Linux Integrity Measurement development
 help / color / mirror / Atom feed
* [PATCH 7/8] sign-file: use 'struct module_signature' from the UAPI headers
From: Thomas Weißschuh @ 2026-03-02 12:42 UTC (permalink / raw)
  To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
	Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
	Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
	Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
	Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
	Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
	Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
	Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
	KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
  Cc: keyrings, linux-kernel, linux-modules, linux-s390,
	linux-integrity, linux-security-module, linux-kbuild, bpf,
	linux-kselftest, Thomas Weißschuh
In-Reply-To: <20260302-module-signature-uapi-v1-0-207d955e0d69@linutronix.de>

Now that the UAPI headers provide the required definitions, use those.
Some symbols have been renamed, adapt to those.

Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
---
 scripts/Makefile    |  1 +
 scripts/sign-file.c | 19 ++++---------------
 2 files changed, 5 insertions(+), 15 deletions(-)

diff --git a/scripts/Makefile b/scripts/Makefile
index 0941e5ce7b57..3434a82a119f 100644
--- a/scripts/Makefile
+++ b/scripts/Makefile
@@ -35,6 +35,7 @@ HOSTCFLAGS_sorttable.o = -I$(srctree)/tools/include
 HOSTLDLIBS_sorttable = -lpthread
 HOSTCFLAGS_asn1_compiler.o = -I$(srctree)/include
 HOSTCFLAGS_sign-file.o = $(shell $(HOSTPKG_CONFIG) --cflags libcrypto 2> /dev/null)
+HOSTCFLAGS_sign-file.o += -I$(srctree)/tools/include/uapi/
 HOSTLDLIBS_sign-file = $(shell $(HOSTPKG_CONFIG) --libs libcrypto 2> /dev/null || echo -lcrypto)
 
 ifdef CONFIG_UNWINDER_ORC
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 73fbefd2e540..86b010ac1514 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -40,19 +40,7 @@
 #endif
 #include "ssl-common.h"
 
-struct module_signature {
-	uint8_t		algo;		/* Public-key crypto algorithm [0] */
-	uint8_t		hash;		/* Digest algorithm [0] */
-	uint8_t		id_type;	/* Key identifier type [PKEY_ID_PKCS7] */
-	uint8_t		signer_len;	/* Length of signer's name [0] */
-	uint8_t		key_id_len;	/* Length of key identifier [0] */
-	uint8_t		__pad[3];
-	uint32_t	sig_len;	/* Length of signature data */
-};
-
-#define PKEY_ID_PKCS7 2
-
-static char magic_number[] = "~Module signature appended~\n";
+#include <linux/module_signature.h>
 
 static __attribute__((noreturn))
 void format(void)
@@ -197,7 +185,7 @@ static X509 *read_x509(const char *x509_name)
 
 int main(int argc, char **argv)
 {
-	struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 };
+	struct module_signature sig_info = { .id_type = MODULE_SIGNATURE_TYPE_PKCS7 };
 	char *hash_algo = NULL;
 	char *private_key_name = NULL, *raw_sig_name = NULL;
 	char *x509_name, *module_name, *dest_name;
@@ -357,7 +345,8 @@ int main(int argc, char **argv)
 	sig_size = BIO_number_written(bd) - module_size;
 	sig_info.sig_len = htonl(sig_size);
 	ERR(BIO_write(bd, &sig_info, sizeof(sig_info)) < 0, "%s", dest_name);
-	ERR(BIO_write(bd, magic_number, sizeof(magic_number) - 1) < 0, "%s", dest_name);
+	ERR(BIO_write(bd, MODULE_SIGNATURE_MARKER, sizeof(MODULE_SIGNATURE_MARKER) - 1) < 0,
+	    "%s", dest_name);
 
 	ERR(BIO_free(bd) != 1, "%s", dest_name);
 

-- 
2.53.0


^ permalink raw reply related

* [PATCH 6/8] tools uapi headers: add linux/module_signature.h
From: Thomas Weißschuh @ 2026-03-02 12:42 UTC (permalink / raw)
  To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
	Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
	Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
	Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
	Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
	Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
	Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
	Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
	KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
  Cc: keyrings, linux-kernel, linux-modules, linux-s390,
	linux-integrity, linux-security-module, linux-kbuild, bpf,
	linux-kselftest, Thomas Weißschuh
In-Reply-To: <20260302-module-signature-uapi-v1-0-207d955e0d69@linutronix.de>

This header is going to be used from scripts/sign-file.

Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
---
 tools/include/uapi/linux/module_signature.h | 42 +++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/tools/include/uapi/linux/module_signature.h b/tools/include/uapi/linux/module_signature.h
new file mode 100644
index 000000000000..6f4f7539fe8d
--- /dev/null
+++ b/tools/include/uapi/linux/module_signature.h
@@ -0,0 +1,42 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
+/*
+ * Module signature handling.
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ */
+
+#ifndef _UAPI_LINUX_MODULE_SIGNATURE_H
+#define _UAPI_LINUX_MODULE_SIGNATURE_H
+
+#include <linux/types.h>
+
+/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
+#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n"
+
+enum module_signature_type {
+	MODULE_SIGNATURE_TYPE_PKCS7 = 2,	/* Signature in PKCS#7 message */
+	MODULE_SIGNATURE_TYPE_MERKLE = 3,	/* Merkle proof for modules */
+};
+
+/*
+ * Module signature information block.
+ *
+ * The constituents of the signature section are, in order:
+ *
+ *	- Signer's name
+ *	- Key identifier
+ *	- Signature data
+ *	- Information block
+ */
+struct module_signature {
+	__u8	algo;		/* Public-key crypto algorithm [0] */
+	__u8	hash;		/* Digest algorithm [0] */
+	__u8	id_type;	/* Key identifier type [enum module_signature_type] */
+	__u8	signer_len;	/* Length of signer's name [0] */
+	__u8	key_id_len;	/* Length of key identifier [0] */
+	__u8	__pad[3];
+	__be32	sig_len;	/* Length of signature data */
+};
+
+#endif /* _UAPI_LINUX_MODULE_SIGNATURE_H */

-- 
2.53.0


^ permalink raw reply related

* [PATCH 5/8] modules: Move 'struct module_signature' to UAPI
From: Thomas Weißschuh @ 2026-03-02 12:42 UTC (permalink / raw)
  To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
	Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
	Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
	Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
	Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
	Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
	Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
	Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
	KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
  Cc: keyrings, linux-kernel, linux-modules, linux-s390,
	linux-integrity, linux-security-module, linux-kbuild, bpf,
	linux-kselftest, Thomas Weißschuh
In-Reply-To: <20260302-module-signature-uapi-v1-0-207d955e0d69@linutronix.de>

This structure definition is used outside the kernel proper.
For example in kmod and the kernel build environment.

To allow reuse, move it to a new UAPI header.

While it is not a true UAPI, it is a common practice to have
non-UAPI interface definitions in the kernel's UAPI headers.

Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
---
 include/linux/module_signature.h      | 28 +-----------------------
 include/uapi/linux/module_signature.h | 41 +++++++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+), 27 deletions(-)

diff --git a/include/linux/module_signature.h b/include/linux/module_signature.h
index 915549c779dc..db335d46787f 100644
--- a/include/linux/module_signature.h
+++ b/include/linux/module_signature.h
@@ -10,33 +10,7 @@
 #define _LINUX_MODULE_SIGNATURE_H
 
 #include <linux/types.h>
-
-/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
-#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n"
-
-enum module_signature_type {
-	MODULE_SIGNATURE_TYPE_PKCS7 = 2,	/* Signature in PKCS#7 message */
-};
-
-/*
- * Module signature information block.
- *
- * The constituents of the signature section are, in order:
- *
- *	- Signer's name
- *	- Key identifier
- *	- Signature data
- *	- Information block
- */
-struct module_signature {
-	u8	algo;		/* Public-key crypto algorithm [0] */
-	u8	hash;		/* Digest algorithm [0] */
-	u8	id_type;	/* Key identifier type [enum module_signature_type] */
-	u8	signer_len;	/* Length of signer's name [0] */
-	u8	key_id_len;	/* Length of key identifier [0] */
-	u8	__pad[3];
-	__be32	sig_len;	/* Length of signature data */
-};
+#include <uapi/linux/module_signature.h>
 
 int mod_check_sig(const struct module_signature *ms, size_t file_len,
 		  const char *name);
diff --git a/include/uapi/linux/module_signature.h b/include/uapi/linux/module_signature.h
new file mode 100644
index 000000000000..634c9f1c8fc2
--- /dev/null
+++ b/include/uapi/linux/module_signature.h
@@ -0,0 +1,41 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
+/*
+ * Module signature handling.
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ */
+
+#ifndef _UAPI_LINUX_MODULE_SIGNATURE_H
+#define _UAPI_LINUX_MODULE_SIGNATURE_H
+
+#include <linux/types.h>
+
+/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
+#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n"
+
+enum module_signature_type {
+	MODULE_SIGNATURE_TYPE_PKCS7 = 2,	/* Signature in PKCS#7 message */
+};
+
+/*
+ * Module signature information block.
+ *
+ * The constituents of the signature section are, in order:
+ *
+ *	- Signer's name
+ *	- Key identifier
+ *	- Signature data
+ *	- Information block
+ */
+struct module_signature {
+	__u8	algo;		/* Public-key crypto algorithm [0] */
+	__u8	hash;		/* Digest algorithm [0] */
+	__u8	id_type;	/* Key identifier type [enum module_signature_type] */
+	__u8	signer_len;	/* Length of signer's name [0] */
+	__u8	key_id_len;	/* Length of key identifier [0] */
+	__u8	__pad[3];
+	__be32	sig_len;	/* Length of signature data */
+};
+
+#endif /* _UAPI_LINUX_MODULE_SIGNATURE_H */

-- 
2.53.0


^ permalink raw reply related

* [PATCH 4/8] module: Give MODULE_SIG_STRING a more descriptive name
From: Thomas Weißschuh @ 2026-03-02 12:42 UTC (permalink / raw)
  To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
	Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
	Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
	Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
	Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
	Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
	Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
	Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
	KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
  Cc: keyrings, linux-kernel, linux-modules, linux-s390,
	linux-integrity, linux-security-module, linux-kbuild, bpf,
	linux-kselftest, Thomas Weißschuh
In-Reply-To: <20260302-module-signature-uapi-v1-0-207d955e0d69@linutronix.de>

The purpose of the constant it is not entirely clear from its name.

As this constant is going to be exposed in a UAPI header, give it a more
specific name for clarity. As all its users call it 'marker', use that
wording in the constant itself.

Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
---
 arch/s390/kernel/machine_kexec_file.c | 4 ++--
 include/linux/module_signature.h      | 2 +-
 kernel/module/signing.c               | 4 ++--
 security/integrity/ima/ima_modsig.c   | 6 +++---
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/arch/s390/kernel/machine_kexec_file.c b/arch/s390/kernel/machine_kexec_file.c
index 667ee9279e23..6f0852d5a3a9 100644
--- a/arch/s390/kernel/machine_kexec_file.c
+++ b/arch/s390/kernel/machine_kexec_file.c
@@ -28,7 +28,7 @@ const struct kexec_file_ops * const kexec_file_loaders[] = {
 #ifdef CONFIG_KEXEC_SIG
 int s390_verify_sig(const char *kernel, unsigned long kernel_len)
 {
-	const unsigned long marker_len = sizeof(MODULE_SIG_STRING) - 1;
+	const unsigned long marker_len = sizeof(MODULE_SIGNATURE_MARKER) - 1;
 	struct module_signature *ms;
 	unsigned long sig_len;
 	int ret;
@@ -40,7 +40,7 @@ int s390_verify_sig(const char *kernel, unsigned long kernel_len)
 	if (marker_len > kernel_len)
 		return -EKEYREJECTED;
 
-	if (memcmp(kernel + kernel_len - marker_len, MODULE_SIG_STRING,
+	if (memcmp(kernel + kernel_len - marker_len, MODULE_SIGNATURE_MARKER,
 		   marker_len))
 		return -EKEYREJECTED;
 	kernel_len -= marker_len;
diff --git a/include/linux/module_signature.h b/include/linux/module_signature.h
index c3a05d4cfe67..915549c779dc 100644
--- a/include/linux/module_signature.h
+++ b/include/linux/module_signature.h
@@ -12,7 +12,7 @@
 #include <linux/types.h>
 
 /* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
-#define MODULE_SIG_STRING "~Module signature appended~\n"
+#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n"
 
 enum module_signature_type {
 	MODULE_SIGNATURE_TYPE_PKCS7 = 2,	/* Signature in PKCS#7 message */
diff --git a/kernel/module/signing.c b/kernel/module/signing.c
index a2ff4242e623..590ba29c85ab 100644
--- a/kernel/module/signing.c
+++ b/kernel/module/signing.c
@@ -70,7 +70,7 @@ int mod_verify_sig(const void *mod, struct load_info *info)
 int module_sig_check(struct load_info *info, int flags)
 {
 	int err = -ENODATA;
-	const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
+	const unsigned long markerlen = sizeof(MODULE_SIGNATURE_MARKER) - 1;
 	const char *reason;
 	const void *mod = info->hdr;
 	bool mangled_module = flags & (MODULE_INIT_IGNORE_MODVERSIONS |
@@ -81,7 +81,7 @@ int module_sig_check(struct load_info *info, int flags)
 	 */
 	if (!mangled_module &&
 	    info->len > markerlen &&
-	    memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) {
+	    memcmp(mod + info->len - markerlen, MODULE_SIGNATURE_MARKER, markerlen) == 0) {
 		/* We truncate the module to discard the signature */
 		info->len -= markerlen;
 		err = mod_verify_sig(mod, info);
diff --git a/security/integrity/ima/ima_modsig.c b/security/integrity/ima/ima_modsig.c
index 9aa92fd35a03..632c746fd81e 100644
--- a/security/integrity/ima/ima_modsig.c
+++ b/security/integrity/ima/ima_modsig.c
@@ -40,7 +40,7 @@ struct modsig {
 int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len,
 		    struct modsig **modsig)
 {
-	const size_t marker_len = strlen(MODULE_SIG_STRING);
+	const size_t marker_len = strlen(MODULE_SIGNATURE_MARKER);
 	const struct module_signature *sig;
 	struct modsig *hdr;
 	size_t sig_len;
@@ -51,7 +51,7 @@ int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len,
 		return -ENOENT;
 
 	p = buf + buf_len - marker_len;
-	if (memcmp(p, MODULE_SIG_STRING, marker_len))
+	if (memcmp(p, MODULE_SIGNATURE_MARKER, marker_len))
 		return -ENOENT;
 
 	buf_len -= marker_len;
@@ -105,7 +105,7 @@ void ima_collect_modsig(struct modsig *modsig, const void *buf, loff_t size)
 	 * Provide the file contents (minus the appended sig) so that the PKCS7
 	 * code can calculate the file hash.
 	 */
-	size -= modsig->raw_pkcs7_len + strlen(MODULE_SIG_STRING) +
+	size -= modsig->raw_pkcs7_len + strlen(MODULE_SIGNATURE_MARKER) +
 		sizeof(struct module_signature);
 	rc = pkcs7_supply_detached_data(modsig->pkcs7_msg, buf, size);
 	if (rc)

-- 
2.53.0


^ permalink raw reply related

* [PATCH 3/8] module: Give 'enum pkey_id_type' a more specific name
From: Thomas Weißschuh @ 2026-03-02 12:42 UTC (permalink / raw)
  To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
	Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
	Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
	Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
	Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
	Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
	Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
	Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
	KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
  Cc: keyrings, linux-kernel, linux-modules, linux-s390,
	linux-integrity, linux-security-module, linux-kbuild, bpf,
	linux-kselftest, Thomas Weißschuh
In-Reply-To: <20260302-module-signature-uapi-v1-0-207d955e0d69@linutronix.de>

This enum originates in generic cryptographic code and has a very
generic name. Nowadays it is only used for module signatures.

