label;
+};
+
static int match_file(const void *p, struct file *file, unsigned int fd)
{
- struct aa_label *label = (struct aa_label *)p;
+ struct cred_label *cl = (struct cred_label *)p;
- if (aa_file_perm(OP_INHERIT, label, file, aa_map_file_to_perms(file),
- IN_ATOMIC))
+ if (aa_file_perm(OP_INHERIT, cl->cred, cl->label, file,
+ aa_map_file_to_perms(file), IN_ATOMIC))
return fd + 1;
return 0;
}
@@ -638,13 +679,17 @@ static int match_file(const void *p, struct file *file, unsigned int fd)
void aa_inherit_files(const struct cred *cred, struct files_struct *files)
{
struct aa_label *label = aa_get_newest_cred_label(cred);
+ struct cred_label cl = {
+ .cred = cred,
+ .label = label,
+ };
struct file *devnull = NULL;
unsigned int n;
- revalidate_tty(label);
+ revalidate_tty(cred, label);
/* Revalidate access to inherited open files. */
- n = iterate_fd(files, 0, match_file, label);
+ n = iterate_fd(files, 0, match_file, &cl);
if (!n) /* none found? */
goto out;
@@ -654,7 +699,7 @@ void aa_inherit_files(const struct cred *cred, struct files_struct *files)
/* replace all the matching ones with this */
do {
replace_fd(n - 1, devnull, 0);
- } while ((n = iterate_fd(files, n, match_file, label)) != 0);
+ } while ((n = iterate_fd(files, n, match_file, &cl)) != 0);
if (devnull)
fput(devnull);
out:
diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h
index 096f0a04af87f..42d701fec5a6d 100644
--- a/security/apparmor/include/audit.h
+++ b/security/apparmor/include/audit.h
@@ -109,6 +109,7 @@ struct apparmor_audit_data {
int type;
u16 class;
const char *op;
+ const struct cred *subj_cred;
struct aa_label *subj_label;
const char *name;
const char *info;
diff --git a/security/apparmor/include/capability.h b/security/apparmor/include/capability.h
index d420e2d10b31b..d6dcc604ec0cc 100644
--- a/security/apparmor/include/capability.h
+++ b/security/apparmor/include/capability.h
@@ -36,7 +36,8 @@ struct aa_caps {
extern struct aa_sfs_entry aa_sfs_entry_caps[];
-int aa_capable(struct aa_label *label, int cap, unsigned int opts);
+int aa_capable(const struct cred *subj_cred, struct aa_label *label,
+ int cap, unsigned int opts);
static inline void aa_free_cap_rules(struct aa_caps *caps)
{
diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h
index 5be620af33ba0..64dc6d1a7a05c 100644
--- a/security/apparmor/include/file.h
+++ b/security/apparmor/include/file.h
@@ -108,7 +108,8 @@ struct path_cond {
#define COMBINED_PERM_MASK(X) ((X).allow | (X).audit | (X).quiet | (X).kill)
-int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms,
+int aa_audit_file(const struct cred *cred,
+ struct aa_profile *profile, struct aa_perms *perms,
const char *op, u32 request, const char *name,
const char *target, struct aa_label *tlabel, kuid_t ouid,
const char *info, int error);
@@ -119,14 +120,16 @@ aa_state_t aa_str_perms(struct aa_policydb *file_rules, aa_state_t start,
const char *name, struct path_cond *cond,
struct aa_perms *perms);
-int aa_path_perm(const char *op, struct aa_label *label,
- const struct path *path, int flags, u32 request,
- struct path_cond *cond);
+int aa_path_perm(const char *op, const struct cred *subj_cred,
+ struct aa_label *label, const struct path *path,
+ int flags, u32 request, struct path_cond *cond);
-int aa_path_link(struct aa_label *label, struct dentry *old_dentry,
- const struct path *new_dir, struct dentry *new_dentry);
+int aa_path_link(const struct cred *subj_cred, struct aa_label *label,
+ struct dentry *old_dentry, const struct path *new_dir,
+ struct dentry *new_dentry);
-int aa_file_perm(const char *op, struct aa_label *label, struct file *file,
+int aa_file_perm(const char *op, const struct cred *subj_cred,
+ struct aa_label *label, struct file *file,
u32 request, bool in_atomic);
void aa_inherit_files(const struct cred *cred, struct files_struct *files);
diff --git a/security/apparmor/include/ipc.h b/security/apparmor/include/ipc.h
index a1ac6ffb95e9c..74d17052f76bc 100644
--- a/security/apparmor/include/ipc.h
+++ b/security/apparmor/include/ipc.h
@@ -13,6 +13,8 @@
#include <linux/sched.h>
-int aa_may_signal(struct aa_label *sender, struct aa_label *target, int sig);
+int aa_may_signal(const struct cred *subj_cred, struct aa_label *sender,
+ const struct cred *target_cred, struct aa_label *target,
+ int sig);
#endif /* __AA_IPC_H */
diff --git a/security/apparmor/include/mount.h b/security/apparmor/include/mount.h
index a710683b24965..10c76f906a653 100644
--- a/security/apparmor/include/mount.h
+++ b/security/apparmor/include/mount.h
@@ -25,26 +25,33 @@
#define AA_MS_IGNORE_MASK (MS_KERNMOUNT | MS_NOSEC | MS_ACTIVE | MS_BORN)
-int aa_remount(struct aa_label *label, const struct path *path,
+int aa_remount(const struct cred *subj_cred,
+ struct aa_label *label, const struct path *path,
unsigned long flags, void *data);
-int aa_bind_mount(struct aa_label *label, const struct path *path,
+int aa_bind_mount(const struct cred *subj_cred,
+ struct aa_label *label, const struct path *path,
const char *old_name, unsigned long flags);
-int aa_mount_change_type(struct aa_label *label, const struct path *path,
+int aa_mount_change_type(const struct cred *subj_cred,
+ struct aa_label *label, const struct path *path,
unsigned long flags);
-int aa_move_mount(struct aa_label *label, const struct path *path,
+int aa_move_mount(const struct cred *subj_cred,
+ struct aa_label *label, const struct path *path,
const char *old_name);
-int aa_new_mount(struct aa_label *label, const char *dev_name,
+int aa_new_mount(const struct cred *subj_cred,
+ struct aa_label *label, const char *dev_name,
const struct path *path, const char *type, unsigned long flags,
void *data);
-int aa_umount(struct aa_label *label, struct vfsmount *mnt, int flags);
+int aa_umount(const struct cred *subj_cred,
+ struct aa_label *label, struct vfsmount *mnt, int flags);
-int aa_pivotroot(struct aa_label *label, const struct path *old_path,
+int aa_pivotroot(const struct cred *subj_cred,
+ struct aa_label *label, const struct path *old_path,
const struct path *new_path);
#endif /* __AA_MOUNT_H */
diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h
index a336e57864e89..aa8515af677f0 100644
--- a/security/apparmor/include/net.h
+++ b/security/apparmor/include/net.h
@@ -93,7 +93,8 @@ void audit_net_cb(struct audit_buffer *ab, void *va);
int aa_profile_af_perm(struct aa_profile *profile,
struct apparmor_audit_data *ad,
u32 request, u16 family, int type);
-int aa_af_perm(struct aa_label *label, const char *op, u32 request, u16 family,
+int aa_af_perm(const struct cred *subj_cred, struct aa_label *label,
+ const char *op, u32 request, u16 family,
int type, int protocol);
static inline int aa_profile_af_sk_perm(struct aa_profile *profile,
struct apparmor_audit_data *ad,
@@ -105,7 +106,8 @@ static inline int aa_profile_af_sk_perm(struct aa_profile *profile,
}
int aa_sk_perm(const char *op, u32 request, struct sock *sk);
-int aa_sock_file_perm(struct aa_label *label, const char *op, u32 request,
+int aa_sock_file_perm(const struct cred *subj_cred, struct aa_label *label,
+ const char *op, u32 request,
struct socket *sock);
int apparmor_secmark_check(struct aa_label *label, char *op, u32 request,
diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
index 545f791cabdae..fa15a5c7febb8 100644
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -370,9 +370,12 @@ static inline int AUDIT_MODE(struct aa_profile *profile)
return profile->audit;
}
-bool aa_policy_view_capable(struct aa_label *label, struct aa_ns *ns);
-bool aa_policy_admin_capable(struct aa_label *label, struct aa_ns *ns);
-int aa_may_manage_policy(struct aa_label *label, struct aa_ns *ns,
+bool aa_policy_view_capable(const struct cred *subj_cred,
+ struct aa_label *label, struct aa_ns *ns);
+bool aa_policy_admin_capable(const struct cred *subj_cred,
+ struct aa_label *label, struct aa_ns *ns);
+int aa_may_manage_policy(const struct cred *subj_cred,
+ struct aa_label *label, struct aa_ns *ns,
u32 mask);
bool aa_current_policy_view_capable(struct aa_ns *ns);
bool aa_current_policy_admin_capable(struct aa_ns *ns);
diff --git a/security/apparmor/include/resource.h b/security/apparmor/include/resource.h
index 961d85d328ea9..ad2c0da8e64fc 100644
--- a/security/apparmor/include/resource.h
+++ b/security/apparmor/include/resource.h
@@ -33,7 +33,8 @@ struct aa_rlimit {
extern struct aa_sfs_entry aa_sfs_entry_rlimit[];
int aa_map_resource(int resource);
-int aa_task_setrlimit(struct aa_label *label, struct task_struct *task,
+int aa_task_setrlimit(const struct cred *subj_cred, struct aa_label *label,
+ struct task_struct *task,
unsigned int resource, struct rlimit *new_rlim);
void __aa_transition_rlimits(struct aa_label *old, struct aa_label *new);
diff --git a/security/apparmor/include/task.h b/security/apparmor/include/task.h
index 13437d62c70f4..29ba55107b7d6 100644
--- a/security/apparmor/include/task.h
+++ b/security/apparmor/include/task.h
@@ -91,7 +91,8 @@ static inline void aa_clear_task_ctx_trans(struct aa_task_ctx *ctx)
"segv usr2 pipe alrm term stkflt chld cont stop stp ttin ttou urg " \
"xcpu xfsz vtalrm prof winch io pwr sys emt lost"
-int aa_may_ptrace(struct aa_label *tracer, struct aa_label *tracee,
+int aa_may_ptrace(const struct cred *tracer_cred, struct aa_label *tracer,
+ const struct cred *tracee_cred, struct aa_label *tracee,
u32 request);
diff --git a/security/apparmor/ipc.c b/security/apparmor/ipc.c
index fd8306399b820..c0d0dbd7b4c4b 100644
--- a/security/apparmor/ipc.c
+++ b/security/apparmor/ipc.c
@@ -75,7 +75,8 @@ static void audit_signal_cb(struct audit_buffer *ab, void *va)
FLAGS_NONE, GFP_ATOMIC);
}
-static int profile_signal_perm(struct aa_profile *profile,
+static int profile_signal_perm(const struct cred *cred,
+ struct aa_profile *profile,
struct aa_label *peer, u32 request,
struct apparmor_audit_data *ad)
{
@@ -88,6 +89,7 @@ static int profile_signal_perm(struct aa_profile *profile,
!ANY_RULE_MEDIATES(&profile->rules, AA_CLASS_SIGNAL))
return 0;
+ ad->subj_cred = cred;
ad->peer = peer;
/* TODO: secondary cache check <profile, profile, perm> */
state = aa_dfa_next(rules->policy.dfa,
@@ -98,7 +100,9 @@ static int profile_signal_perm(struct aa_profile *profile,
return aa_check_perms(profile, &perms, request, ad, audit_signal_cb);
}
-int aa_may_signal(struct aa_label *sender, struct aa_label *target, int sig)
+int aa_may_signal(const struct cred *subj_cred, struct aa_label *sender,
+ const struct cred *target_cred, struct aa_label *target,
+ int sig)
{
struct aa_profile *profile;
DEFINE_AUDIT_DATA(ad, LSM_AUDIT_DATA_NONE, AA_CLASS_SIGNAL, OP_SIGNAL);
@@ -106,6 +110,8 @@ int aa_may_signal(struct aa_label *sender, struct aa_label *target, int sig)
ad.signal = map_signal_num(sig);
ad.unmappedsig = sig;
return xcheck_labels(sender, target, profile,
- profile_signal_perm(profile, target, MAY_WRITE, &ad),
- profile_signal_perm(profile, sender, MAY_READ, &ad));
+ profile_signal_perm(subj_cred, profile, target,
+ MAY_WRITE, &ad),
+ profile_signal_perm(target_cred, profile, sender,
+ MAY_READ, &ad));
}
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 359fbfbb4a66e..60f95cc4532a8 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -116,15 +116,17 @@ static int apparmor_ptrace_access_check(struct task_struct *child,
unsigned int mode)
{
struct aa_label *tracer, *tracee;
+ const struct cred *cred;
int error;
+ cred = get_task_cred(child);
+ tracee = cred_label(cred); /* ref count on cred */
tracer = __begin_current_label_crit_section();
- tracee = aa_get_task_label(child);
- error = aa_may_ptrace(tracer, tracee,
+ error = aa_may_ptrace(current_cred(), tracer, cred, tracee,
(mode & PTRACE_MODE_READ) ? AA_PTRACE_READ
: AA_PTRACE_TRACE);
- aa_put_label(tracee);
__end_current_label_crit_section(tracer);
+ put_cred(cred);
return error;
}
@@ -132,12 +134,15 @@ static int apparmor_ptrace_access_check(struct task_struct *child,
static int apparmor_ptrace_traceme(struct task_struct *parent)
{
struct aa_label *tracer, *tracee;
+ const struct cred *cred;
int error;
tracee = __begin_current_label_crit_section();
- tracer = aa_get_task_label(parent);
- error = aa_may_ptrace(tracer, tracee, AA_PTRACE_TRACE);
- aa_put_label(tracer);
+ cred = get_task_cred(parent);
+ tracer = cred_label(cred); /* ref count on cred */
+ error = aa_may_ptrace(cred, tracer, current_cred(), tracee,
+ AA_PTRACE_TRACE);
+ put_cred(cred);
__end_current_label_crit_section(tracee);
return error;
@@ -188,7 +193,7 @@ static int apparmor_capable(const struct cred *cred, struct user_namespace *ns,
label = aa_get_newest_cred_label(cred);
if (!unconfined(label))
- error = aa_capable(label, cap, opts);
+ error = aa_capable(cred, label, cap, opts);
aa_put_label(label);
