[PATCH] landlock: opened file never has a negative dentry

[PATCH] landlock: opened file never has a negative dentry

[Al Viro]

[don't really care which tree that goes through; right now it's
in viro/vfs.git #work.misc, but if somebody prefers to grab it
through a different tree, just say so]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 security/landlock/syscalls.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/security/landlock/syscalls.c b/security/landlock/syscalls.c
index 33eafb71e4f3..0116e9f93ffe 100644
--- a/security/landlock/syscalls.c
+++ b/security/landlock/syscalls.c
@@ -303,7 +303,6 @@ static int get_path_from_fd(const s32 fd, struct path *const path)
 	if ((fd_file(f)->f_op == &ruleset_fops) ||
 	    (fd_file(f)->f_path.mnt->mnt_flags & MNT_INTERNAL) ||
 	    (fd_file(f)->f_path.dentry->d_sb->s_flags & SB_NOUSER) ||
-	    d_is_negative(fd_file(f)->f_path.dentry) ||
 	    IS_PRIVATE(d_backing_inode(fd_file(f)->f_path.dentry)))
 		return -EBADFD;
 
-- 
2.39.5

[PATCH] apparmor: file never has NULL f_path.mnt

[Al Viro]

[don't really care which tree that goes through; right now it's
in viro/vfs.git #work.misc, but if somebody prefers to grab it
through a different tree, just say so]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 security/apparmor/file.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/apparmor/file.c b/security/apparmor/file.c
index d52a5b14dad4..f494217112c9 100644
--- a/security/apparmor/file.c
+++ b/security/apparmor/file.c
@@ -604,7 +604,7 @@ int aa_file_perm(const char *op, const struct cred *subj_cred,
 	rcu_read_unlock();
 	/* TODO: label cross check */
 
-	if (file->f_path.mnt && path_mediated_fs(file->f_path.dentry))
+	if (path_mediated_fs(file->f_path.dentry))
 		error = __file_path_perm(op, subj_cred, label, flabel, file,
 					 request, denied, in_atomic);
 
-- 
2.39.5

[PATCH] don't duplicate vfs_open() in kernel_file_open()

[Al Viro]

[don't really care which tree that goes through; right now it's
in viro/vfs.git #work.misc, but if somebody prefers to grab it
through a different tree, just say so]
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 fs/open.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/fs/open.c b/fs/open.c
index 7828234a7caa..b29d1e077164 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -1204,14 +1204,11 @@ struct file *kernel_file_open(const struct path *path, int flags,
 	if (IS_ERR(f))
 		return f;
 
-	f->f_path = *path;
-	error = do_dentry_open(f, NULL);
+	error = vfs_open(path, f);
 	if (error) {
 		fput(f);
 		return ERR_PTR(error);
 	}
-
-	fsnotify_open(f);
 	return f;
 }
 EXPORT_SYMBOL_GPL(kernel_file_open);
-- 
2.39.5

[PATCH] proc_fd_getattr(): don't bother with S_ISDIR() check

[Al Viro]

[don't really care which tree that goes through; right now it's
in viro/vfs.git #work.misc, but if somebody prefers to grab it
through a different tree, just say so]

that thing is callable only as ->i_op->getattr() instance and only
for directory inodes (/proc/*/fd and /proc/*/task/*/fd)

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 fs/proc/fd.c | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/fs/proc/fd.c b/fs/proc/fd.c
index 37aa778d1af7..9eeccff49b2a 100644
--- a/fs/proc/fd.c
+++ b/fs/proc/fd.c
@@ -352,18 +352,9 @@ static int proc_fd_getattr(struct mnt_idmap *idmap,
 			u32 request_mask, unsigned int query_flags)
 {
 	struct inode *inode = d_inode(path->dentry);
-	int rv = 0;
 
 	generic_fillattr(&nop_mnt_idmap, request_mask, inode, stat);
-
-	/* If it's a directory, put the number of open fds there */
-	if (S_ISDIR(inode->i_mode)) {
-		rv = proc_readfd_count(inode, &stat->size);
-		if (rv < 0)
-			return rv;
-	}
-
-	return rv;
+	return proc_readfd_count(inode, &stat->size);
 }
 
 const struct inode_operations proc_fd_inode_operations = {
-- 
2.39.5

[PATCH] secretmem: move setting O_LARGEFILE and bumping users' count to the place where we create the file