As this enum is going to be exposed in a UAPI header, give it a more
specific name for clarity and consistency.

Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
---
 arch/s390/kernel/machine_kexec_file.c | 2 +-
 include/linux/module_signature.h      | 6 +++---
 kernel/module_signature.c             | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/arch/s390/kernel/machine_kexec_file.c b/arch/s390/kernel/machine_kexec_file.c
index 1bf59c3f0e2b..667ee9279e23 100644
--- a/arch/s390/kernel/machine_kexec_file.c
+++ b/arch/s390/kernel/machine_kexec_file.c
@@ -53,7 +53,7 @@ int s390_verify_sig(const char *kernel, unsigned long kernel_len)
 		return -EKEYREJECTED;
 	kernel_len -= sig_len;
 
-	if (ms->id_type != PKEY_ID_PKCS7)
+	if (ms->id_type != MODULE_SIGNATURE_TYPE_PKCS7)
 		return -EKEYREJECTED;
 
 	if (ms->algo != 0 ||
diff --git a/include/linux/module_signature.h b/include/linux/module_signature.h
index 820cc1473383..c3a05d4cfe67 100644
--- a/include/linux/module_signature.h
+++ b/include/linux/module_signature.h
@@ -14,8 +14,8 @@
 /* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
 #define MODULE_SIG_STRING "~Module signature appended~\n"
 
-enum pkey_id_type {
-	PKEY_ID_PKCS7 = 2,	/* Signature in PKCS#7 message */
+enum module_signature_type {
+	MODULE_SIGNATURE_TYPE_PKCS7 = 2,	/* Signature in PKCS#7 message */
 };
 
 /*
@@ -31,7 +31,7 @@ enum pkey_id_type {
 struct module_signature {
 	u8	algo;		/* Public-key crypto algorithm [0] */
 	u8	hash;		/* Digest algorithm [0] */
-	u8	id_type;	/* Key identifier type [PKEY_ID_PKCS7] */
+	u8	id_type;	/* Key identifier type [enum module_signature_type] */
 	u8	signer_len;	/* Length of signer's name [0] */
 	u8	key_id_len;	/* Length of key identifier [0] */
 	u8	__pad[3];
diff --git a/kernel/module_signature.c b/kernel/module_signature.c
index 00132d12487c..a0eee2fe4368 100644
--- a/kernel/module_signature.c
+++ b/kernel/module_signature.c
@@ -24,7 +24,7 @@ int mod_check_sig(const struct module_signature *ms, size_t file_len,
 	if (be32_to_cpu(ms->sig_len) >= file_len - sizeof(*ms))
 		return -EBADMSG;
 
-	if (ms->id_type != PKEY_ID_PKCS7) {
+	if (ms->id_type != MODULE_SIGNATURE_TYPE_PKCS7) {
 		pr_err("%s: not signed with expected PKCS#7 message\n",
 		       name);
 		return -ENOPKG;

-- 
2.53.0


^ permalink raw reply related

* [PATCH 2/8] module: Drop unused signature types
From: Thomas Weißschuh @ 2026-03-02 12:42 UTC (permalink / raw)
  To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
	Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
	Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
	Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
	Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
	Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
	Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
	Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
	KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
  Cc: keyrings, linux-kernel, linux-modules, linux-s390,
	linux-integrity, linux-security-module, linux-kbuild, bpf,
	linux-kselftest, Thomas Weißschuh
In-Reply-To: <20260302-module-signature-uapi-v1-0-207d955e0d69@linutronix.de>

Only PKCS#7 signatures are used today.

Remove the unused enum values. As this enum is used in on-disk data,
preserve the numeric value.

Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
---
 include/linux/module_signature.h | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/include/linux/module_signature.h b/include/linux/module_signature.h
index 7eb4b00381ac..820cc1473383 100644
--- a/include/linux/module_signature.h
+++ b/include/linux/module_signature.h
@@ -15,9 +15,7 @@
 #define MODULE_SIG_STRING "~Module signature appended~\n"
 
 enum pkey_id_type {
-	PKEY_ID_PGP,		/* OpenPGP generated key ID */
-	PKEY_ID_X509,		/* X.509 arbitrary subjectKeyIdentifier */
-	PKEY_ID_PKCS7,		/* Signature in PKCS#7 message */
+	PKEY_ID_PKCS7 = 2,	/* Signature in PKCS#7 message */
 };
 
 /*

-- 
2.53.0


^ permalink raw reply related

* [PATCH 1/8] extract-cert: drop unused definition of PKEY_ID_PKCS7
From: Thomas Weißschuh @ 2026-03-02 12:42 UTC (permalink / raw)
  To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
	Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
	Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
	Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
	Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
	Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
	Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
	Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
	KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
  Cc: keyrings, linux-kernel, linux-modules, linux-s390,
	linux-integrity, linux-security-module, linux-kbuild, bpf,
	linux-kselftest, Thomas Weißschuh
In-Reply-To: <20260302-module-signature-uapi-v1-0-207d955e0d69@linutronix.de>

This definition duplicates a definition from an internal kernel header
which is going to be renamed.

To get rid of an instance of the old name, drop the definition.

Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
---
 certs/extract-cert.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/certs/extract-cert.c b/certs/extract-cert.c
index 7d6d468ed612..8c762f908443 100644
--- a/certs/extract-cert.c
+++ b/certs/extract-cert.c
@@ -33,8 +33,6 @@
 #endif
 #include "ssl-common.h"
 
-#define PKEY_ID_PKCS7 2
-
 static __attribute__((noreturn))
 void format(void)
 {

-- 
2.53.0


^ permalink raw reply related

* [PATCH 0/8] modules: Move 'struct module_signature' to UAPI
From: Thomas Weißschuh @ 2026-03-02 12:42 UTC (permalink / raw)
  To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
	Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
	Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
	Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
	Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
	Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
	Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
	Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
	KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
  Cc: keyrings, linux-kernel, linux-modules, linux-s390,
	linux-integrity, linux-security-module, linux-kbuild, bpf,
	linux-kselftest, Thomas Weißschuh

This structure definition is used outside the kernel proper.
For example in kmod and the kernel build environment.

To allow reuse, move it to a new UAPI header.

While it is not a true UAPI, it is a common practice to have
non-UAPI interface definitions in the kernel's UAPI headers.

This came up as part of my CONFIG_MODULE_HASHES series [0].
But it is useful on its own and so we get it out of the way.

[0] https://lore.kernel.org/lkml/aZ3OfJJSJgfOb0rJ@levanger/

Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
---
Thomas Weißschuh (8):
      extract-cert: drop unused definition of PKEY_ID_PKCS7
      module: Drop unused signature types
      module: Give 'enum pkey_id_type' a more specific name
      module: Give MODULE_SIG_STRING a more descriptive name
      modules: Move 'struct module_signature' to UAPI
      tools uapi headers: add linux/module_signature.h
      sign-file: use 'struct module_signature' from the UAPI headers
      selftests/bpf: verify_pkcs7_sig: Use 'struct module_signature' from the UAPI headers

 arch/s390/kernel/machine_kexec_file.c              |  6 ++--
 certs/extract-cert.c                               |  2 --
 include/linux/module_signature.h                   | 30 +---------------
 include/uapi/linux/module_signature.h              | 41 +++++++++++++++++++++
 kernel/module/signing.c                            |  4 +--
 kernel/module_signature.c                          |  2 +-
 scripts/Makefile                                   |  1 +
 scripts/sign-file.c                                | 19 +++-------
 security/integrity/ima/ima_modsig.c                |  6 ++--
 tools/include/uapi/linux/module_signature.h        | 42 ++++++++++++++++++++++
 .../selftests/bpf/prog_tests/verify_pkcs7_sig.c    | 28 ++-------------
 11 files changed, 101 insertions(+), 80 deletions(-)
---
base-commit: 6de23f81a5e08be8fbf5e8d7e9febc72a5b5f27f
change-id: 20260302-module-signature-uapi-61fa80b1e2bb