return error;
@@ -211,7 +216,8 @@ static int common_perm(const char *op, const struct path *path, u32 mask,
label = __begin_current_label_crit_section();
if (!unconfined(label))
- error = aa_path_perm(op, label, path, 0, mask, cond);
+ error = aa_path_perm(op, current_cred(), label, path, 0, mask,
+ cond);
__end_current_label_crit_section(label);
return error;
@@ -357,7 +363,8 @@ static int apparmor_path_link(struct dentry *old_dentry, const struct path *new_
label = begin_current_label_crit_section();
if (!unconfined(label))
- error = aa_path_link(label, old_dentry, new_dir, new_dentry);
+ error = aa_path_link(current_cred(), label, old_dentry, new_dir,
+ new_dentry);
end_current_label_crit_section(label);
return error;
@@ -396,23 +403,27 @@ static int apparmor_path_rename(const struct path *old_dir, struct dentry *old_d
vfsuid = i_uid_into_vfsuid(idmap, d_backing_inode(old_dentry));
cond_exchange.uid = vfsuid_into_kuid(vfsuid);
- error = aa_path_perm(OP_RENAME_SRC, label, &new_path, 0,
+ error = aa_path_perm(OP_RENAME_SRC, current_cred(),
+ label, &new_path, 0,
MAY_READ | AA_MAY_GETATTR | MAY_WRITE |
AA_MAY_SETATTR | AA_MAY_DELETE,
&cond_exchange);
if (!error)
- error = aa_path_perm(OP_RENAME_DEST, label, &old_path,
+ error = aa_path_perm(OP_RENAME_DEST, current_cred(),
+ label, &old_path,
0, MAY_WRITE | AA_MAY_SETATTR |
AA_MAY_CREATE, &cond_exchange);
}
if (!error)
- error = aa_path_perm(OP_RENAME_SRC, label, &old_path, 0,
+ error = aa_path_perm(OP_RENAME_SRC, current_cred(),
+ label, &old_path, 0,
MAY_READ | AA_MAY_GETATTR | MAY_WRITE |
AA_MAY_SETATTR | AA_MAY_DELETE,
&cond);
if (!error)
- error = aa_path_perm(OP_RENAME_DEST, label, &new_path,
+ error = aa_path_perm(OP_RENAME_DEST, current_cred(),
+ label, &new_path,
0, MAY_WRITE | AA_MAY_SETATTR |
AA_MAY_CREATE, &cond);
@@ -467,7 +478,8 @@ static int apparmor_file_open(struct file *file)
vfsuid = i_uid_into_vfsuid(idmap, inode);
cond.uid = vfsuid_into_kuid(vfsuid);
- error = aa_path_perm(OP_OPEN, label, &file->f_path, 0,
+ error = aa_path_perm(OP_OPEN, file->f_cred,
+ label, &file->f_path, 0,
aa_map_file_to_perms(file), &cond);
/* todo cache full allowed permissions set and state */
fctx->allow = aa_map_file_to_perms(file);
@@ -507,7 +519,7 @@ static int common_file_perm(const char *op, struct file *file, u32 mask,
return -EACCES;
label = __begin_current_label_crit_section();
- error = aa_file_perm(op, label, file, mask, in_atomic);
+ error = aa_file_perm(op, current_cred(), label, file, mask, in_atomic);
__end_current_label_crit_section(label);
return error;
@@ -585,17 +597,21 @@ static int apparmor_sb_mount(const char *dev_name, const struct path *path,
label = __begin_current_label_crit_section();
if (!unconfined(label)) {
if (flags & MS_REMOUNT)
- error = aa_remount(label, path, flags, data);
+ error = aa_remount(current_cred(), label, path, flags,
+ data);
else if (flags & MS_BIND)
- error = aa_bind_mount(label, path, dev_name, flags);
+ error = aa_bind_mount(current_cred(), label, path,
+ dev_name, flags);
else if (flags & (MS_SHARED | MS_PRIVATE | MS_SLAVE |
MS_UNBINDABLE))
- error = aa_mount_change_type(label, path, flags);
+ error = aa_mount_change_type(current_cred(), label,
+ path, flags);
else if (flags & MS_MOVE)
- error = aa_move_mount(label, path, dev_name);
+ error = aa_move_mount(current_cred(), label, path,
+ dev_name);
else
- error = aa_new_mount(label, dev_name, path, type,
- flags, data);
+ error = aa_new_mount(current_cred(), label, dev_name,
+ path, type, flags, data);
}
__end_current_label_crit_section(label);
@@ -609,7 +625,7 @@ static int apparmor_sb_umount(struct vfsmount *mnt, int flags)
label = __begin_current_label_crit_section();
if (!unconfined(label))
- error = aa_umount(label, mnt, flags);
+ error = aa_umount(current_cred(), label, mnt, flags);
__end_current_label_crit_section(label);
return error;
@@ -623,7 +639,7 @@ static int apparmor_sb_pivotroot(const struct path *old_path,
label = aa_get_current_label();
if (!unconfined(label))
- error = aa_pivotroot(label, old_path, new_path);
+ error = aa_pivotroot(current_cred(), label, old_path, new_path);
aa_put_label(label);
return error;
@@ -785,7 +801,8 @@ static int apparmor_task_setrlimit(struct task_struct *task,
int error = 0;
if (!unconfined(label))
- error = aa_task_setrlimit(label, task, resource, new_rlim);
+ error = aa_task_setrlimit(current_cred(), label, task,
+ resource, new_rlim);
__end_current_label_crit_section(label);
return error;
@@ -794,26 +811,27 @@ static int apparmor_task_setrlimit(struct task_struct *task,
static int apparmor_task_kill(struct task_struct *target, struct kernel_siginfo *info,
int sig, const struct cred *cred)
{
+ const struct cred *tc;
struct aa_label *cl, *tl;
int error;
+ tc = get_task_cred(target);
+ tl = aa_get_newest_cred_label(tc);
if (cred) {
/*
* Dealing with USB IO specific behavior
*/
cl = aa_get_newest_cred_label(cred);
- tl = aa_get_task_label(target);
- error = aa_may_signal(cl, tl, sig);
+ error = aa_may_signal(cred, cl, tc, tl, sig);
aa_put_label(cl);
- aa_put_label(tl);
return error;
+ } else {
+ cl = __begin_current_label_crit_section();
+ error = aa_may_signal(current_cred(), cl, tc, tl, sig);
+ __end_current_label_crit_section(cl);
}
-
- cl = __begin_current_label_crit_section();
- tl = aa_get_task_label(target);
- error = aa_may_signal(cl, tl, sig);
aa_put_label(tl);
- __end_current_label_crit_section(cl);
+ put_cred(tc);
return error;
}
@@ -879,7 +897,8 @@ static int apparmor_socket_create(int family, int type, int protocol, int kern)
if (!(kern || unconfined(label)))
error = af_select(family,
create_perm(label, family, type, protocol),
- aa_af_perm(label, OP_CREATE, AA_MAY_CREATE,
+ aa_af_perm(current_cred(), label,
+ OP_CREATE, AA_MAY_CREATE,
family, type, protocol));
end_current_label_crit_section(label);
diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c
index 3830bceff9c8b..2bb77aacc49ae 100644
--- a/security/apparmor/mount.c
+++ b/security/apparmor/mount.c
@@ -113,6 +113,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
/**
* audit_mount - handle the auditing of mount operations
+ * @subj_cred: cred of the subject
* @profile: the profile being enforced (NOT NULL)
* @op: operation being mediated (NOT NULL)
* @name: name of object being mediated (MAYBE NULL)
@@ -128,7 +129,8 @@ static void audit_cb(struct audit_buffer *ab, void *va)
*
* Returns: %0 or error on failure
*/
-static int audit_mount(struct aa_profile *profile, const char *op,
+static int audit_mount(const struct cred *subj_cred,
+ struct aa_profile *profile, const char *op,
const char *name, const char *src_name,
const char *type, const char *trans,
unsigned long flags, const void *data, u32 request,
@@ -166,6 +168,7 @@ static int audit_mount(struct aa_profile *profile, const char *op,
return error;
}
+ ad.subj_cred = subj_cred;
ad.name = name;
ad.mnt.src_name = src_name;
ad.mnt.type = type;
@@ -284,6 +287,7 @@ static int path_flags(struct aa_profile *profile, const struct path *path)
/**
* match_mnt_path_str - handle path matching for mount
+ * @subj_cred: cred of confined subject
* @profile: the confining profile
* @mntpath: for the mntpnt (NOT NULL)
* @buffer: buffer to be used to lookup mntpath
@@ -296,7 +300,8 @@ static int path_flags(struct aa_profile *profile, const struct path *path)
*
* Returns: 0 on success else error
*/
-static int match_mnt_path_str(struct aa_profile *profile,
+static int match_mnt_path_str(const struct cred *subj_cred,
+ struct aa_profile *profile,
const struct path *mntpath, char *buffer,
const char *devname, const char *type,
unsigned long flags, void *data, bool binary,
@@ -337,12 +342,14 @@ static int match_mnt_path_str(struct aa_profile *profile,
error = 0;
audit:
- return audit_mount(profile, OP_MOUNT, mntpnt, devname, type, NULL,
+ return audit_mount(subj_cred, profile, OP_MOUNT, mntpnt, devname,
+ type, NULL,
flags, data, AA_MAY_MOUNT, &perms, info, error);
}
/**
* match_mnt - handle path matching for mount
+ * @subj_cred: cred of the subject
* @profile: the confining profile
* @path: for the mntpnt (NOT NULL)
* @buffer: buffer to be used to lookup mntpath
@@ -355,7 +362,8 @@ static int match_mnt_path_str(struct aa_profile *profile,
*
* Returns: 0 on success else error
*/
-static int match_mnt(struct aa_profile *profile, const struct path *path,
+static int match_mnt(const struct cred *subj_cred,
+ struct aa_profile *profile, const struct path *path,
char *buffer, const struct path *devpath, char *devbuffer,
const char *type, unsigned long flags, void *data,
bool binary)
@@ -379,11 +387,12 @@ static int match_mnt(struct aa_profile *profile, const struct path *path,
devname = ERR_PTR(error);
}
- return match_mnt_path_str(profile, path, buffer, devname, type, flags,
- data, binary, info);
+ return match_mnt_path_str(subj_cred, profile, path, buffer, devname,
+ type, flags, data, binary, info);
}
-int aa_remount(struct aa_label *label, const struct path *path,
+int aa_remount(const struct cred *subj_cred,
+ struct aa_label *label, const struct path *path,
unsigned long flags, void *data)
{
struct aa_profile *profile;
@@ -400,14 +409,16 @@ int aa_remount(struct aa_label *label, const struct path *path,
if (!buffer)
return -ENOMEM;
error = fn_for_each_confined(label, profile,
- match_mnt(profile, path, buffer, NULL, NULL, NULL,
+ match_mnt(subj_cred, profile, path, buffer, NULL,
+ NULL, NULL,
flags, data, binary));
aa_put_buffer(buffer);
return error;
}
-int aa_bind_mount(struct aa_label *label, const struct path *path,
+int aa_bind_mount(const struct cred *subj_cred,
+ struct aa_label *label, const struct path *path,
const char *dev_name, unsigned long flags)
{
struct aa_profile *profile;
@@ -434,8 +445,8 @@ int aa_bind_mount(struct aa_label *label, const struct path *path,
goto out;
error = fn_for_each_confined(label, profile,
- match_mnt(profile, path, buffer, &old_path, old_buffer,
- NULL, flags, NULL, false));
+ match_mnt(subj_cred, profile, path, buffer, &old_path,
+ old_buffer, NULL, flags, NULL, false));
out:
aa_put_buffer(buffer);
aa_put_buffer(old_buffer);
@@ -444,7 +455,8 @@ int aa_bind_mount(struct aa_label *label, const struct path *path,
return error;
}
-int aa_mount_change_type(struct aa_label *label, const struct path *path,
+int aa_mount_change_type(const struct cred *subj_cred,
+ struct aa_label *label, const struct path *path,
unsigned long flags)
{
struct aa_profile *profile;
@@ -462,14 +474,16 @@ int aa_mount_change_type(struct aa_label *label, const struct path *path,
if (!buffer)
return -ENOMEM;
error = fn_for_each_confined(label, profile,
- match_mnt(profile, path, buffer, NULL, NULL, NULL,
+ match_mnt(subj_cred, profile, path, buffer, NULL,
+ NULL, NULL,
flags, NULL, false));
aa_put_buffer(buffer);
return error;
}
-int aa_move_mount(struct aa_label *label, const struct path *path,
+int aa_move_mount(const struct cred *subj_cred,
+ struct aa_label *label, const struct path *path,
const char *orig_name)
{
struct aa_profile *profile;
@@ -493,7 +507,8 @@ int aa_move_mount(struct aa_label *label, const struct path *path,
if (!buffer || !old_buffer)
goto out;
error = fn_for_each_confined(label, profile,
- match_mnt(profile, path, buffer, &old_path, old_buffer,
+ match_mnt(subj_cred, profile, path, buffer, &old_path,
+ old_buffer,
NULL, MS_MOVE, NULL, false));
out:
aa_put_buffer(buffer);
@@ -503,9 +518,9 @@ int aa_move_mount(struct aa_label *label, const struct path *path,
return error;
}
-int aa_new_mount(struct aa_label *label, const char *dev_name,
- const struct path *path, const char *type, unsigned long flags,
- void *data)
+int aa_new_mount(const struct cred *subj_cred, struct aa_label *label,
+ const char *dev_name, const struct path *path,
+ const char *type, unsigned long flags, void *data)
{
struct aa_profile *profile;
char *buffer = NULL, *dev_buffer = NULL;
@@ -550,12 +565,14 @@ int aa_new_mount(struct aa_label *label, const char *dev_name,
goto out;
}
error = fn_for_each_confined(label, profile,
- match_mnt(profile, path, buffer, dev_path, dev_buffer,
+ match_mnt(subj_cred, profile, path, buffer,
+ dev_path, dev_buffer,
type, flags, data, binary));
} else {
error = fn_for_each_confined(label, profile,
- match_mnt_path_str(profile, path, buffer, dev_name,
- type, flags, data, binary, NULL));
+ match_mnt_path_str(subj_cred, profile, path,
+ buffer, dev_name,
+ type, flags, data, binary, NULL));
}
out:
@@ -567,7 +584,8 @@ int aa_new_mount(struct aa_label *label, const char *dev_name,
return error;
}
-static int profile_umount(struct aa_profile *profile, const struct path *path,
+static int profile_umount(const struct cred *subj_cred,
+ struct aa_profile *profile, const struct path *path,
char *buffer)
{