[Al Viro]

[don't really care which tree that goes through; right now it's
in viro/vfs.git #work.misc, but if somebody prefers to grab it
through a different tree, just say so]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 mm/secretmem.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/mm/secretmem.c b/mm/secretmem.c
index 589b26c2d553..ef4922baa1cd 100644
--- a/mm/secretmem.c
+++ b/mm/secretmem.c
@@ -208,7 +208,7 @@ static struct file *secretmem_file_create(unsigned long flags)
 	}
 
 	file = alloc_file_pseudo(inode, secretmem_mnt, "secretmem",
-				 O_RDWR, &secretmem_fops);
+				 O_RDWR | O_LARGEFILE, &secretmem_fops);
 	if (IS_ERR(file))
 		goto err_free_inode;
 
@@ -222,6 +222,8 @@ static struct file *secretmem_file_create(unsigned long flags)
 	inode->i_mode |= S_IFREG;
 	inode->i_size = 0;
 
+	atomic_inc(&secretmem_users);
+
 	return file;
 
 err_free_inode:
@@ -255,9 +257,6 @@ SYSCALL_DEFINE1(memfd_secret, unsigned int, flags)
 		goto err_put_fd;
 	}
 
-	file->f_flags |= O_LARGEFILE;
-
-	atomic_inc(&secretmem_users);
 	fd_install(fd, file);
 	return fd;
 
-- 
2.39.5

[bpf_iter] get rid of redundant 3rd argument of prepare_seq_file()

[Al Viro]

[don't really care which tree that goes through; right now it's
in viro/vfs.git #work.misc, but if somebody prefers to grab it
through a different tree, just say so]
always equal to __get_seq_info(2nd argument)

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 kernel/bpf/bpf_iter.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/kernel/bpf/bpf_iter.c b/kernel/bpf/bpf_iter.c
index 380e9a7cac75..303ab1f42d3a 100644
--- a/kernel/bpf/bpf_iter.c
+++ b/kernel/bpf/bpf_iter.c
@@ -38,8 +38,7 @@ static DEFINE_MUTEX(link_mutex);
 /* incremented on every opened seq_file */
 static atomic64_t session_id;
 
-static int prepare_seq_file(struct file *file, struct bpf_iter_link *link,
-			    const struct bpf_iter_seq_info *seq_info);
+static int prepare_seq_file(struct file *file, struct bpf_iter_link *link);
 
 static void bpf_iter_inc_seq_num(struct seq_file *seq)
 {
@@ -257,7 +256,7 @@ static int iter_open(struct inode *inode, struct file *file)
 {
 	struct bpf_iter_link *link = inode->i_private;
 
-	return prepare_seq_file(file, link, __get_seq_info(link));
+	return prepare_seq_file(file, link);
 }
 
 static int iter_release(struct inode *inode, struct file *file)
@@ -586,9 +585,9 @@ static void init_seq_meta(struct bpf_iter_priv_data *priv_data,
 	priv_data->done_stop = false;
 }
 
-static int prepare_seq_file(struct file *file, struct bpf_iter_link *link,
-			    const struct bpf_iter_seq_info *seq_info)
+static int prepare_seq_file(struct file *file, struct bpf_iter_link *link)
 {
+	const struct bpf_iter_seq_info *seq_info = __get_seq_info(link);
 	struct bpf_iter_priv_data *priv_data;
 	struct bpf_iter_target_info *tinfo;
 	struct bpf_prog *prog;
@@ -653,7 +652,7 @@ int bpf_iter_new_fd(struct bpf_link *link)
 	}
 
 	iter_link = container_of(link, struct bpf_iter_link, link);
-	err = prepare_seq_file(file, iter_link, __get_seq_info(iter_link));
+	err = prepare_seq_file(file, iter_link);
 	if (err)
 		goto free_file;
 
-- 
2.39.5

Re: [bpf_iter] get rid of redundant 3rd argument of prepare_seq_file()

[Yonghong Song]

On 6/14/25 5:47 PM, Al Viro wrote:
> [don't really care which tree that goes through; right now it's
> in viro/vfs.git #work.misc, but if somebody prefers to grab it
> through a different tree, just say so]
> always equal to __get_seq_info(2nd argument)
>
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

LGTM. Thanks for simplifying the code.