Best regards,
-- 
Thomas Weißschuh <thomas.weissschuh@linutronix.de>


^ permalink raw reply

* FAILED: Patch "ima: verify the previous kernel's IMA buffer lies in addressable RAM" failed to apply to 5.10-stable tree
From: Sasha Levin @ 2026-03-01  2:02 UTC (permalink / raw)
  To: stable, harshit.m.mogalapalli
  Cc: Mimi Zohar, Alexander Graf, Ard Biesheuvel, Borislav Betkov,
	guoweikang, Henry Willard, H. Peter Anvin, Ingo Molnar,
	Jiri Bohac, Joel Granados, Jonathan McDowell, Mike Rapoport,
	Paul Webb, Sohil Mehta, Sourabh Jain, Thomas Gleinxer, Yifei Liu,
	Baoquan He, Andrew Morton, linux-integrity, linux-security-module

The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.

Thanks,
Sasha

------------------ original commit in Linus's tree ------------------

From 10d1c75ed4382a8e79874379caa2ead8952734f9 Mon Sep 17 00:00:00 2001
From: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Date: Tue, 30 Dec 2025 22:16:07 -0800
Subject: [PATCH] ima: verify the previous kernel's IMA buffer lies in
 addressable RAM

Patch series "Address page fault in ima_restore_measurement_list()", v3.

When the second-stage kernel is booted via kexec with a limiting command
line such as "mem=<size>" we observe a pafe fault that happens.

    BUG: unable to handle page fault for address: ffff97793ff47000
    RIP: ima_restore_measurement_list+0xdc/0x45a
    #PF: error_code(0x0000)  not-present page

This happens on x86_64 only, as this is already fixed in aarch64 in
commit: cbf9c4b9617b ("of: check previous kernel's ima-kexec-buffer
against memory bounds")


This patch (of 3):

When the second-stage kernel is booted with a limiting command line (e.g.
"mem=<size>"), the IMA measurement buffer handed over from the previous
kernel may fall outside the addressable RAM of the new kernel.  Accessing
such a buffer can fault during early restore.

Introduce a small generic helper, ima_validate_range(), which verifies
that a physical [start, end] range for the previous-kernel IMA buffer lies
within addressable memory:
	- On x86, use pfn_range_is_mapped().
	- On OF based architectures, use page_is_ram().

Link: https://lkml.kernel.org/r/20251231061609.907170-1-harshit.m.mogalapalli@oracle.com
Link: https://lkml.kernel.org/r/20251231061609.907170-2-harshit.m.mogalapalli@oracle.com
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Cc: Alexander Graf <graf@amazon.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Borislav Betkov <bp@alien8.de>
Cc: guoweikang <guoweikang.kernel@gmail.com>
Cc: Henry Willard <henry.willard@oracle.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Bohac <jbohac@suse.cz>
Cc: Joel Granados <joel.granados@kernel.org>
Cc: Jonathan McDowell <noodles@fb.com>
Cc: Mike Rapoport <rppt@kernel.org>
Cc: Paul Webb <paul.x.webb@oracle.com>
Cc: Sohil Mehta <sohil.mehta@intel.com>
Cc: Sourabh Jain <sourabhjain@linux.ibm.com>
Cc: Thomas Gleinxer <tglx@linutronix.de>
Cc: Yifei Liu <yifei.l.liu@oracle.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
 include/linux/ima.h                |  1 +
 security/integrity/ima/ima_kexec.c | 35 ++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/include/linux/ima.h b/include/linux/ima.h
index 8e29cb4e6a01d..abf8923f8fc51 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -69,6 +69,7 @@ static inline int ima_measure_critical_data(const char *event_label,
 #ifdef CONFIG_HAVE_IMA_KEXEC
 int __init ima_free_kexec_buffer(void);
 int __init ima_get_kexec_buffer(void **addr, size_t *size);
+int ima_validate_range(phys_addr_t phys, size_t size);
 #endif
 
 #ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
index 5beb69edd12fd..36a34c54de58b 100644
--- a/security/integrity/ima/ima_kexec.c
+++ b/security/integrity/ima/ima_kexec.c
@@ -12,6 +12,8 @@
 #include <linux/kexec.h>
 #include <linux/of.h>
 #include <linux/ima.h>
+#include <linux/mm.h>
+#include <linux/overflow.h>
 #include <linux/reboot.h>
 #include <asm/page.h>
 #include "ima.h"
@@ -294,3 +296,36 @@ void __init ima_load_kexec_buffer(void)
 		pr_debug("Error restoring the measurement list: %d\n", rc);
 	}
 }
+
+/*
+ * ima_validate_range - verify a physical buffer lies in addressable RAM
+ * @phys: physical start address of the buffer from previous kernel
+ * @size: size of the buffer
+ *
+ * On success return 0. On failure returns -EINVAL so callers can skip
+ * restoring.
+ */
+int ima_validate_range(phys_addr_t phys, size_t size)
+{
+	unsigned long start_pfn, end_pfn;
+	phys_addr_t end_phys;
+
+	if (check_add_overflow(phys, (phys_addr_t)size - 1, &end_phys))
+		return -EINVAL;
+
+	start_pfn = PHYS_PFN(phys);
+	end_pfn = PHYS_PFN(end_phys);
+
+#ifdef CONFIG_X86
+	if (!pfn_range_is_mapped(start_pfn, end_pfn))
+#else
+	if (!page_is_ram(start_pfn) || !page_is_ram(end_pfn))
+#endif
+	{
+		pr_warn("IMA: previous kernel measurement buffer %pa (size 0x%zx) lies outside available memory\n",
+			&phys, size);
+		return -EINVAL;
+	}
+
+	return 0;
+}
-- 
2.51.0





^ permalink raw reply related

* FAILED: Patch "ima: verify the previous kernel's IMA buffer lies in addressable RAM" failed to apply to 5.15-stable tree
From: Sasha Levin @ 2026-03-01  1:52 UTC (permalink / raw)
  To: stable, harshit.m.mogalapalli
  Cc: Mimi Zohar, Alexander Graf, Ard Biesheuvel, Borislav Betkov,
	guoweikang, Henry Willard, H. Peter Anvin, Ingo Molnar,
	Jiri Bohac, Joel Granados, Jonathan McDowell, Mike Rapoport,
	Paul Webb, Sohil Mehta, Sourabh Jain, Thomas Gleinxer, Yifei Liu,
	Baoquan He, Andrew Morton, linux-integrity, linux-security-module

The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.

Thanks,
Sasha

------------------ original commit in Linus's tree ------------------

From 10d1c75ed4382a8e79874379caa2ead8952734f9 Mon Sep 17 00:00:00 2001
From: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Date: Tue, 30 Dec 2025 22:16:07 -0800
Subject: [PATCH] ima: verify the previous kernel's IMA buffer lies in
 addressable RAM

Patch series "Address page fault in ima_restore_measurement_list()", v3.

When the second-stage kernel is booted via kexec with a limiting command
line such as "mem=<size>" we observe a pafe fault that happens.

    BUG: unable to handle page fault for address: ffff97793ff47000
    RIP: ima_restore_measurement_list+0xdc/0x45a
    #PF: error_code(0x0000)  not-present page

This happens on x86_64 only, as this is already fixed in aarch64 in
commit: cbf9c4b9617b ("of: check previous kernel's ima-kexec-buffer
against memory bounds")


This patch (of 3):

When the second-stage kernel is booted with a limiting command line (e.g.
"mem=<size>"), the IMA measurement buffer handed over from the previous
kernel may fall outside the addressable RAM of the new kernel.  Accessing
such a buffer can fault during early restore.