struct aa_ruleset *rules = list_first_entry(&profile->rules,
@@ -596,11 +614,13 @@ static int profile_umount(struct aa_profile *profile, const struct path *path,
error = -EACCES;
audit:
- return audit_mount(profile, OP_UMOUNT, name, NULL, NULL, NULL, 0, NULL,
+ return audit_mount(subj_cred, profile, OP_UMOUNT, name, NULL, NULL,
+ NULL, 0, NULL,
AA_MAY_UMOUNT, &perms, info, error);
}
-int aa_umount(struct aa_label *label, struct vfsmount *mnt, int flags)
+int aa_umount(const struct cred *subj_cred, struct aa_label *label,
+ struct vfsmount *mnt, int flags)
{
struct aa_profile *profile;
char *buffer = NULL;
@@ -615,7 +635,7 @@ int aa_umount(struct aa_label *label, struct vfsmount *mnt, int flags)
return -ENOMEM;
error = fn_for_each_confined(label, profile,
- profile_umount(profile, &path, buffer));
+ profile_umount(subj_cred, profile, &path, buffer));
aa_put_buffer(buffer);
return error;
@@ -625,7 +645,8 @@ int aa_umount(struct aa_label *label, struct vfsmount *mnt, int flags)
*
* Returns: label for transition or ERR_PTR. Does not return NULL
*/
-static struct aa_label *build_pivotroot(struct aa_profile *profile,
+static struct aa_label *build_pivotroot(const struct cred *subj_cred,
+ struct aa_profile *profile,
const struct path *new_path,
char *new_buffer,
const struct path *old_path,
@@ -670,7 +691,8 @@ static struct aa_label *build_pivotroot(struct aa_profile *profile,
error = 0;
audit:
- error = audit_mount(profile, OP_PIVOTROOT, new_name, old_name,
+ error = audit_mount(subj_cred, profile, OP_PIVOTROOT, new_name,
+ old_name,
NULL, trans_name, 0, NULL, AA_MAY_PIVOTROOT,
&perms, info, error);
if (error)
@@ -679,7 +701,8 @@ static struct aa_label *build_pivotroot(struct aa_profile *profile,
return aa_get_newest_label(&profile->label);
}
-int aa_pivotroot(struct aa_label *label, const struct path *old_path,
+int aa_pivotroot(const struct cred *subj_cred, struct aa_label *label,
+ const struct path *old_path,
const struct path *new_path)
{
struct aa_profile *profile;
@@ -697,7 +720,8 @@ int aa_pivotroot(struct aa_label *label, const struct path *old_path,
if (!old_buffer || !new_buffer)
goto out;
target = fn_label_build(label, profile, GFP_KERNEL,
- build_pivotroot(profile, new_path, new_buffer,
+ build_pivotroot(subj_cred, profile, new_path,
+ new_buffer,
old_path, old_buffer));
if (!target) {
info = "label build failed";
@@ -723,7 +747,8 @@ int aa_pivotroot(struct aa_label *label, const struct path *old_path,
fail:
/* TODO: add back in auditing of new_name and old_name */
error = fn_for_each(label, profile,
- audit_mount(profile, OP_PIVOTROOT, NULL /*new_name */,
+ audit_mount(subj_cred, profile, OP_PIVOTROOT,
+ NULL /*new_name */,
NULL /* old_name */,
NULL, NULL,
0, NULL, AA_MAY_PIVOTROOT, &nullperms, info,
diff --git a/security/apparmor/net.c b/security/apparmor/net.c
index 5e50f80e35db0..704c171232ab4 100644
--- a/security/apparmor/net.c
+++ b/security/apparmor/net.c
@@ -135,8 +135,8 @@ int aa_profile_af_perm(struct aa_profile *profile,
return aa_check_perms(profile, &perms, request, ad, audit_net_cb);
}
-int aa_af_perm(struct aa_label *label, const char *op, u32 request, u16 family,
- int type, int protocol)
+int aa_af_perm(const struct cred *subj_cred, struct aa_label *label,
+ const char *op, u32 request, u16 family, int type, int protocol)
{
struct aa_profile *profile;
DEFINE_AUDIT_NET(ad, op, NULL, family, type, protocol);
@@ -146,7 +146,9 @@ int aa_af_perm(struct aa_label *label, const char *op, u32 request, u16 family,
type));
}
-static int aa_label_sk_perm(struct aa_label *label, const char *op, u32 request,
+static int aa_label_sk_perm(const struct cred *subj_cred,
+ struct aa_label *label,
+ const char *op, u32 request,
struct sock *sk)
{
struct aa_sk_ctx *ctx = SK_CTX(sk);
@@ -159,6 +161,7 @@ static int aa_label_sk_perm(struct aa_label *label, const char *op, u32 request,
struct aa_profile *profile;
DEFINE_AUDIT_SK(ad, op, sk);
+ ad.subj_cred = subj_cred;
error = fn_for_each_confined(label, profile,
aa_profile_af_sk_perm(profile, &ad, request, sk));
}
@@ -176,21 +179,21 @@ int aa_sk_perm(const char *op, u32 request, struct sock *sk)
/* TODO: switch to begin_current_label ???? */
label = begin_current_label_crit_section();
- error = aa_label_sk_perm(label, op, request, sk);
+ error = aa_label_sk_perm(current_cred(), label, op, request, sk);
end_current_label_crit_section(label);
return error;
}
-int aa_sock_file_perm(struct aa_label *label, const char *op, u32 request,
- struct socket *sock)
+int aa_sock_file_perm(const struct cred *subj_cred, struct aa_label *label,
+ const char *op, u32 request, struct socket *sock)
{
AA_BUG(!label);
AA_BUG(!sock);
AA_BUG(!sock->sk);
- return aa_label_sk_perm(label, op, request, sock->sk);
+ return aa_label_sk_perm(subj_cred, label, op, request, sock->sk);
}
#ifdef CONFIG_NETWORK_SECMARK
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index e5f1ef83b0fda..8a07793ce1032 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -762,21 +762,23 @@ static int audit_policy(struct aa_label *subj_label, const char *op,
/* don't call out to other LSMs in the stack for apparmor policy admin
* permissions
*/
-static int policy_ns_capable(struct aa_label *label,
+static int policy_ns_capable(const struct cred *subj_cred,
+ struct aa_label *label,
struct user_namespace *userns, int cap)
{
int err;
/* check for MAC_ADMIN cap in cred */
- err = cap_capable(current_cred(), userns, cap, CAP_OPT_NONE);
+ err = cap_capable(subj_cred, userns, cap, CAP_OPT_NONE);
if (!err)
- err = aa_capable(label, cap, CAP_OPT_NONE);
+ err = aa_capable(subj_cred, label, cap, CAP_OPT_NONE);
return err;
}
/**
* aa_policy_view_capable - check if viewing policy in at @ns is allowed
+ * @subj_cred: cred of subject
* @label: label that is trying to view policy in ns
* @ns: namespace being viewed by @label (may be NULL if @label's ns)
*
@@ -785,9 +787,10 @@ static int policy_ns_capable(struct aa_label *label,
* If @ns is NULL then the namespace being viewed is assumed to be the
* tasks current namespace.
*/
-bool aa_policy_view_capable(struct aa_label *label, struct aa_ns *ns)
+bool aa_policy_view_capable(const struct cred *subj_cred,
+ struct aa_label *label, struct aa_ns *ns)
{
- struct user_namespace *user_ns = current_user_ns();
+ struct user_namespace *user_ns = subj_cred->user_ns;
struct aa_ns *view_ns = labels_view(label);
bool root_in_user_ns = uid_eq(current_euid(), make_kuid(user_ns, 0)) ||
in_egroup_p(make_kgid(user_ns, 0));
@@ -804,15 +807,17 @@ bool aa_policy_view_capable(struct aa_label *label, struct aa_ns *ns)
return response;
}
-bool aa_policy_admin_capable(struct aa_label *label, struct aa_ns *ns)
+bool aa_policy_admin_capable(const struct cred *subj_cred,
+ struct aa_label *label, struct aa_ns *ns)
{
- struct user_namespace *user_ns = current_user_ns();
- bool capable = policy_ns_capable(label, user_ns, CAP_MAC_ADMIN) == 0;
+ struct user_namespace *user_ns = subj_cred->user_ns;
+ bool capable = policy_ns_capable(subj_cred, label, user_ns,
+ CAP_MAC_ADMIN) == 0;
AA_DEBUG("cap_mac_admin? %d\n", capable);
AA_DEBUG("policy locked? %d\n", aa_g_lock_policy);
- return aa_policy_view_capable(label, ns) && capable &&
+ return aa_policy_view_capable(subj_cred, label, ns) && capable &&
!aa_g_lock_policy;
}
@@ -822,7 +827,7 @@ bool aa_current_policy_view_capable(struct aa_ns *ns)
bool res;
label = __begin_current_label_crit_section();
- res = aa_policy_view_capable(label, ns);
+ res = aa_policy_view_capable(current_cred(), label, ns);
__end_current_label_crit_section(label);
return res;
@@ -834,7 +839,7 @@ bool aa_current_policy_admin_capable(struct aa_ns *ns)
bool res;
label = __begin_current_label_crit_section();
- res = aa_policy_admin_capable(label, ns);
+ res = aa_policy_admin_capable(current_cred(), label, ns);
__end_current_label_crit_section(label);
return res;
@@ -842,13 +847,15 @@ bool aa_current_policy_admin_capable(struct aa_ns *ns)
/**
* aa_may_manage_policy - can the current task manage policy
+ * @subj_cred; subjects cred
* @label: label to check if it can manage policy
* @ns: namespace being managed by @label (may be NULL if @label's ns)
* @mask: contains the policy manipulation operation being done
*
* Returns: 0 if the task is allowed to manipulate policy else error
*/
-int aa_may_manage_policy(struct aa_label *label, struct aa_ns *ns, u32 mask)
+int aa_may_manage_policy(const struct cred *subj_cred, struct aa_label *label,
+ struct aa_ns *ns, u32 mask)
{
const char *op;
@@ -864,7 +871,7 @@ int aa_may_manage_policy(struct aa_label *label, struct aa_ns *ns, u32 mask)
return audit_policy(label, op, NULL, NULL, "policy_locked",
-EACCES);
- if (!aa_policy_admin_capable(label, ns))
+ if (!aa_policy_admin_capable(subj_cred, label, ns))
return audit_policy(label, op, NULL, NULL, "not policy admin",
-EACCES);
diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c
index 73ba26c646a5e..dcc94c3153d51 100644
--- a/security/apparmor/resource.c
+++ b/security/apparmor/resource.c
@@ -43,6 +43,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
/**
* audit_resource - audit setting resource limit
+ * @subj_cred: cred setting the resource
* @profile: profile being enforced (NOT NULL)
* @resource: rlimit being auditing
* @value: value being set
@@ -52,13 +53,15 @@ static void audit_cb(struct audit_buffer *ab, void *va)
*
* Returns: 0 or ad->error else other error code on failure
*/
-static int audit_resource(struct aa_profile *profile, unsigned int resource,
+static int audit_resource(const struct cred *subj_cred,
+ struct aa_profile *profile, unsigned int resource,
unsigned long value, struct aa_label *peer,
const char *info, int error)
{
DEFINE_AUDIT_DATA(ad, LSM_AUDIT_DATA_NONE, AA_CLASS_RLIMITS,
OP_SETRLIMIT);
+ ad.subj_cred = subj_cred;
ad.rlim.rlim = resource;
ad.rlim.max = value;
ad.peer = peer;
@@ -82,7 +85,8 @@ int aa_map_resource(int resource)
return rlim_map[resource];
}
-static int profile_setrlimit(struct aa_profile *profile, unsigned int resource,
+static int profile_setrlimit(const struct cred *subj_cred,
+ struct aa_profile *profile, unsigned int resource,
struct rlimit *new_rlim)
{
struct aa_ruleset *rules = list_first_entry(&profile->rules,
@@ -92,12 +96,13 @@ static int profile_setrlimit(struct aa_profile *profile, unsigned int resource,
if (rules->rlimits.mask & (1 << resource) && new_rlim->rlim_max >
rules->rlimits.limits[resource].rlim_max)
e = -EACCES;
- return audit_resource(profile, resource, new_rlim->rlim_max, NULL, NULL,
- e);
+ return audit_resource(subj_cred, profile, resource, new_rlim->rlim_max,
+ NULL, NULL, e);
}
/**
* aa_task_setrlimit - test permission to set an rlimit
+ * @subj_cred: cred setting the limit
* @label: label confining the task (NOT NULL)
* @task: task the resource is being set on
* @resource: the resource being set
@@ -107,7 +112,8 @@ static int profile_setrlimit(struct aa_profile *profile, unsigned int resource,
*
* Returns: 0 or error code if setting resource failed
*/
-int aa_task_setrlimit(struct aa_label *label, struct task_struct *task,
+int aa_task_setrlimit(const struct cred *subj_cred, struct aa_label *label,
+ struct task_struct *task,
unsigned int resource, struct rlimit *new_rlim)
{
struct aa_profile *profile;
@@ -126,14 +132,15 @@ int aa_task_setrlimit(struct aa_label *label, struct task_struct *task,
*/
if (label != peer &&
- aa_capable(label, CAP_SYS_RESOURCE, CAP_OPT_NOAUDIT) != 0)
+ aa_capable(subj_cred, label, CAP_SYS_RESOURCE, CAP_OPT_NOAUDIT) != 0)
error = fn_for_each(label, profile,
- audit_resource(profile, resource,
+ audit_resource(subj_cred, profile, resource,
new_rlim->rlim_max, peer,
"cap_sys_resource", -EACCES));
else
error = fn_for_each_confined(label, profile,
- profile_setrlimit(profile, resource, new_rlim));
+ profile_setrlimit(subj_cred, profile, resource,
+ new_rlim));
aa_put_label(peer);
return error;
diff --git a/security/apparmor/task.c b/security/apparmor/task.c
index 79850e8321420..0d7af707cccdd 100644
--- a/security/apparmor/task.c
+++ b/security/apparmor/task.c
@@ -226,14 +226,16 @@ static void audit_ptrace_cb(struct audit_buffer *ab, void *va)
/* assumes check for RULE_MEDIATES is already done */
/* TODO: conditionals */
-static int profile_ptrace_perm(struct aa_profile *profile,
- struct aa_label *peer, u32 request,
- struct apparmor_audit_data *ad)
+static int profile_ptrace_perm(const struct cred *cred,
+ struct aa_profile *profile,
+ struct aa_label *peer, u32 request,
+ struct apparmor_audit_data *ad)
{
struct aa_ruleset *rules = list_first_entry(&profile->rules,
typeof(*rules), list);
struct aa_perms perms = { };
+ ad->subj_cred = cred;
ad->peer = peer;
aa_profile_match_label(profile, rules, peer, AA_CLASS_PTRACE, request,
&perms);