Acked-by: Yonghong Song <yonghong.song@linux.dev>

> ---
>   kernel/bpf/bpf_iter.c | 11 +++++------
>   1 file changed, 5 insertions(+), 6 deletions(-)
>
> diff --git a/kernel/bpf/bpf_iter.c b/kernel/bpf/bpf_iter.c
> index 380e9a7cac75..303ab1f42d3a 100644
> --- a/kernel/bpf/bpf_iter.c
> +++ b/kernel/bpf/bpf_iter.c
> @@ -38,8 +38,7 @@ static DEFINE_MUTEX(link_mutex);
>   /* incremented on every opened seq_file */
>   static atomic64_t session_id;
>   
> -static int prepare_seq_file(struct file *file, struct bpf_iter_link *link,
> -			    const struct bpf_iter_seq_info *seq_info);
> +static int prepare_seq_file(struct file *file, struct bpf_iter_link *link);
>   
>   static void bpf_iter_inc_seq_num(struct seq_file *seq)
>   {
> @@ -257,7 +256,7 @@ static int iter_open(struct inode *inode, struct file *file)
>   {
>   	struct bpf_iter_link *link = inode->i_private;
>   
> -	return prepare_seq_file(file, link, __get_seq_info(link));
> +	return prepare_seq_file(file, link);
>   }
>   
>   static int iter_release(struct inode *inode, struct file *file)
> @@ -586,9 +585,9 @@ static void init_seq_meta(struct bpf_iter_priv_data *priv_data,
>   	priv_data->done_stop = false;
>   }
>   
> -static int prepare_seq_file(struct file *file, struct bpf_iter_link *link,
> -			    const struct bpf_iter_seq_info *seq_info)
> +static int prepare_seq_file(struct file *file, struct bpf_iter_link *link)
>   {
> +	const struct bpf_iter_seq_info *seq_info = __get_seq_info(link);
>   	struct bpf_iter_priv_data *priv_data;
>   	struct bpf_iter_target_info *tinfo;
>   	struct bpf_prog *prog;
> @@ -653,7 +652,7 @@ int bpf_iter_new_fd(struct bpf_link *link)
>   	}
>   
>   	iter_link = container_of(link, struct bpf_iter_link, link);
> -	err = prepare_seq_file(file, iter_link, __get_seq_info(iter_link));
> +	err = prepare_seq_file(file, iter_link);
>   	if (err)
>   		goto free_file;
>   

Re: [bpf_iter] get rid of redundant 3rd argument of prepare_seq_file()

[Alexei Starovoitov]

On Sat, Jun 14, 2025 at 5:47 PM Al Viro <viro@zeniv.linux.org.uk> wrote:
>
> [don't really care which tree that goes through; right now it's
> in viro/vfs.git #work.misc, but if somebody prefers to grab it
> through a different tree, just say so]
> always equal to __get_seq_info(2nd argument)

We'll take it through bpf-next,
but it needs a proper commit log that explains the motivation.
Just to clean up the code a bit ?
or something else?

Re: [bpf_iter] get rid of redundant 3rd argument of prepare_seq_file()

[Al Viro]

On Tue, Jun 17, 2025 at 10:31:37AM -0700, Alexei Starovoitov wrote:
> On Sat, Jun 14, 2025 at 5:47 PM Al Viro <viro@zeniv.linux.org.uk> wrote:
> >
> > [don't really care which tree that goes through; right now it's
> > in viro/vfs.git #work.misc, but if somebody prefers to grab it
> > through a different tree, just say so]
> > always equal to __get_seq_info(2nd argument)
> 
> We'll take it through bpf-next,
> but it needs a proper commit log that explains the motivation.
> Just to clean up the code a bit ?
> or something else?

Umm...  It had been sitting around for a couple of years, but IIRC
that was from doing data flow analysis for bpf_iter_seq_info.
I really don't remember details of that code audit, so just chalk
it up to cleaning the code up a bit.