Introduce a small generic helper, ima_validate_range(), which verifies
that a physical [start, end] range for the previous-kernel IMA buffer lies
within addressable memory:
	- On x86, use pfn_range_is_mapped().
	- On OF based architectures, use page_is_ram().

Link: https://lkml.kernel.org/r/20251231061609.907170-1-harshit.m.mogalapalli@oracle.com
Link: https://lkml.kernel.org/r/20251231061609.907170-2-harshit.m.mogalapalli@oracle.com
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Cc: Alexander Graf <graf@amazon.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Borislav Betkov <bp@alien8.de>
Cc: guoweikang <guoweikang.kernel@gmail.com>
Cc: Henry Willard <henry.willard@oracle.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Bohac <jbohac@suse.cz>
Cc: Joel Granados <joel.granados@kernel.org>
Cc: Jonathan McDowell <noodles@fb.com>
Cc: Mike Rapoport <rppt@kernel.org>
Cc: Paul Webb <paul.x.webb@oracle.com>
Cc: Sohil Mehta <sohil.mehta@intel.com>
Cc: Sourabh Jain <sourabhjain@linux.ibm.com>
Cc: Thomas Gleinxer <tglx@linutronix.de>
Cc: Yifei Liu <yifei.l.liu@oracle.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
 include/linux/ima.h                |  1 +
 security/integrity/ima/ima_kexec.c | 35 ++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/include/linux/ima.h b/include/linux/ima.h
index 8e29cb4e6a01d..abf8923f8fc51 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -69,6 +69,7 @@ static inline int ima_measure_critical_data(const char *event_label,
 #ifdef CONFIG_HAVE_IMA_KEXEC
 int __init ima_free_kexec_buffer(void);
 int __init ima_get_kexec_buffer(void **addr, size_t *size);
+int ima_validate_range(phys_addr_t phys, size_t size);
 #endif
 
 #ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
index 5beb69edd12fd..36a34c54de58b 100644
--- a/security/integrity/ima/ima_kexec.c
+++ b/security/integrity/ima/ima_kexec.c
@@ -12,6 +12,8 @@
 #include <linux/kexec.h>
 #include <linux/of.h>
 #include <linux/ima.h>
+#include <linux/mm.h>
+#include <linux/overflow.h>
 #include <linux/reboot.h>
 #include <asm/page.h>
 #include "ima.h"
@@ -294,3 +296,36 @@ void __init ima_load_kexec_buffer(void)
 		pr_debug("Error restoring the measurement list: %d\n", rc);
 	}
 }
+
+/*
+ * ima_validate_range - verify a physical buffer lies in addressable RAM
+ * @phys: physical start address of the buffer from previous kernel
+ * @size: size of the buffer
+ *
+ * On success return 0. On failure returns -EINVAL so callers can skip
+ * restoring.
+ */
+int ima_validate_range(phys_addr_t phys, size_t size)
+{
+	unsigned long start_pfn, end_pfn;
+	phys_addr_t end_phys;
+
+	if (check_add_overflow(phys, (phys_addr_t)size - 1, &end_phys))
+		return -EINVAL;
+
+	start_pfn = PHYS_PFN(phys);
+	end_pfn = PHYS_PFN(end_phys);
+
+#ifdef CONFIG_X86
+	if (!pfn_range_is_mapped(start_pfn, end_pfn))
+#else
+	if (!page_is_ram(start_pfn) || !page_is_ram(end_pfn))
+#endif
+	{
+		pr_warn("IMA: previous kernel measurement buffer %pa (size 0x%zx) lies outside available memory\n",
+			&phys, size);
+		return -EINVAL;
+	}
+
+	return 0;
+}
-- 
2.51.0





^ permalink raw reply related

* FAILED: Patch "ima: verify the previous kernel's IMA buffer lies in addressable RAM" failed to apply to 6.1-stable tree
From: Sasha Levin @ 2026-03-01  1:43 UTC (permalink / raw)
  To: stable, harshit.m.mogalapalli
  Cc: Mimi Zohar, Alexander Graf, Ard Biesheuvel, Borislav Betkov,
	guoweikang, Henry Willard, H. Peter Anvin, Ingo Molnar,
	Jiri Bohac, Joel Granados, Jonathan McDowell, Mike Rapoport,
	Paul Webb, Sohil Mehta, Sourabh Jain, Thomas Gleinxer, Yifei Liu,
	Baoquan He, Andrew Morton, linux-integrity, linux-security-module

The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.

Thanks,
Sasha

------------------ original commit in Linus's tree ------------------

From 10d1c75ed4382a8e79874379caa2ead8952734f9 Mon Sep 17 00:00:00 2001
From: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Date: Tue, 30 Dec 2025 22:16:07 -0800
Subject: [PATCH] ima: verify the previous kernel's IMA buffer lies in
 addressable RAM

Patch series "Address page fault in ima_restore_measurement_list()", v3.

When the second-stage kernel is booted via kexec with a limiting command
line such as "mem=<size>" we observe a pafe fault that happens.

    BUG: unable to handle page fault for address: ffff97793ff47000
    RIP: ima_restore_measurement_list+0xdc/0x45a
    #PF: error_code(0x0000)  not-present page

This happens on x86_64 only, as this is already fixed in aarch64 in
commit: cbf9c4b9617b ("of: check previous kernel's ima-kexec-buffer
against memory bounds")


This patch (of 3):

When the second-stage kernel is booted with a limiting command line (e.g.
"mem=<size>"), the IMA measurement buffer handed over from the previous
kernel may fall outside the addressable RAM of the new kernel.  Accessing
such a buffer can fault during early restore.

Introduce a small generic helper, ima_validate_range(), which verifies
that a physical [start, end] range for the previous-kernel IMA buffer lies
within addressable memory:
	- On x86, use pfn_range_is_mapped().
	- On OF based architectures, use page_is_ram().

Link: https://lkml.kernel.org/r/20251231061609.907170-1-harshit.m.mogalapalli@oracle.com
Link: https://lkml.kernel.org/r/20251231061609.907170-2-harshit.m.mogalapalli@oracle.com
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Cc: Alexander Graf <graf@amazon.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Borislav Betkov <bp@alien8.de>
Cc: guoweikang <guoweikang.kernel@gmail.com>
Cc: Henry Willard <henry.willard@oracle.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Bohac <jbohac@suse.cz>
Cc: Joel Granados <joel.granados@kernel.org>
Cc: Jonathan McDowell <noodles@fb.com>
Cc: Mike Rapoport <rppt@kernel.org>
Cc: Paul Webb <paul.x.webb@oracle.com>
Cc: Sohil Mehta <sohil.mehta@intel.com>
Cc: Sourabh Jain <sourabhjain@linux.ibm.com>
Cc: Thomas Gleinxer <tglx@linutronix.de>
Cc: Yifei Liu <yifei.l.liu@oracle.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
 include/linux/ima.h                |  1 +
 security/integrity/ima/ima_kexec.c | 35 ++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/include/linux/ima.h b/include/linux/ima.h
index 8e29cb4e6a01d..abf8923f8fc51 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -69,6 +69,7 @@ static inline int ima_measure_critical_data(const char *event_label,
 #ifdef CONFIG_HAVE_IMA_KEXEC
 int __init ima_free_kexec_buffer(void);
 int __init ima_get_kexec_buffer(void **addr, size_t *size);
+int ima_validate_range(phys_addr_t phys, size_t size);
 #endif
 