@@ -241,7 +243,8 @@ static int profile_ptrace_perm(struct aa_profile *profile,
return aa_check_perms(profile, &perms, request, ad, audit_ptrace_cb);
}
-static int profile_tracee_perm(struct aa_profile *tracee,
+static int profile_tracee_perm(const struct cred *cred,
+ struct aa_profile *tracee,
struct aa_label *tracer, u32 request,
struct apparmor_audit_data *ad)
{
@@ -249,10 +252,11 @@ static int profile_tracee_perm(struct aa_profile *tracee,
!ANY_RULE_MEDIATES(&tracee->rules, AA_CLASS_PTRACE))
return 0;
- return profile_ptrace_perm(tracee, tracer, request, ad);
+ return profile_ptrace_perm(cred, tracee, tracer, request, ad);
}
-static int profile_tracer_perm(struct aa_profile *tracer,
+static int profile_tracer_perm(const struct cred *cred,
+ struct aa_profile *tracer,
struct aa_label *tracee, u32 request,
struct apparmor_audit_data *ad)
{
@@ -260,7 +264,7 @@ static int profile_tracer_perm(struct aa_profile *tracer,
return 0;
if (ANY_RULE_MEDIATES(&tracer->rules, AA_CLASS_PTRACE))
- return profile_ptrace_perm(tracer, tracee, request, ad);
+ return profile_ptrace_perm(cred, tracer, tracee, request, ad);
/* profile uses the old style capability check for ptrace */
if (&tracer->label == tracee)
@@ -269,8 +273,8 @@ static int profile_tracer_perm(struct aa_profile *tracer,
ad->subj_label = &tracer->label;
ad->peer = tracee;
ad->request = 0;
- ad->error = aa_capable(&tracer->label, CAP_SYS_PTRACE,
- CAP_OPT_NONE);
+ ad->error = aa_capable(cred, &tracer->label, CAP_SYS_PTRACE,
+ CAP_OPT_NONE);
return aa_audit(AUDIT_APPARMOR_AUTO, tracer, ad, audit_ptrace_cb);
}
@@ -283,7 +287,8 @@ static int profile_tracer_perm(struct aa_profile *tracer,
*
* Returns: %0 else error code if permission denied or error
*/
-int aa_may_ptrace(struct aa_label *tracer, struct aa_label *tracee,
+int aa_may_ptrace(const struct cred *tracer_cred, struct aa_label *tracer,
+ const struct cred *tracee_cred, struct aa_label *tracee,
u32 request)
{
struct aa_profile *profile;
@@ -291,6 +296,8 @@ int aa_may_ptrace(struct aa_label *tracer, struct aa_label *tracee,
DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_NONE, AA_CLASS_PTRACE, OP_PTRACE);
return xcheck_labels(tracer, tracee, profile,
- profile_tracer_perm(profile, tracee, request, &sa),
- profile_tracee_perm(profile, tracer, xrequest, &sa));
+ profile_tracer_perm(tracer_cred, profile, tracee,
+ request, &sa),
+ profile_tracee_perm(tracee_cred, profile, tracer,
+ xrequest, &sa));
}
--
2.42.0
next prev parent reply other threads:[~2023-11-24 18:21 UTC|newest]
Thread overview: 555+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-24 17:42 [PATCH 6.6 000/530] 6.6.3-rc1 review Greg Kroah-Hartman
2023-11-24 17:42 ` [PATCH 6.6 001/530] locking/ww_mutex/test: Fix potential workqueue corruption Greg Kroah-Hartman
2023-11-24 17:42 ` [PATCH 6.6 002/530] btrfs: abort transaction on generation mismatch when marking eb as dirty Greg Kroah-Hartman
2023-11-24 17:42 ` [PATCH 6.6 003/530] lib/generic-radix-tree.c: Dont overflow in peek() Greg Kroah-Hartman
2023-11-24 17:42 ` [PATCH 6.6 004/530] x86/retpoline: Make sure there are no unconverted return thunks due to KCSAN Greg Kroah-Hartman
2023-11-24 17:42 ` [PATCH 6.6 005/530] perf/core: Bail out early if the request AUX area is out of bound Greg Kroah-Hartman
2023-11-24 17:42 ` [PATCH 6.6 006/530] rcu: Dump memory object info if callback function is invalid Greg Kroah-Hartman
2023-11-24 17:42 ` [PATCH 6.6 007/530] srcu: Fix srcu_struct node grpmask overflow on 64-bit systems Greg Kroah-Hartman
2023-11-24 17:42 ` [PATCH 6.6 008/530] selftests/lkdtm: Disable CONFIG_UBSAN_TRAP in test config Greg Kroah-Hartman
2023-11-24 17:42 ` [PATCH 6.6 009/530] clocksource/drivers/timer-imx-gpt: Fix potential memory leak Greg Kroah-Hartman
2023-11-24 17:42 ` [PATCH 6.6 010/530] clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware Greg Kroah-Hartman
2023-11-24 17:42 ` [PATCH 6.6 011/530] srcu: Only accelerate on enqueue time Greg Kroah-Hartman
2023-11-24 17:42 ` [PATCH 6.6 012/530] smp,csd: Throw an error if a CSD lock is stuck for too long Greg Kroah-Hartman
2023-11-24 17:42 ` [PATCH 6.6 013/530] cpu/hotplug: Dont offline the last non-isolated CPU Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 014/530] workqueue: Provide one lock class key per work_on_cpu() callsite Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 015/530] x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 016/530] wifi: plfxlc: fix clang-specific fortify warning Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 017/530] wifi: ath12k: Ignore fragments from uninitialized peer in dp Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 018/530] wifi: mac80211_hwsim: fix clang-specific fortify warning Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 019/530] wifi: mac80211: dont return unset power in ieee80211_get_tx_power() Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 020/530] atl1c: Work around the DMA RX overflow issue Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 021/530] bpf: Detect IP == ksym.end as part of BPF program Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 022/530] wifi: ath9k: fix clang-specific fortify warnings Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 023/530] wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats() Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 024/530] wifi: ath10k: fix clang-specific fortify warning Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 025/530] wifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps() Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 026/530] ACPI: APEI: Fix AER info corruption when error status data has multiple sections Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 027/530] net: sfp: add quirk for Fiberstone GPON-ONU-34-20BI Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 028/530] wifi: mt76: mt7921e: Support MT7992 IP in Xiaomi Redmibook 15 Pro (2023) Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 029/530] wifi: mt76: fix clang-specific fortify warnings Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 030/530] net: annotate data-races around sk->sk_tx_queue_mapping Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 031/530] net: annotate data-races around sk->sk_dst_pending_confirm Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 032/530] wifi: ath12k: mhi: fix potential memory leak in ath12k_mhi_register() Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 033/530] wifi: ath10k: Dont touch the CE interrupt registers after power up Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 034/530] net: sfp: add quirk for FSs 2.5G copper SFP Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 035/530] vsock: read from sockets error queue Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 036/530] bpf: Ensure proper register state printing for cond jumps Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 037/530] wifi: iwlwifi: mvm: fix size check for fw_link_id Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 038/530] Bluetooth: btusb: Add date->evt_skb is NULL check Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 039/530] Bluetooth: Fix double free in hci_conn_cleanup Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 040/530] ACPI: EC: Add quirk for HP 250 G7 Notebook PC Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 041/530] tsnep: Fix tsnep_request_irq() format-overflow warning Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 042/530] gpiolib: acpi: Add a ignore interrupt quirk for Peaq C1010 Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 043/530] platform/chrome: kunit: initialize lock for fake ec_dev Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 044/530] of: address: Fix address translation when address-size is greater than 2 Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 045/530] platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 046/530] drm/gma500: Fix call trace when psb_gem_mm_init() fails Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 047/530] drm/amdkfd: ratelimited SQ interrupt messages Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 048/530] drm/komeda: drop all currently held locks if deadlock happens Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 049/530] drm/amd/display: Blank phantom OTG before enabling Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 050/530] drm/amd/display: Dont lock phantom pipe on disabling Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 051/530] drm/amd/display: add seamless pipe topology transition check Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 052/530] drm/edid: Fixup h/vsync_end instead of h/vtotal Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 053/530] md: dont rely on mddev->pers to be set in mddev_suspend() Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 054/530] drm/amdgpu: not to save bo in the case of RAS err_event_athub Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 055/530] drm/amdkfd: Fix a race condition of vram buffer unref in svm code Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 056/530] drm/amdgpu: update retry times for psp vmbx wait Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 057/530] drm/amd: Update `update_pcie_parameters` functions to use uint8_t arguments Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 058/530] drm/amd/display: use full update for clip size increase of large plane source Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 059/530] string.h: add array-wrappers for (v)memdup_user() Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 060/530] kernel: kexec: copy user-array safely Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 061/530] kernel: watch_queue: " Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 062/530] drm_lease.c: " Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 063/530] drm: vmwgfx_surface.c: " Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 064/530] drm/msm/dp: skip validity check for DP CTS EDID checksum Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 065/530] drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 066/530] drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 067/530] drm/amdgpu: Fix potential null pointer derefernce Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 068/530] drm/panel: fix a possible null pointer dereference Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 069/530] drm/panel/panel-tpo-tpg110: " Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 070/530] drm/radeon: " Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 071/530] drm/amdgpu/vkms: " Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 072/530] drm/panel: st7703: Pick different reset sequence Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 073/530] drm/amdkfd: Fix shift out-of-bounds issue Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 074/530] drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 075/530] drm/amd: Disable PP_PCIE_DPM_MASK when dynamic speed switching not supported Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 076/530] drm/amd/display: fix num_ways overflow error Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 077/530] drm/amd: check num of link levels when update pcie param Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 078/530] soc: qcom: pmic: Fix resource leaks in a device_for_each_child_node() loop Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 079/530] arm64: dts: rockchip: Add NanoPC T6 PCIe e-key support Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 080/530] arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 081/530] selftests/efivarfs: create-read: fix a resource leak Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 082/530] ASoC: mediatek: mt8188-mt6359: support dynamic pinctrl Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 083/530] ASoC: soc-card: Add storage for PCI SSID Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 084/530] ASoC: SOF: Pass PCI SSID to machine driver Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 085/530] ASoC: Intel: sof_sdw: Copy PCI SSID to struct snd_soc_card Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 086/530] ASoC: cs35l56: Use PCI SSID as the firmware UID Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 087/530] crypto: pcrypt - Fix hungtask for PADATA_RESET Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 088/530] ALSA: scarlett2: Move USB IDs out from device_info struct Greg Kroah-Hartman
2023-11-25 7:16 ` Takashi Iwai