Re: [bpf_iter] get rid of redundant 3rd argument of prepare_seq_file()

[Alexei Starovoitov]

On Tue, Jun 17, 2025 at 2:53 PM Al Viro <viro@zeniv.linux.org.uk> wrote:
>
> On Tue, Jun 17, 2025 at 10:31:37AM -0700, Alexei Starovoitov wrote:
> > On Sat, Jun 14, 2025 at 5:47 PM Al Viro <viro@zeniv.linux.org.uk> wrote:
> > >
> > > [don't really care which tree that goes through; right now it's
> > > in viro/vfs.git #work.misc, but if somebody prefers to grab it
> > > through a different tree, just say so]
> > > always equal to __get_seq_info(2nd argument)
> >
> > We'll take it through bpf-next,
> > but it needs a proper commit log that explains the motivation.
> > Just to clean up the code a bit ?
> > or something else?
>
> Umm...  It had been sitting around for a couple of years, but IIRC
> that was from doing data flow analysis for bpf_iter_seq_info.
> I really don't remember details of that code audit, so just chalk
> it up to cleaning the code up a bit.

Applied to bpf-next.

Re: [bpf_iter] get rid of redundant 3rd argument of prepare_seq_file()

[patchwork-bot+netdevbpf]

Hello:

This patch was applied to bpf/bpf-next.git (master)
by Alexei Starovoitov <ast@kernel.org>:

On Sun, 15 Jun 2025 01:47:19 +0100 you wrote:
> [don't really care which tree that goes through; right now it's
> in viro/vfs.git #work.misc, but if somebody prefers to grab it
> through a different tree, just say so]
> always equal to __get_seq_info(2nd argument)
> 
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> 
> [...]

Here is the summary with links:
  - [bpf_iter] get rid of redundant 3rd argument of prepare_seq_file()
    https://git.kernel.org/bpf/bpf-next/c/f5527f0171f0

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

Re: [PATCH] secretmem: move setting O_LARGEFILE and bumping users' count to the place where we create the file

[Andrew Morton]

On Sun, 15 Jun 2025 01:35:07 +0100 Al Viro <viro@zeniv.linux.org.uk> wrote:

> [don't really care which tree that goes through; right now it's
> in viro/vfs.git #work.misc, but if somebody prefers to grab it
> through a different tree, just say so]

(cc Mike)

> --- a/mm/secretmem.c
> +++ b/mm/secretmem.c
> @@ -208,7 +208,7 @@ static struct file *secretmem_file_create(unsigned long flags)
>  	}
>  
>  	file = alloc_file_pseudo(inode, secretmem_mnt, "secretmem",
> -				 O_RDWR, &secretmem_fops);
> +				 O_RDWR | O_LARGEFILE, &secretmem_fops);
>  	if (IS_ERR(file))
>  		goto err_free_inode;
>  
> @@ -222,6 +222,8 @@ static struct file *secretmem_file_create(unsigned long flags)
>  	inode->i_mode |= S_IFREG;
>  	inode->i_size = 0;
>  
> +	atomic_inc(&secretmem_users);
> +
>  	return file;
>  
>  err_free_inode:
> @@ -255,9 +257,6 @@ SYSCALL_DEFINE1(memfd_secret, unsigned int, flags)
>  		goto err_put_fd;
>  	}
>  
> -	file->f_flags |= O_LARGEFILE;
> -
> -	atomic_inc(&secretmem_users);
>  	fd_install(fd, file);
>  	return fd;
>  

Acked-by: Andrew Morton <akpm@linux-foundation.org>

Please retain this in the vfs tree.

Re: [PATCH] secretmem: move setting O_LARGEFILE and bumping users' count to the place where we create the file

[Mike Rapoport]