 #ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
index 5beb69edd12fd..36a34c54de58b 100644
--- a/security/integrity/ima/ima_kexec.c
+++ b/security/integrity/ima/ima_kexec.c
@@ -12,6 +12,8 @@
 #include <linux/kexec.h>
 #include <linux/of.h>
 #include <linux/ima.h>
+#include <linux/mm.h>
+#include <linux/overflow.h>
 #include <linux/reboot.h>
 #include <asm/page.h>
 #include "ima.h"
@@ -294,3 +296,36 @@ void __init ima_load_kexec_buffer(void)
 		pr_debug("Error restoring the measurement list: %d\n", rc);
 	}
 }
+
+/*
+ * ima_validate_range - verify a physical buffer lies in addressable RAM
+ * @phys: physical start address of the buffer from previous kernel
+ * @size: size of the buffer
+ *
+ * On success return 0. On failure returns -EINVAL so callers can skip
+ * restoring.
+ */
+int ima_validate_range(phys_addr_t phys, size_t size)
+{
+	unsigned long start_pfn, end_pfn;
+	phys_addr_t end_phys;
+
+	if (check_add_overflow(phys, (phys_addr_t)size - 1, &end_phys))
+		return -EINVAL;
+
+	start_pfn = PHYS_PFN(phys);
+	end_pfn = PHYS_PFN(end_phys);
+
+#ifdef CONFIG_X86
+	if (!pfn_range_is_mapped(start_pfn, end_pfn))
+#else
+	if (!page_is_ram(start_pfn) || !page_is_ram(end_pfn))
+#endif
+	{
+		pr_warn("IMA: previous kernel measurement buffer %pa (size 0x%zx) lies outside available memory\n",
+			&phys, size);
+		return -EINVAL;
+	}
+
+	return 0;
+}
-- 
2.51.0





^ permalink raw reply related

* FAILED: Patch "ima: verify the previous kernel's IMA buffer lies in addressable RAM" failed to apply to 6.6-stable tree
From: Sasha Levin @ 2026-03-01  1:34 UTC (permalink / raw)
  To: stable, harshit.m.mogalapalli
  Cc: Mimi Zohar, Alexander Graf, Ard Biesheuvel, Borislav Betkov,
	guoweikang, Henry Willard, H. Peter Anvin, Ingo Molnar,
	Jiri Bohac, Joel Granados, Jonathan McDowell, Mike Rapoport,
	Paul Webb, Sohil Mehta, Sourabh Jain, Thomas Gleinxer, Yifei Liu,
	Baoquan He, Andrew Morton, linux-integrity, linux-security-module

The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.

Thanks,
Sasha

------------------ original commit in Linus's tree ------------------

From 10d1c75ed4382a8e79874379caa2ead8952734f9 Mon Sep 17 00:00:00 2001
From: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Date: Tue, 30 Dec 2025 22:16:07 -0800
Subject: [PATCH] ima: verify the previous kernel's IMA buffer lies in
 addressable RAM

Patch series "Address page fault in ima_restore_measurement_list()", v3.

When the second-stage kernel is booted via kexec with a limiting command
line such as "mem=<size>" we observe a pafe fault that happens.

    BUG: unable to handle page fault for address: ffff97793ff47000
    RIP: ima_restore_measurement_list+0xdc/0x45a
    #PF: error_code(0x0000)  not-present page

This happens on x86_64 only, as this is already fixed in aarch64 in
commit: cbf9c4b9617b ("of: check previous kernel's ima-kexec-buffer
against memory bounds")


This patch (of 3):

When the second-stage kernel is booted with a limiting command line (e.g.
"mem=<size>"), the IMA measurement buffer handed over from the previous
kernel may fall outside the addressable RAM of the new kernel.  Accessing
such a buffer can fault during early restore.

Introduce a small generic helper, ima_validate_range(), which verifies
that a physical [start, end] range for the previous-kernel IMA buffer lies
within addressable memory:
	- On x86, use pfn_range_is_mapped().
	- On OF based architectures, use page_is_ram().

Link: https://lkml.kernel.org/r/20251231061609.907170-1-harshit.m.mogalapalli@oracle.com
Link: https://lkml.kernel.org/r/20251231061609.907170-2-harshit.m.mogalapalli@oracle.com
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Cc: Alexander Graf <graf@amazon.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Borislav Betkov <bp@alien8.de>
Cc: guoweikang <guoweikang.kernel@gmail.com>
Cc: Henry Willard <henry.willard@oracle.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Bohac <jbohac@suse.cz>
Cc: Joel Granados <joel.granados@kernel.org>
Cc: Jonathan McDowell <noodles@fb.com>
Cc: Mike Rapoport <rppt@kernel.org>
Cc: Paul Webb <paul.x.webb@oracle.com>
Cc: Sohil Mehta <sohil.mehta@intel.com>
Cc: Sourabh Jain <sourabhjain@linux.ibm.com>
Cc: Thomas Gleinxer <tglx@linutronix.de>
Cc: Yifei Liu <yifei.l.liu@oracle.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
 include/linux/ima.h                |  1 +
 security/integrity/ima/ima_kexec.c | 35 ++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/include/linux/ima.h b/include/linux/ima.h
index 8e29cb4e6a01d..abf8923f8fc51 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -69,6 +69,7 @@ static inline int ima_measure_critical_data(const char *event_label,
 #ifdef CONFIG_HAVE_IMA_KEXEC
 int __init ima_free_kexec_buffer(void);
 int __init ima_get_kexec_buffer(void **addr, size_t *size);
+int ima_validate_range(phys_addr_t phys, size_t size);
 #endif
 
 #ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
index 5beb69edd12fd..36a34c54de58b 100644
--- a/security/integrity/ima/ima_kexec.c
+++ b/security/integrity/ima/ima_kexec.c
@@ -12,6 +12,8 @@
 #include <linux/kexec.h>
 #include <linux/of.h>
 #include <linux/ima.h>
+#include <linux/mm.h>
+#include <linux/overflow.h>
 #include <linux/reboot.h>
 #include <asm/page.h>
 #include "ima.h"
@@ -294,3 +296,36 @@ void __init ima_load_kexec_buffer(void)
 		pr_debug("Error restoring the measurement list: %d\n", rc);
 	}
 }
+
+/*
+ * ima_validate_range - verify a physical buffer lies in addressable RAM
+ * @phys: physical start address of the buffer from previous kernel
+ * @size: size of the buffer
+ *
+ * On success return 0. On failure returns -EINVAL so callers can skip
+ * restoring.
+ */
+int ima_validate_range(phys_addr_t phys, size_t size)
+{
+	unsigned long start_pfn, end_pfn;
+	phys_addr_t end_phys;
+
+	if (check_add_overflow(phys, (phys_addr_t)size - 1, &end_phys))
+		return -EINVAL;
+
+	start_pfn = PHYS_PFN(phys);
+	end_pfn = PHYS_PFN(end_phys);
+
+#ifdef CONFIG_X86
+	if (!pfn_range_is_mapped(start_pfn, end_pfn))
+#else
+	if (!page_is_ram(start_pfn) || !page_is_ram(end_pfn))
+#endif
+	{
+		pr_warn("IMA: previous kernel measurement buffer %pa (size 0x%zx) lies outside available memory\n",
+			&phys, size);
+		return -EINVAL;
+	}
+
+	return 0;
+}
-- 
2.51.0





^ permalink raw reply related

* FAILED: Patch "ima: verify the previous kernel's IMA buffer lies in addressable RAM" failed to apply to 6.12-stable tree
From: Sasha Levin @ 2026-03-01  1:23 UTC (permalink / raw)
  To: stable, harshit.m.mogalapalli
  Cc: Mimi Zohar, Alexander Graf, Ard Biesheuvel, Borislav Betkov,
	guoweikang, Henry Willard, H. Peter Anvin, Ingo Molnar,
	Jiri Bohac, Joel Granados, Jonathan McDowell, Mike Rapoport,
	Paul Webb, Sohil Mehta, Sourabh Jain, Thomas Gleinxer, Yifei Liu,
	Baoquan He, Andrew Morton, linux-integrity, linux-security-module

The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.