2023-11-25 15:21 ` Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 089/530] ASoC: SOF: ipc4: handle EXCEPTION_CAUGHT notification from firmware Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 090/530] RDMA/hfi1: Use FIELD_GET() to extract Link Width Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 091/530] scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 092/530] scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 093/530] fs/jfs: Add check for negative db_l2nbperpage Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 094/530] fs/jfs: Add validity check for db_maxag and db_agpref Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 095/530] jfs: fix array-index-out-of-bounds in dbFindLeaf Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 096/530] jfs: fix array-index-out-of-bounds in diAlloc Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 097/530] HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround Greg Kroah-Hartman
2023-12-22 14:15 ` Uli v. d. Ohe
2023-12-22 14:31 ` Greg KH
2023-12-22 15:34 ` Uli v. d. Ohe
2023-11-24 17:44 ` [PATCH 6.6 098/530] ARM: 9320/1: fix stack depot IRQ stack filter Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 099/530] ALSA: hda: Fix possible null-ptr-deref when assigning a stream Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 100/530] gpiolib: of: Add quirk for mt2701-cs42448 ASoC sound Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 101/530] PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 102/530] PCI: mvebu: Use FIELD_PREP() with Link Width Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 103/530] atm: iphase: Do PCI error checks on own line Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 104/530] PCI: Do error check on own line to split long "if" conditions Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 105/530] scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 106/530] PCI: Use FIELD_GET() to extract Link Width Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 107/530] PCI: Extract ATS disabling to a helper function Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 108/530] PCI: Disable ATS for specific Intel IPU E2000 devices Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 109/530] PCI: dwc: Add dw_pcie_link_set_max_link_width() Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 110/530] PCI: dwc: Add missing PCI_EXP_LNKCAP_MLW handling Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 111/530] misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 112/530] PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 113/530] ASoC: Intel: soc-acpi-cht: Add Lenovo Yoga Tab 3 Pro YT3-X90 quirk Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 114/530] crypto: hisilicon/qm - prevent soft lockup in receive loop Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 115/530] HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 116/530] exfat: support handle zero-size directory Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 117/530] mfd: intel-lpss: Add Intel Lunar Lake-M PCI IDs Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 118/530] iio: adc: stm32-adc: harden against NULL pointer deref in stm32_adc_probe() Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 119/530] thunderbolt: Apply USB 3.x bandwidth quirk only in software connection manager Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 120/530] tty: vcc: Add check for kstrdup() in vcc_probe() Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 121/530] dt-bindings: phy: qcom,snps-eusb2-repeater: Add magic tuning overrides Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 122/530] phy: qualcomm: phy-qcom-eusb2-repeater: Use regmap_fields Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 123/530] phy: qualcomm: phy-qcom-eusb2-repeater: Zero out untouched tuning regs Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 124/530] usb: dwc3: core: configure TX/RX threshold for DWC3_IP Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 125/530] usb: ucsi: glink: use the connector orientation GPIO to provide switch events Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 126/530] soundwire: dmi-quirks: update HP Omen match Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 127/530] f2fs: fix error path of __f2fs_build_free_nids Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 128/530] f2fs: fix error handling of __get_node_page Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 129/530] usb: host: xhci: Avoid XHCI resume delay if SSUSB device is not present Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 130/530] usb: gadget: f_ncm: Always set current gadget in ncm_bind() Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 131/530] 9p/trans_fd: Annotate data-racy writes to file::f_flags Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 132/530] 9p: v9fs_listxattr: fix %s null argument warning Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 133/530] i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 134/530] i2c: i801: Add support for Intel Birch Stream SoC Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 135/530] i2c: fix memleak in i2c_new_client_device() Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 136/530] i2c: sun6i-p2wi: Prevent potential division by zero Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 137/530] virtio-blk: fix implicit overflow on virtio_max_dma_size Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 138/530] i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 139/530] media: gspca: cpia1: shift-out-of-bounds in set_flicker Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 140/530] media: vivid: avoid integer overflow Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 141/530] media: ipu-bridge: increase sensor_name size Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 142/530] gfs2: ignore negated quota changes Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 143/530] gfs2: fix an oops in gfs2_permission Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 144/530] media: cobalt: Use FIELD_GET() to extract Link Width Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 145/530] media: ccs: Fix driver quirk struct documentation Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 146/530] media: imon: fix access to invalid resource for the second interface Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 147/530] drm/amd/display: Avoid NULL dereference of timing generator Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 148/530] gfs2: Fix slab-use-after-free in gfs2_qd_dealloc Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 149/530] kgdb: Flush console before entering kgdb on panic Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 150/530] riscv: VMAP_STACK overflow detection thread-safe Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 151/530] i2c: dev: copy userspace array safely Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 152/530] ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 153/530] drm/qxl: prevent memory leak Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 154/530] ALSA: hda/realtek: Add quirk for ASUS UX7602ZM Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 155/530] drm/amdgpu: fix software pci_unplug on some chips Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 156/530] pwm: Fix double shift bug Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 157/530] mtd: rawnand: tegra: add missing check for platform_get_irq() Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 158/530] wifi: iwlwifi: Use FW rate for non-data frames Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 159/530] sched/core: Optimize in_task() and in_interrupt() a bit Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 160/530] samples/bpf: syscall_tp_user: Rename num_progs into nr_tests Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 161/530] samples/bpf: syscall_tp_user: Fix array out-of-bound access Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 162/530] dt-bindings: serial: fix regex pattern for matching serial node children Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 163/530] SUNRPC: ECONNRESET might require a rebind Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 164/530] mtd: rawnand: intel: check return value of devm_kasprintf() Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 165/530] mtd: rawnand: meson: " Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 166/530] drm/i915/mtl: avoid stringop-overflow warning Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 167/530] NFSv4.1: fix handling NFS4ERR_DELAY when testing for session trunking Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 168/530] SUNRPC: Add an IS_ERR() check back to where it was Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 169/530] NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 170/530] SUNRPC: Fix RPC client cleaned up the freed pipefs dentries Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 171/530] RISC-V: hwprobe: Fix vDSO SIGSEGV Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 172/530] riscv: provide riscv-specific is_trap_insn() Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 173/530] gfs2: Silence "suspicious RCU usage in gfs2_permission" warning Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 174/530] drm/i915/tc: Fix -Wformat-truncation in intel_tc_port_init Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 175/530] riscv: split cache ops out of dma-noncoherent.c Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 176/530] vdpa_sim_blk: allocate the buffer zeroed Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 177/530] vhost-vdpa: fix use after free in vhost_vdpa_probe() Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 178/530] gcc-plugins: randstruct: Only warn about true flexible arrays Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 179/530] bpf: handle ldimm64 properly in check_cfg() Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 180/530] bpf: fix precision backtracking instruction iteration Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 181/530] bpf: fix control-flow graph checking in privileged mode Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 182/530] net: set SOCK_RCU_FREE before inserting socket into hashtable Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 183/530] ipvlan: add ipvlan_route_v6_outbound() helper Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 184/530] tty: Fix uninit-value access in ppp_sync_receive() Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 185/530] net: ti: icssg-prueth: Add missing icss_iep_put to error path Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 186/530] net: ti: icssg-prueth: Fix error cleanup on failing pruss_request_mem_region Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 187/530] xen/events: avoid using info_for_irq() in xen_send_IPI_one() Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 188/530] net: hns3: fix add VLAN fail issue Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 189/530] net: hns3: add barrier in vf mailbox reply process Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 190/530] net: hns3: fix incorrect capability bit display for copper port Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 191/530] net: hns3: fix out-of-bounds access may occur when coalesce info is read via debugfs Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 192/530] net: hns3: fix variable may not initialized problem in hns3_init_mac_addr() Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 193/530] net: hns3: fix VF reset fail issue Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 194/530] net: hns3: fix VF wrong speed and duplex issue Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 195/530] tipc: Fix kernel-infoleak due to uninitialized TLV value Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 196/530] net: mvneta: fix calls to page_pool_get_stats Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 197/530] ppp: limit MRU to 64K Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 198/530] xen/events: fix delayed eoi list handling Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 199/530] blk-mq: make sure active queue usage is held for bio_integrity_prep() Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 200/530] ptp: annotate data-race around q->head and q->tail Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 201/530] bonding: stop the device in bond_setup_by_slave() Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 202/530] net: ethernet: cortina: Fix max RX frame define Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 203/530] net: ethernet: cortina: Handle large frames Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 204/530] net: ethernet: cortina: Fix MTU max setting Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 205/530] af_unix: fix use-after-free in unix_stream_read_actor() Greg Kroah-Hartman