On Sun, Jun 15, 2025 at 02:46:10PM -0700, Andrew Morton wrote:
> On Sun, 15 Jun 2025 01:35:07 +0100 Al Viro <viro@zeniv.linux.org.uk> wrote:
> 
> > [don't really care which tree that goes through; right now it's
> > in viro/vfs.git #work.misc, but if somebody prefers to grab it
> > through a different tree, just say so]
> 
> (cc Mike)
> 
> > --- a/mm/secretmem.c
> > +++ b/mm/secretmem.c
> > @@ -208,7 +208,7 @@ static struct file *secretmem_file_create(unsigned long flags)
> >  	}
> >  
> >  	file = alloc_file_pseudo(inode, secretmem_mnt, "secretmem",
> > -				 O_RDWR, &secretmem_fops);
> > +				 O_RDWR | O_LARGEFILE, &secretmem_fops);
> >  	if (IS_ERR(file))
> >  		goto err_free_inode;
> >  
> > @@ -222,6 +222,8 @@ static struct file *secretmem_file_create(unsigned long flags)
> >  	inode->i_mode |= S_IFREG;
> >  	inode->i_size = 0;
> >  
> > +	atomic_inc(&secretmem_users);
> > +
> >  	return file;
> >  
> >  err_free_inode:
> > @@ -255,9 +257,6 @@ SYSCALL_DEFINE1(memfd_secret, unsigned int, flags)
> >  		goto err_put_fd;
> >  	}
> >  
> > -	file->f_flags |= O_LARGEFILE;
> > -
> > -	atomic_inc(&secretmem_users);
> >  	fd_install(fd, file);
> >  	return fd;
> >  
> 
> Acked-by: Andrew Morton <akpm@linux-foundation.org>

Acked-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
 
> Please retain this in the vfs tree.

-- 
Sincerely yours,
Mike.

Re: (subset) [PATCH] proc_fd_getattr(): don't bother with S_ISDIR() check

[Christian Brauner]

On Sun, 15 Jun 2025 01:33:21 +0100, Al Viro wrote:
> [don't really care which tree that goes through; right now it's
> in viro/vfs.git #work.misc, but if somebody prefers to grab it
> through a different tree, just say so]
> 
> that thing is callable only as ->i_op->getattr() instance and only
> for directory inodes (/proc/*/fd and /proc/*/task/*/fd)
> 
> [...]

Applied to the vfs-6.17.misc branch of the vfs/vfs.git tree.
Patches in the vfs-6.17.misc branch should appear in linux-next soon.

Please report any outstanding bugs that were missed during review in a
new review to the original patch series allowing us to drop it.

It's encouraged to provide Acked-bys and Reviewed-bys even though the
patch has now been applied. If possible patch trailers will be updated.

Note that commit hashes shown below are subject to change due to rebase,
trailer updates or similar. If in doubt, please check the listed branch.

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git
branch: vfs-6.17.misc

[1/1] proc_fd_getattr(): don't bother with S_ISDIR() check
      https://git.kernel.org/vfs/vfs/c/592063f3e692

[PATCH] binder_ioctl_write_read(): simplify control flow a bit

[Al Viro]

[don't really care which tree that goes through; right now it's
in viro/vfs.git #work.misc, but if somebody prefers to grab it
through a different tree, just say so]
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 drivers/android/binder.c | 20 ++++++--------------
 1 file changed, 6 insertions(+), 14 deletions(-)

diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index c463ca4a8fff..b00187ba273f 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -5384,10 +5384,9 @@ static int binder_ioctl_write_read(struct file *filp, unsigned long arg,
 	void __user *ubuf = (void __user *)arg;
 	struct binder_write_read bwr;
 
-	if (copy_from_user(&bwr, ubuf, sizeof(bwr))) {
-		ret = -EFAULT;
-		goto out;
-	}
+	if (copy_from_user(&bwr, ubuf, sizeof(bwr)))
+		return -EFAULT;
+
 	binder_debug(BINDER_DEBUG_READ_WRITE,
 		     "%d:%d write %lld at %016llx, read %lld at %016llx\n",
 		     proc->pid, thread->pid,
@@ -5402,8 +5401,6 @@ static int binder_ioctl_write_read(struct file *filp, unsigned long arg,
 		trace_binder_write_done(ret);
 		if (ret < 0) {
 			bwr.read_consumed = 0;
-			if (copy_to_user(ubuf, &bwr, sizeof(bwr)))
-				ret = -EFAULT;
 			goto out;
 		}
 	}
@@ -5417,22 +5414,17 @@ static int binder_ioctl_write_read(struct file *filp, unsigned long arg,
 		if (!binder_worklist_empty_ilocked(&proc->todo))
 			binder_wakeup_proc_ilocked(proc);
 		binder_inner_proc_unlock(proc);
-		if (ret < 0) {
-			if (copy_to_user(ubuf, &bwr, sizeof(bwr)))
-				ret = -EFAULT;
+		if (ret < 0)
 			goto out;
-		}
 	}
 	binder_debug(BINDER_DEBUG_READ_WRITE,
 		     "%d:%d wrote %lld of %lld, read return %lld of %lld\n",
 		     proc->pid, thread->pid,
 		     (u64)bwr.write_consumed, (u64)bwr.write_size,
 		     (u64)bwr.read_consumed, (u64)bwr.read_size);
-	if (copy_to_user(ubuf, &bwr, sizeof(bwr))) {
-		ret = -EFAULT;
-		goto out;
-	}
 out:
+	if (copy_to_user(ubuf, &bwr, sizeof(bwr)))
+		ret = -EFAULT;
 	return ret;
 }
 