Thanks,
Sasha

------------------ original commit in Linus's tree ------------------

From 10d1c75ed4382a8e79874379caa2ead8952734f9 Mon Sep 17 00:00:00 2001
From: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Date: Tue, 30 Dec 2025 22:16:07 -0800
Subject: [PATCH] ima: verify the previous kernel's IMA buffer lies in
 addressable RAM

Patch series "Address page fault in ima_restore_measurement_list()", v3.

When the second-stage kernel is booted via kexec with a limiting command
line such as "mem=<size>" we observe a pafe fault that happens.

    BUG: unable to handle page fault for address: ffff97793ff47000
    RIP: ima_restore_measurement_list+0xdc/0x45a
    #PF: error_code(0x0000)  not-present page

This happens on x86_64 only, as this is already fixed in aarch64 in
commit: cbf9c4b9617b ("of: check previous kernel's ima-kexec-buffer
against memory bounds")


This patch (of 3):

When the second-stage kernel is booted with a limiting command line (e.g.
"mem=<size>"), the IMA measurement buffer handed over from the previous
kernel may fall outside the addressable RAM of the new kernel.  Accessing
such a buffer can fault during early restore.

Introduce a small generic helper, ima_validate_range(), which verifies
that a physical [start, end] range for the previous-kernel IMA buffer lies
within addressable memory:
	- On x86, use pfn_range_is_mapped().
	- On OF based architectures, use page_is_ram().

Link: https://lkml.kernel.org/r/20251231061609.907170-1-harshit.m.mogalapalli@oracle.com
Link: https://lkml.kernel.org/r/20251231061609.907170-2-harshit.m.mogalapalli@oracle.com
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Cc: Alexander Graf <graf@amazon.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Borislav Betkov <bp@alien8.de>
Cc: guoweikang <guoweikang.kernel@gmail.com>
Cc: Henry Willard <henry.willard@oracle.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Bohac <jbohac@suse.cz>
Cc: Joel Granados <joel.granados@kernel.org>
Cc: Jonathan McDowell <noodles@fb.com>
Cc: Mike Rapoport <rppt@kernel.org>
Cc: Paul Webb <paul.x.webb@oracle.com>
Cc: Sohil Mehta <sohil.mehta@intel.com>
Cc: Sourabh Jain <sourabhjain@linux.ibm.com>
Cc: Thomas Gleinxer <tglx@linutronix.de>
Cc: Yifei Liu <yifei.l.liu@oracle.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
 include/linux/ima.h                |  1 +
 security/integrity/ima/ima_kexec.c | 35 ++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/include/linux/ima.h b/include/linux/ima.h
index 8e29cb4e6a01d..abf8923f8fc51 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -69,6 +69,7 @@ static inline int ima_measure_critical_data(const char *event_label,
 #ifdef CONFIG_HAVE_IMA_KEXEC
 int __init ima_free_kexec_buffer(void);
 int __init ima_get_kexec_buffer(void **addr, size_t *size);
+int ima_validate_range(phys_addr_t phys, size_t size);
 #endif
 
 #ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
index 5beb69edd12fd..36a34c54de58b 100644
--- a/security/integrity/ima/ima_kexec.c
+++ b/security/integrity/ima/ima_kexec.c
@@ -12,6 +12,8 @@
 #include <linux/kexec.h>
 #include <linux/of.h>
 #include <linux/ima.h>
+#include <linux/mm.h>
+#include <linux/overflow.h>
 #include <linux/reboot.h>
 #include <asm/page.h>
 #include "ima.h"
@@ -294,3 +296,36 @@ void __init ima_load_kexec_buffer(void)
 		pr_debug("Error restoring the measurement list: %d\n", rc);
 	}
 }
+
+/*
+ * ima_validate_range - verify a physical buffer lies in addressable RAM
+ * @phys: physical start address of the buffer from previous kernel
+ * @size: size of the buffer
+ *
+ * On success return 0. On failure returns -EINVAL so callers can skip
+ * restoring.
+ */
+int ima_validate_range(phys_addr_t phys, size_t size)
+{
+	unsigned long start_pfn, end_pfn;
+	phys_addr_t end_phys;
+
+	if (check_add_overflow(phys, (phys_addr_t)size - 1, &end_phys))
+		return -EINVAL;
+
+	start_pfn = PHYS_PFN(phys);
+	end_pfn = PHYS_PFN(end_phys);
+
+#ifdef CONFIG_X86
+	if (!pfn_range_is_mapped(start_pfn, end_pfn))
+#else
+	if (!page_is_ram(start_pfn) || !page_is_ram(end_pfn))
+#endif
+	{
+		pr_warn("IMA: previous kernel measurement buffer %pa (size 0x%zx) lies outside available memory\n",
+			&phys, size);
+		return -EINVAL;
+	}
+
+	return 0;
+}
-- 
2.51.0





^ permalink raw reply related

* Re: [PATCH 03/61] trace: update VFS-layer trace events for u64 i_ino
From: Jeff Layton @ 2026-02-27 21:05 UTC (permalink / raw)
  To: Steven Rostedt
  Cc: Alexander Viro, Christian Brauner, Jan Kara, Masami Hiramatsu,
	Mathieu Desnoyers, Dan Williams, Matthew Wilcox, Eric Biggers,
	Theodore Y. Ts'o, Muchun Song, Oscar Salvador,
	David Hildenbrand, David Howells, Paulo Alcantara, Andreas Dilger,
	Jan Kara, Jaegeuk Kim, Chao Yu, Trond Myklebust, Anna Schumaker,
	Chuck Lever, NeilBrown, Olga Kornievskaia, Dai Ngo, Tom Talpey,
	Steve French, Ronnie Sahlberg, Shyam Prasad N, Bharath SM,
	Alexander Aring, Ryusuke Konishi, Viacheslav Dubeyko,
	Eric Van Hensbergen, Latchesar Ionkov, Dominique Martinet,
	Christian Schoenebeck, David Sterba, Marc Dionne, Ian Kent,
	Luis de Bethencourt, Salah Triki, Tigran A. Aivazian,
	Ilya Dryomov, Alex Markuze, Jan Harkes, coda, Nicolas Pitre,
	Tyler Hicks, Amir Goldstein, Christoph Hellwig,
	John Paul Adrian Glaubitz, Yangtao Li, Mikulas Patocka,
	David Woodhouse, Richard Weinberger, Dave Kleikamp,
	Konstantin Komarov, Mark Fasheh, Joel Becker, Joseph Qi,
	Mike Marshall, Martin Brandenburg, Miklos Szeredi, Anders Larsen,
	Zhihao Cheng, Damien Le Moal, Naohiro Aota, Johannes Thumshirn,
	John Johansen, Paul Moore, James Morris, Serge E. Hallyn,
	Mimi Zohar, Roberto Sassu, Dmitry Kasatkin, Eric Snowberg, Fan Wu,
	Stephen Smalley, Ondrej Mosnacek, Casey Schaufler, Alex Deucher,
	Christian König, David Airlie, Simona Vetter, Sumit Semwal,
	Eric Dumazet, Kuniyuki Iwashima, Paolo Abeni, Willem de Bruijn,
	David S. Miller, Jakub Kicinski, Simon Horman, Oleg Nesterov,
	Peter Zijlstra, Ingo Molnar, Arnaldo Carvalho de Melo,
	Namhyung Kim, Mark Rutland, Alexander Shishkin, Jiri Olsa,
	Ian Rogers, Adrian Hunter, James Clark, Darrick J. Wong,
	Martin Schiller, linux-fsdevel, linux-kernel, linux-trace-kernel,
	nvdimm, fsverity, linux-mm, netfs, linux-ext4, linux-f2fs-devel,
	linux-nfs, linux-cifs, samba-technical, linux-nilfs, v9fs,
	linux-afs, autofs, ceph-devel, codalist, ecryptfs, linux-mtd,
	jfs-discussion, ntfs3, ocfs2-devel, devel, linux-unionfs,
	apparmor, linux-security-module, linux-integrity, selinux,
	amd-gfx, dri-devel, linux-media, linaro-mm-sig, netdev,
	linux-perf-users, linux-fscrypt, linux-xfs, linux-hams, linux-x25
In-Reply-To: <20260226124842.5593ed85@gandalf.local.home>