2023-11-25 22:16 ` Pascal Ernster
2023-11-25 23:49 ` Pascal Ernster
2023-11-26 0:54 ` Holger Hoffstätte
2023-11-26 8:24 ` Pascal Ernster
2023-11-26 12:41 ` Pascal Ernster
2023-11-26 13:42 ` Pascal Ernster
2023-12-10 5:47 ` Pascal Ernster
2023-11-24 17:46 ` [PATCH 6.6 206/530] netfilter: nf_conntrack_bridge: initialize err to 0 Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 207/530] netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 208/530] netfilter: nf_tables: bogus ENOENT when destroying element which does not exist Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 209/530] net: stmmac: fix rx budget limit check Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 210/530] net: stmmac: avoid rx queue overrun Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 211/530] pds_core: use correct index to mask irq Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 212/530] pds_core: fix up some format-truncation complaints Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 213/530] gve: Fixes for napi_poll when budget is 0 Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 214/530] io_uring/fdinfo: remove need for sqpoll lock for thread/pid retrieval Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 215/530] Revert "net/mlx5: DR, Supporting inline WQE when possible" Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 216/530] net/mlx5: Free used cpus mask when an IRQ is released Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 217/530] net/mlx5: Decouple PHC .adjtime and .adjphase implementations Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 218/530] net/mlx5e: fix double free of encap_header Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 219/530] net/mlx5e: fix double free of encap_header in update funcs Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 220/530] net/mlx5e: Fix pedit endianness Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 221/530] net/mlx5e: Dont modify the peer sent-to-vport rules for IPSec offload Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 222/530] net/mlx5e: Avoid referencing skb after free-ing in drop path of mlx5e_sq_xmit_wqe Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 223/530] net/mlx5e: Track xmit submission to PTP WQ after populating metadata map Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 224/530] net/mlx5e: Update doorbell for port timestamping CQ before the software counter Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 225/530] net/mlx5: Increase size of irq name buffer Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 226/530] net/mlx5e: Reduce the size of icosq_str Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 227/530] net/mlx5e: Check return value of snprintf writing to fw_version buffer Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 228/530] net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 229/530] net: sched: do not offload flows with a helper in act_ct Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 230/530] macvlan: Dont propagate promisc change to lower dev in passthru Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 231/530] tools/power/turbostat: Fix a knl bug Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 232/530] tools/power/turbostat: Enable the C-state Pre-wake printing Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 233/530] scsi: ufs: core: Expand MCQ queue slot to DeviceQueueDepth + 1 Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 234/530] cifs: spnego: add ; in HOST_KEY_LEN Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 235/530] cifs: fix check of rc in function generate_smb3signingkey Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 236/530] perf/core: Fix cpuctx refcounting Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 237/530] i915/perf: Fix NULL deref bugs with drm_dbg() calls Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 238/530] perf: arm_cspmu: Reject events meant for other PMUs Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 239/530] drivers: perf: Check find_first_bit() return value Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 240/530] media: venus: hfi: add checks to perform sanity on queue pointers Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 241/530] perf intel-pt: Fix async branch flags Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 242/530] powerpc/perf: Fix disabling BHRB and instruction sampling Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 243/530] randstruct: Fix gcc-plugin performance mode to stay in group Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 244/530] spi: Fix null dereference on suspend Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 245/530] bpf: Fix check_stack_write_fixed_off() to correctly spill imm Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 246/530] bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 247/530] scsi: mpt3sas: Fix loop logic Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 248/530] scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 249/530] scsi: ufs: qcom: Update PHY settings only when scaling to higher gears Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 250/530] scsi: qla2xxx: Fix system crash due to bad pointer access Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 251/530] scsi: ufs: core: Fix racing issue between ufshcd_mcq_abort() and ISR Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 252/530] x86/shstk: Delay signal entry SSP write until after user accesses Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 253/530] crypto: x86/sha - load modules based on CPU features Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 254/530] x86/PCI: Avoid PME from D3hot/D3cold for AMD Rembrandt and Phoenix USB4 Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 255/530] x86/apic/msi: Fix misconfigured non-maskable MSI quirk Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 256/530] x86/cpu/hygon: Fix the CPU topology evaluation for real Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 257/530] KVM: x86: hyper-v: Dont auto-enable stimer on write from user-space Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 258/530] KVM: x86: Ignore MSR_AMD64_TW_CFG access Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 259/530] KVM: x86: Clear bit12 of ICR after APIC-write VM-exit Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 260/530] KVM: x86: Fix lapic timer interrupt lost after loading a snapshot Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 261/530] mmc: sdhci-pci-gli: GL9755: Mask the replay timer timeout of AER Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 262/530] sched: psi: fix unprivileged polling against cgroups Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 263/530] audit: dont take task_lock() in audit_exe_compare() code path Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 264/530] audit: dont WARN_ON_ONCE(!current->mm) in audit_exe_compare() Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 265/530] proc: sysctl: prevent aliased sysctls from getting passed to init Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 266/530] tty/sysrq: replace smp_processor_id() with get_cpu() Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 267/530] tty: serial: meson: fix hard LOCKUP on crtscts mode Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 268/530] acpi/processor: sanitize _OSC/_PDC capabilities for Xen dom0 Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 269/530] hvc/xen: fix console unplug Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 270/530] hvc/xen: fix error path in xen_hvc_init() to always register frontend driver Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 271/530] hvc/xen: fix event channel handling for secondary consoles Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 272/530] PCI/sysfs: Protect drivers D3cold preference from user space Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 273/530] mm/damon/sysfs: remove requested targets when online-commit inputs Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 274/530] mm/damon/sysfs: update monitoring target regions for online input commit Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 275/530] watchdog: move softlockup_panic back to early_param Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 276/530] iommufd: Fix missing update of domains_itree after splitting iopt_area Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 277/530] fbdev: stifb: Make the STI next font pointer a 32-bit signed offset Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 278/530] dm crypt: account large pages in cc->n_allocated_pages Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 279/530] mm/damon/lru_sort: avoid divide-by-zero in hot threshold calculation Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 280/530] mm/damon/ops-common: avoid divide-by-zero during region hotness calculation Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 281/530] mm/damon: implement a function for max nr_accesses safe calculation Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 282/530] mm/damon/core: avoid divide-by-zero during monitoring results update Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 283/530] mm/damon/sysfs-schemes: handle tried region directory allocation failure Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 284/530] mm/damon/sysfs-schemes: handle tried regions sysfs " Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 285/530] mm/damon/core.c: avoid unintentional filtering out of schemes Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 286/530] mm/damon/sysfs: check error from damon_sysfs_update_target() Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 287/530] parisc: Add nop instructions after TLB inserts Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 288/530] ACPI: resource: Do IRQ override on TongFang GMxXGxx Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 289/530] regmap: Ensure range selector registers are updated after cache sync Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 290/530] wifi: ath11k: fix temperature event locking Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 291/530] wifi: ath11k: fix dfs radar " Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 292/530] wifi: ath11k: fix htt pktlog locking Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 293/530] wifi: ath11k: fix gtk offload status event locking Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 294/530] wifi: ath12k: fix htt mlo-offset " Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 295/530] wifi: ath12k: fix dfs-radar and temperature " Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 296/530] mmc: meson-gx: Remove setting of CMD_CFG_ERROR Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 297/530] genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 298/530] sched/core: Fix RQCF_ACT_SKIP leak Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 299/530] pmdomain: bcm: bcm2835-power: check if the ASB register is equal to enable Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 300/530] KEYS: trusted: tee: Refactor register SHM usage Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 301/530] KEYS: trusted: Rollback init_trusted() consistently Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 302/530] PCI: keystone: Dont discard .remove() callback Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 303/530] PCI: keystone: Dont discard .probe() callback Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 304/530] pmdomain: amlogic: Fix mask for the second NNA mem PD domain Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 305/530] arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 306/530] arm64: module: Fix PLT counting when CONFIG_RANDOMIZE_BASE=n Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 307/530] pmdomain: imx: Make imx pgc power domain also set the fwnode Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 308/530] parisc/agp: Use 64-bit LE values in SBA IOMMU PDIR table Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 309/530] parisc/pdc: Add width field to struct pdc_model Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 310/530] parisc/power: Add power soft-off when running on qemu Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 311/530] cpufreq: stats: Fix buffer overflow detection in trans_stats() Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 312/530] powercap: intel_rapl: Downgrade BIOS locked limits pr_warn() to pr_debug() Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 