-- 
2.39.5

Re: [PATCH] binder_ioctl_write_read(): simplify control flow a bit

[Greg Kroah-Hartman]

On Sun, Jun 15, 2025 at 03:03:27AM +0100, Al Viro wrote:
> [don't really care which tree that goes through; right now it's
> in viro/vfs.git #work.misc, but if somebody prefers to grab it
> through a different tree, just say so]

Fine with me for this to go through yours, thanks!

Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Re: [PATCH] don't duplicate vfs_open() in kernel_file_open()

[Christian Brauner]

On Sun, Jun 15, 2025 at 01:32:16AM +0100, Al Viro wrote:
> [don't really care which tree that goes through; right now it's
> in viro/vfs.git #work.misc, but if somebody prefers to grab it
> through a different tree, just say so]
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

Re: (subset) [PATCH] don't duplicate vfs_open() in kernel_file_open()

[Christian Brauner]

On Sun, 15 Jun 2025 01:32:16 +0100, Al Viro wrote:
> [don't really care which tree that goes through; right now it's
> in viro/vfs.git #work.misc, but if somebody prefers to grab it
> through a different tree, just say so]
> 
> 

Putting this into vfs-6.17.misc with the rest. Commit message updated ofc.

---

Applied to the vfs-6.17.misc branch of the vfs/vfs.git tree.
Patches in the vfs-6.17.misc branch should appear in linux-next soon.

Please report any outstanding bugs that were missed during review in a
new review to the original patch series allowing us to drop it.

It's encouraged to provide Acked-bys and Reviewed-bys even though the
patch has now been applied. If possible patch trailers will be updated.

Note that commit hashes shown below are subject to change due to rebase,
trailer updates or similar. If in doubt, please check the listed branch.

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git
branch: vfs-6.17.misc

[1/1] don't duplicate vfs_open() in kernel_file_open()
      https://git.kernel.org/vfs/vfs/c/55392e956e7f

[PATCH] selinuxfs_fill_super(): don't bother with selinuxfs_info_free() on failures

[Al Viro]

[don't really care which tree that goes through; right now it's
in viro/vfs.git #work.misc, but if somebody prefers to grab it
through a different tree, just say so]

Failures in there will be followed by sel_kill_sb(), which will call
selinuxfs_info_free() anyway.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 security/selinux/selinuxfs.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index e67a8ce4b64c..b44b5919f4af 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -2097,8 +2097,6 @@ static int sel_fill_super(struct super_block *sb, struct fs_context *fc)
 	pr_err("SELinux: %s:  failed while creating inodes\n",
 		__func__);
 
-	selinux_fs_info_free(sb);
-
 	return ret;
 }
 
-- 
2.39.5

Re: [PATCH] selinuxfs_fill_super(): don't bother with selinuxfs_info_free() on failures

[Christian Brauner]

On Sun, Jun 15, 2025 at 03:01:54AM +0100, Al Viro wrote:
> [don't really care which tree that goes through; right now it's
> in viro/vfs.git #work.misc, but if somebody prefers to grab it
> through a different tree, just say so]
> 
> Failures in there will be followed by sel_kill_sb(), which will call
> selinuxfs_info_free() anyway.
> 
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

Re: [PATCH] selinuxfs_fill_super(): don't bother with selinuxfs_info_free() on failures

[Paul Moore]

On Sat, Jun 14, 2025 at 10:02 PM Al Viro <viro@zeniv.linux.org.uk> wrote:
>
> [don't really care which tree that goes through; right now it's
> in viro/vfs.git #work.misc, but if somebody prefers to grab it
> through a different tree, just say so]
>
> Failures in there will be followed by sel_kill_sb(), which will call
> selinuxfs_info_free() anyway.
>
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---
>  security/selinux/selinuxfs.c | 2 --
>  1 file changed, 2 deletions(-)

Thanks Al.  I went ahead and merged this into the selinux/dev branch
to help avoid any merge issues, but if you've changed your mind and
feel strongly about taking it via your tree let me know.