313/530] clk: socfpga: Fix undefined behavior bug in struct stratix10_clock_data Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 314/530] clk: visconti: Fix undefined behavior bug in struct visconti_pll_provider Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 315/530] integrity: powerpc: Do not select CA_MACHINE_KEYRING Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 316/530] clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 317/530] clk: qcom: ipq6018: " Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 318/530] ksmbd: fix recursive locking in vfs helpers Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 319/530] ksmbd: handle malformed smb1 message Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 320/530] ksmbd: fix slab out of bounds write in smb_inherit_dacl() Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 321/530] mmc: vub300: fix an error code Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 322/530] mmc: sdhci_am654: fix start loop index for TAP value parsing Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 323/530] mmc: Add quirk MMC_QUIRK_BROKEN_CACHE_FLUSH for Micron eMMC Q2J54A Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 324/530] PCI: qcom-ep: Add dedicated callback for writing to DBI2 registers Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 325/530] PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 326/530] PCI: kirin: Dont discard .remove() callback Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 327/530] PCI: exynos: " Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 328/530] PCI: Lengthen reset delay for VideoPropulsion Torrent QN16e card Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 329/530] wifi: wilc1000: use vmm_table as array in wilc struct Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 330/530] svcrdma: Drop connection after an RDMA Read error Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 331/530] rcu/tree: Defer setting of jiffies during stall reset Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 332/530] arm64: dts: qcom: ipq6018: Fix hwlock index for SMEM Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 333/530] dt-bindings: timer: renesas,rz-mtu3: Fix overflow/underflow interrupt names Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 334/530] PM: hibernate: Use __get_safe_page() rather than touching the list Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 335/530] PM: hibernate: Clean up sync_read handling in snapshot_write_next() Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 336/530] rcu: kmemleak: Ignore kmemleak false positives when RCU-freeing objects Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 337/530] btrfs: dont arbitrarily slow down delalloc if were committing Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 338/530] thermal: intel: powerclamp: fix mismatch in get function for max_idle Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 339/530] arm64: dts: qcom: ipq5332: Fix hwlock index for SMEM Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 340/530] arm64: dts: qcom: ipq8074: " Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 341/530] firmware: qcom_scm: use 64-bit calling convention only when client is 64-bit Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 342/530] ACPI: FPDT: properly handle invalid FPDT subtables Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 343/530] arm64: dts: qcom: ipq9574: Fix hwlock index for SMEM Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 344/530] arm64: dts: qcom: ipq6018: Fix tcsr_mutex register size Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 345/530] leds: trigger: netdev: Move size check in set_device_name Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 346/530] mfd: qcom-spmi-pmic: Fix reference leaks in revid helper Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 347/530] mfd: qcom-spmi-pmic: Fix revid implementation Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 348/530] ima: annotate iint mutex to avoid lockdep false positive warnings Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 349/530] ima: detect changes to the backing overlay file Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 350/530] netfilter: nf_tables: remove catchall element in GC sync path Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 351/530] netfilter: nf_tables: split async and sync catchall in two functions Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 352/530] ASoC: soc-dai: add flag to mute and unmute stream during trigger Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 353/530] ASoC: codecs: wsa883x: make use of new mute_unmute_on_trigger flag Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 354/530] selftests/resctrl: Fix uninitialized .sa_flags Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 355/530] selftests/resctrl: Remove duplicate feature check from CMT test Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 356/530] selftests/resctrl: Move _GNU_SOURCE define into Makefile Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 357/530] selftests/resctrl: Refactor feature check to use resource and feature name Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 358/530] selftests/resctrl: Fix feature checks Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 359/530] selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 360/530] hid: lenovo: Resend all settings on reset_resume for compact keyboards Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 361/530] ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 362/530] jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 363/530] quota: explicitly forbid quota files from being encrypted Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 364/530] kernel/reboot: emergency_restart: Set correct system_state Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 365/530] scripts/gdb/vmalloc: disable on no-MMU Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 366/530] fs: use nth_page() in place of direct struct page manipulation Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 367/530] mips: " Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 368/530] i2c: core: Run atomic i2c xfer when !preemptible Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 369/530] selftests/clone3: Fix broken test under !CONFIG_TIME_NS Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 370/530] tracing: Have the user copy of synthetic event address use correct context Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 371/530] driver core: Release all resources during unbind before updating device links Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 372/530] mcb: fix error handling for different scenarios when parsing Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 373/530] powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 374/530] dmaengine: stm32-mdma: correct desc prep when channel running Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 375/530] s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 376/530] s390/mm: add missing arch_set_page_dat() call to gmap allocations Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 377/530] s390/cmma: fix initial kernel address space page table walk Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 378/530] s390/cmma: fix detection of DAT pages Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 379/530] s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 380/530] mm/cma: use nth_page() in place of direct struct page manipulation Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 381/530] mm/hugetlb: " Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 382/530] mm/memory_hotplug: use pfn math " Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 383/530] mm: make PR_MDWE_REFUSE_EXEC_GAIN an unsigned long Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 384/530] mtd: cfi_cmdset_0001: Byte swap OTP info Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 385/530] cxl/region: Do not try to cleanup after cxl_region_setup_targets() fails Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 386/530] i3c: master: cdns: Fix reading status register Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 387/530] i3c: master: svc: fix race condition in ibi work thread Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 388/530] i3c: master: svc: fix wrong data return when IBI happen during start frame Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 389/530] i3c: master: svc: fix ibi may not return mandatory data byte Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 390/530] i3c: master: svc: fix check wrong status register in irq handler Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 391/530] i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 392/530] i3c: master: svc: fix random hot join failure since timeout error Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 393/530] cxl/region: Fix x1 root-decoder granularity calculations Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 394/530] cxl/port: Fix delete_endpoint() vs parent unregistration race Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 395/530] apparmor: Fix kernel-doc warnings in apparmor/audit.c Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 396/530] apparmor: Fix kernel-doc warnings in apparmor/lib.c Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 397/530] apparmor: Fix kernel-doc warnings in apparmor/resource.c Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 398/530] apparmor: Fix kernel-doc warnings in apparmor/policy.c Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 399/530] apparmor: combine common_audit_data and apparmor_audit_data Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 400/530] apparmor: rename audit_data->label to audit_data->subj_label Greg Kroah-Hartman
2023-11-24 17:49 ` Greg Kroah-Hartman [this message]
2023-11-24 17:49 ` [PATCH 6.6 402/530] apparmor: Fix regression in mount mediation Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 403/530] Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 404/530] Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 405/530] drm/amd/display: enable dsc_clk even if dsc_pg disabled Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 406/530] torture: Make torture_hrtimeout_ns() take an hrtimer mode parameter Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 407/530] rcutorture: Fix stuttering races and other issues Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 408/530] selftests/resctrl: Remove bw_report and bm_type from main() Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 409/530] selftests/resctrl: Simplify span lifetime Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 410/530] selftests/resctrl: Make benchmark command const and build it with pointers Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 411/530] selftests/resctrl: Extend signal handler coverage to unmount on receiving signal Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 412/530] parisc: Prevent booting 64-bit kernels on PA1.x machines Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 413/530] parisc/pgtable: Do not drop upper 5 address bits of physical address Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 414/530] parisc/power: Fix power soft-off when running on qemu Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 415/530] parisc: fix mmap_base calculation when stack grows upwards Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 416/530] xhci: Enable RPM on controllers that support low-power states Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 417/530] smb3: fix creating FIFOs when mounting with "sfu" mount option Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 418/530] smb3: fix touch -h of symlink Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 419/530] smb3: allow dumping session and tcon id to improve stats analysis and debugging Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 420/530] smb3: fix caching of ctime on setxattr Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 421/530] smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 422/530] smb: client: fix use-after-free in smb2_query_info_compound() Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 423/530] smb: client: fix potential deadlock when releasing mids Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 424/530] smb: client: fix mount when dns_resolver key is not available Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 425/530] cifs: reconnect helper should set reconnect for the right channel Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 426/530] cifs: force interface update before a fresh session setup Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 427/530] cifs: do not reset chan_max if multichannel is not supported at mount Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 428/530] cifs: do not pass cifs_sb when trying to add channels Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 429/530] cifs: Fix encryption of cleared, but unset rq_iter data buffers Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 430/530] xfs: recovery should not clear di_flushiter unconditionally Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 431/530] btrfs: zoned: wait for data BG to be finished on direct IO allocation Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 432/530] ALSA: info: Fix potential deadlock at disconnection Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 433/530] ALSA: hda/realtek: Enable Mute LED on HP 255 G8 Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 434/530] ALSA: hda/realtek - Add Dell ALC295 to pin fall back table Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 435/530] ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 436/530] ALSA: hda/realtek: Enable Mute LED on HP 255 G10 Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 437/530] ALSA: hda/realtek: Add quirks for HP Laptops Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 438/530] Revert ncsi: Propagate carrier gain/loss events to the NCSI controller Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 439/530] Revert "i2c: pxa: move to generic GPIO recovery" Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 440/530] lsm: fix default return value for vm_enough_memory Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 441/530] lsm: fix default return value for inode_getsecctx Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 442/530] sbsa_gwdt: Calculate timeout with 64-bit math Greg Kroah-Hartman
2023-11-24 17:50 ` Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 443/530] i2c: designware: Disable TX_EMPTY irq while waiting for block length byte Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 444/530] s390/ap: fix AP bus crash on early config change callback invocation Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 445/530] net: ethtool: Fix documentation of ethtool_sprintf() Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 446/530] net: dsa: lan9303: consequently nested-lock physical MDIO Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 447/530] net: phylink: initialize carrier state at creation Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 448/530] gfs2: dont withdraw if init_threads() got interrupted Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 449/530] i2c: i801: fix potential race in i801_block_transaction_byte_by_byte Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 450/530] f2fs: do not return EFSCORRUPTED, but try to run online repair Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 451/530] f2fs: set the default compress_level on ioctl Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 452/530] f2fs: avoid format-overflow warning Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 453/530] f2fs: split initial and dynamic conditions for extent_cache Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 454/530] media: lirc: drop trailing space from scancode transmit Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 455/530] media: sharp: fix sharp encoding Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 456/530] media: venus: hfi_parser: Add check to keep the number of codecs within range Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 457/530] media: venus: hfi: fix the check to handle session buffer requirement Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 458/530] media: venus: hfi: add checks to handle capabilities from firmware Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 459/530] media: ccs: Correctly initialise try compose rectangle Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 460/530] drm/mediatek/dp: fix memory leak on ->get_edid callback audio detection Greg Kroah-Hartman
2023-11-24 17:50 ` Greg Kroah-Hartman
2023-11-24 17:50 ` Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 461/530] drm/mediatek/dp: fix memory leak on ->get_edid callback error path Greg Kroah-Hartman
2023-11-24 17:50 ` Greg Kroah-Hartman
2023-11-24 17:50 ` Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 462/530] dm-bufio: fix no-sleep mode Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 463/530] dm-verity: dont use blocking calls from tasklets Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 464/530] nfsd: fix file memleak on client_opens_release Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 465/530] NFSD: Update nfsd_cache_append() to use xdr_stream Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 466/530] LoongArch: Mark __percpu functions as always inline Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 467/530] tracing: fprobe-event: Fix to check tracepoint event and return Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 468/530] swiotlb: do not free decrypted pages if dynamic Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 469/530] swiotlb: fix out-of-bounds TLB allocations with CONFIG_SWIOTLB_DYNAMIC Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 470/530] riscv: Using TOOLCHAIN_HAS_ZIHINTPAUSE marco replace zihintpause Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 471/530] riscv: put interrupt entries into .irqentry.text Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 472/530] riscv: mm: Update the comment of CONFIG_PAGE_OFFSET Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 473/530] riscv: correct pt_level name via pgtable_l5/4_enabled Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 474/530] riscv: kprobes: allow writing to x0 Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 475/530] mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 476/530] mm: fix for negative counter: nr_file_hugepages Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 477/530] mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 478/530] mptcp: deal with large GSO size Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 479/530] mptcp: add validity check for sending RM_ADDR Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 480/530] mptcp: fix setsockopt(IP_TOS) subflow locking Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 481/530] selftests: mptcp: fix fastclose with csum failure Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 482/530] r8169: fix network lost after resume on DASH systems Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 483/530] r8169: add handling DASH when DASH is disabled Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 484/530] mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 485/530] media: qcom: camss: Fix pm_domain_on sequence in probe Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 486/530] media: qcom: camss: Fix vfe_get() error jump Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 487/530] media: qcom: camss: Fix VFE-17x vfe_disable_output() Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 488/530] media: qcom: camss: Fix VFE-480 vfe_disable_output() Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 489/530] media: qcom: camss: Fix missing vfe_lite clocks check Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 490/530] media: qcom: camss: Fix set CSI2_RX_CFG1_VC_MODE when VC is greater than 3 Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 491/530] media: qcom: camss: Fix invalid clock enable bit disjunction Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 492/530] media: qcom: camss: Fix csid-gen2 for test pattern generator Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 493/530] Revert "HID: logitech-dj: Add support for a new lightspeed receiver iteration" Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 494/530] Revert "net: r8169: Disable multicast filter for RTL8168H and RTL8107E" Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 495/530] ext4: fix race between writepages and remount Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 496/530] ext4: no need to generate from free list in mballoc Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 497/530] ext4: make sure allocate pending entry not fail Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 498/530] ext4: apply umask if ACL support is disabled Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 499/530] ext4: correct offset of gdb backup in non meta_bg group to update_backups Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 500/530] ext4: mark buffer new if it is unwritten to avoid stale data exposure Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 501/530] ext4: correct return value of ext4_convert_meta_bg Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 502/530] ext4: correct the start block of counting reserved clusters Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 503/530] ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 504/530] ext4: add missed brelse in update_backups Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 505/530] ext4: properly sync file size update after O_SYNC direct IO Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 506/530] ext4: fix racy may inline data check in dio write Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 507/530] drm/amd/pm: Handle non-terminated overdrive commands Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 508/530] drm: bridge: it66121: ->get_edid callback must not return err pointers Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 509/530] x86/srso: Move retbleed IBPB check into existing has_microcode code block Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 510/530] drm/amd/display: Add Null check for DPP resource Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 511/530] drm/i915/mtl: Support HBR3 rate with C10 phy and eDP in MTL Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 512/530] drm/i915: Bump GLK CDCLK frequency when driving multiple pipes Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 513/530] drm/i915: Fix potential spectre vulnerability Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 514/530] drm/i915: Flush WC GGTT only on required platforms Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 515/530] drm/amd/pm: Fix error of MACO flag setting code Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 516/530] drm/amdgpu/smu13: drop compute workload workaround Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 517/530] drm/amdgpu: dont use pci_is_thunderbolt_attached() Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 518/530] drm/amdgpu: fix GRBM read timeout when do mes_self_test Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 519/530] drm/amdgpu: add a retry for IP discovery init Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 520/530] drm/amdgpu: dont use ATRM for external devices Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 521/530] drm/amdgpu: fix error handling in amdgpu_vm_init Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 522/530] drm/amdgpu: fix error handling in amdgpu_bo_list_get() Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 523/530] drm/amdgpu: lower CS errors to debug severity Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 524/530] drm/amdgpu: Fix possible null pointer dereference Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 525/530] drm/amd/display: Guard against invalid RPTR/WPTR being set Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 526/530] drm/amd/display: Fix DSC not Enabled on Direct MST Sink Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 527/530] drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer() Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 528/530] drm/amd/display: Enable fast plane updates on DCN3.2 and above Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 529/530] drm/amd/display: Clear dpcd_sink_ext_caps if not set Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 530/530] drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox Greg Kroah-Hartman
2023-11-24 19:05 ` [PATCH 6.6 000/530] 6.6.3-rc1 review Naresh Kamboju
2023-11-25 15:31 ` Greg Kroah-Hartman
2023-11-24 21:57 ` Nam Cao
2023-11-24 22:29 ` Takeshi Ogasawara
2023-11-25 9:40 ` Ron Economos
2023-11-25 11:26 ` Pavel Machek
2023-11-25 12:34 ` Bagas Sanjaya
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231124172040.234942754@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=georgia.garcia@canonical.com \
--cc=john.johansen@canonical.com \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.