-- 
paul-moore.com

Re: [PATCH] selinuxfs_fill_super(): don't bother with selinuxfs_info_free() on failures

[Al Viro]

On Tue, Jun 24, 2025 at 07:44:23PM -0400, Paul Moore wrote:
> On Sat, Jun 14, 2025 at 10:02 PM Al Viro <viro@zeniv.linux.org.uk> wrote:
> >
> > [don't really care which tree that goes through; right now it's
> > in viro/vfs.git #work.misc, but if somebody prefers to grab it
> > through a different tree, just say so]
> >
> > Failures in there will be followed by sel_kill_sb(), which will call
> > selinuxfs_info_free() anyway.
> >
> > Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> > ---
> >  security/selinux/selinuxfs.c | 2 --
> >  1 file changed, 2 deletions(-)
> 
> Thanks Al.  I went ahead and merged this into the selinux/dev branch
> to help avoid any merge issues, but if you've changed your mind and
> feel strongly about taking it via your tree let me know.

Dropped from #work.misc and #for-next

Re: [PATCH] apparmor: file never has NULL f_path.mnt

[Christian Brauner]

On Sun, Jun 15, 2025 at 01:31:10AM +0100, Al Viro wrote:
> [don't really care which tree that goes through; right now it's
> in viro/vfs.git #work.misc, but if somebody prefers to grab it
> through a different tree, just say so]
> 
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

Re: [PATCH] apparmor: file never has NULL f_path.mnt

[Ryan Lee]

Forwarding message thread to the AppArmor mailing list so that it also
has a record of this patch.

---------- Forwarded message ---------
From: Christian Brauner <brauner@kernel.org>
Date: Mon, Jun 16, 2025 at 7:23 AM
Subject: Re: [PATCH] apparmor: file never has NULL f_path.mnt
To: Al Viro <viro@zeniv.linux.org.uk>
Cc: <linux-fsdevel@vger.kernel.org>, <linux-security-module@vger.kernel.org>


On Sun, Jun 15, 2025 at 01:31:10AM +0100, Al Viro wrote:
> [don't really care which tree that goes through; right now it's
> in viro/vfs.git #work.misc, but if somebody prefers to grab it
> through a different tree, just say so]
>
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

Re: [PATCH] landlock: opened file never has a negative dentry

[Christian Brauner]

On Sun, Jun 15, 2025 at 01:30:11AM +0100, Al Viro wrote:
> [don't really care which tree that goes through; right now it's
> in viro/vfs.git #work.misc, but if somebody prefers to grab it
> through a different tree, just say so]
> 
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

Re: [PATCH] landlock: opened file never has a negative dentry

[Mickaël Salaün]

On Sun, Jun 15, 2025 at 01:30:11AM +0100, Al Viro wrote:
> [don't really care which tree that goes through; right now it's
> in viro/vfs.git #work.misc, but if somebody prefers to grab it
> through a different tree, just say so]
> 
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Acked-by: Mickaël Salaün <mic@digikod.net>

I'm happy to let you carry this patch with the others.  Thanks.

> ---
>  security/landlock/syscalls.c | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/security/landlock/syscalls.c b/security/landlock/syscalls.c
> index 33eafb71e4f3..0116e9f93ffe 100644
> --- a/security/landlock/syscalls.c
> +++ b/security/landlock/syscalls.c
> @@ -303,7 +303,6 @@ static int get_path_from_fd(const s32 fd, struct path *const path)
>  	if ((fd_file(f)->f_op == &ruleset_fops) ||
>  	    (fd_file(f)->f_path.mnt->mnt_flags & MNT_INTERNAL) ||
>  	    (fd_file(f)->f_path.dentry->d_sb->s_flags & SB_NOUSER) ||
> -	    d_is_negative(fd_file(f)->f_path.dentry) ||
>  	    IS_PRIVATE(d_backing_inode(fd_file(f)->f_path.dentry)))
>  		return -EBADFD;
>  
> -- 
> 2.39.5
> 
>