On Thu, 2026-02-26 at 12:48 -0500, Steven Rostedt wrote:
> On Thu, 26 Feb 2026 10:55:05 -0500
> Jeff Layton <jlayton@kernel.org> wrote:
> 
> > Update trace event definitions in VFS-layer trace headers to use u64
> > instead of ino_t/unsigned long for inode number fields, and change
> > format strings from %lu/%lx to %llu/%llx to match.
> > 
> > This is needed because i_ino is now u64. Changing trace event field
> > types changes the binary trace format, but the self-describing format
> > metadata handles this transparently for modern trace-cmd and perf.
> > 
> > Files updated:
> >   - cachefiles.h, filelock.h, filemap.h, fs_dax.h, fsverity.h,
> >     hugetlbfs.h, netfs.h, readahead.h, timestamp.h, writeback.h
> > 
> 
> Hmm, on 32 bit systems, this will likely cause "holes" in a lot of these
> events.
> 
> > Signed-off-by: Jeff Layton <jlayton@kernel.org>
> > ---
> >  include/trace/events/cachefiles.h |  18 ++---
> >  include/trace/events/filelock.h   |  16 ++---
> >  include/trace/events/filemap.h    |  20 +++---
> >  include/trace/events/fs_dax.h     |  20 +++---
> >  include/trace/events/fsverity.h   |  30 ++++----
> >  include/trace/events/hugetlbfs.h  |  28 ++++----
> >  include/trace/events/netfs.h      |   4 +-
> >  include/trace/events/readahead.h  |  12 ++--
> >  include/trace/events/timestamp.h  |  12 ++--
> >  include/trace/events/writeback.h  | 148 +++++++++++++++++++-------------------
> >  10 files changed, 154 insertions(+), 154 deletions(-)
> > 
> > diff --git a/include/trace/events/cachefiles.h b/include/trace/events/cachefiles.h
> > index a743b2a35ea7001447b3e05d41539cb88013bc7f..f967027711ee823f224abc1b8ab03f63da06ae6f 100644
> > --- a/include/trace/events/cachefiles.h
> > +++ b/include/trace/events/cachefiles.h
> > @@ -251,8 +251,8 @@ TRACE_EVENT(cachefiles_lookup,
> >  	    TP_STRUCT__entry(
> >  		    __field(unsigned int,		obj)
> >  		    __field(short,			error)
> 
> There was already a 2 byte hole here, but that's not a big deal.
> 
> > -		    __field(unsigned long,		dino)
> > -		    __field(unsigned long,		ino)
> > +		    __field(u64,			dino)
> > +		    __field(u64,			ino)
> >  			     ),
> >  
> >  	    TP_fast_assign(
> > @@ -263,7 +263,7 @@ TRACE_EVENT(cachefiles_lookup,
> >  		    __entry->error	= IS_ERR(de) ? PTR_ERR(de) : 0;
> >  			   ),
> >  
> > -	    TP_printk("o=%08x dB=%lx B=%lx e=%d",
> > +	    TP_printk("o=%08x dB=%llx B=%llx e=%d",
> >  		      __entry->obj, __entry->dino, __entry->ino, __entry->error)
> >  	    );
> >  
> > @@ -579,7 +579,7 @@ TRACE_EVENT(cachefiles_mark_active,
> >  	    /* Note that obj may be NULL */
> >  	    TP_STRUCT__entry(
> >  		    __field(unsigned int,		obj)
> > -		    __field(ino_t,			inode)
> > +		    __field(u64,			inode)
> 
> Might be better to reorder any of these that have int first.
> 
> 		u64	inode;
> 		int	obj;
> 
> Will be packed tighter than:
> 
> 		int	obj
> 		u64	inode;
> 
> Probably should have changed that before anyway.
> 

Ok, I'll look at that. Given the number of places that need it though I
may do it in a separate patch.

> >  			     ),
> >  
> >  	    TP_fast_assign(
> > @@ -587,7 +587,7 @@ TRACE_EVENT(cachefiles_mark_active,
> >  		    __entry->inode	= inode->i_ino;
> >  			   ),
> >  
> > -	    TP_printk("o=%08x B=%lx",
> > +	    TP_printk("o=%08x B=%llx",
> >  		      __entry->obj, __entry->inode)
> >  	    );
> >  
> > @@ -600,7 +600,7 @@ TRACE_EVENT(cachefiles_mark_failed,
> >  	    /* Note that obj may be NULL */
> >  	    TP_STRUCT__entry(
> >  		    __field(unsigned int,		obj)
> > -		    __field(ino_t,			inode)
> > +		    __field(u64,			inode)
> 
> Is ino_t being changed? Why the update here?
> 

No, ino_t isn't. That's part of the ABI and has to remain unsigned
long. The point of this series is to make inode->i_ino a u64. Any event
holding an ino_t today is going to need a 64-bit field to fully
describe it.

And to be clear, this should make things better for 32-bit boxes in the
long run. Once this change is done, i_ino should be a reliable source
of info regardless of machine's word size.

For the tracepoints, I think it's best to just extend them to 64-bit
fields outright rather than using the new (temporary) kino_t typedef
that I'm adding.

> >  			     ),
> >  
> >  	    TP_fast_assign(
> > @@ -608,7 +608,7 @@ TRACE_EVENT(cachefiles_mark_failed,
> >  		    __entry->inode	= inode->i_ino;
> >  			   ),
> >  
> > -	    TP_printk("o=%08x B=%lx",
> > +	    TP_printk("o=%08x B=%llx",
> >  		      __entry->obj, __entry->inode)
> >  	    );
> >  
> > @@ -621,7 +621,7 @@ TRACE_EVENT(cachefiles_mark_inactive,
> >  	    /* Note that obj may be NULL */
> >  	    TP_STRUCT__entry(
> >  		    __field(unsigned int,		obj)
> > -		    __field(ino_t,			inode)
> > +		    __field(u64,			inode)
> 
> Ditto.
> 
> >  			     ),
> >  
> >  	    TP_fast_assign(
> > @@ -629,7 +629,7 @@ TRACE_EVENT(cachefiles_mark_inactive,
> >  		    __entry->inode	= inode->i_ino;
> >  			   ),
> >  
> > -	    TP_printk("o=%08x B=%lx",
> > +	    TP_printk("o=%08x B=%llx",
> >  		      __entry->obj, __entry->inode)
> >  	    );
> >  
> > diff --git a/include/trace/events/filelock.h b/include/trace/events/filelock.h
> > index 370016c38a5bbc07d5ba6c102030b49c9eb6424d..41bc752616b25d6cd7955203e2c604029d0b440c 100644
> > --- a/include/trace/events/filelock.h
> > +++ b/include/trace/events/filelock.h
> > @@ -42,7 +42,7 @@ TRACE_EVENT(locks_get_lock_context,
> >  	TP_ARGS(inode, type, ctx),
> >  
> >  	TP_STRUCT__entry(
> > -		__field(unsigned long, i_ino)
> > +		__field(u64, i_ino)
> >  		__field(dev_t, s_dev)
> >  		__field(unsigned char, type)
> >  		__field(struct file_lock_context *, ctx)
> > @@ -55,7 +55,7 @@ TRACE_EVENT(locks_get_lock_context,
> >  		__entry->ctx = ctx;
> >  	),
> >  
> > -	TP_printk("dev=0x%x:0x%x ino=0x%lx type=%s ctx=%p",
> > +	TP_printk("dev=0x%x:0x%x ino=0x%llx type=%s ctx=%p",
> >  		  MAJOR(__entry->s_dev), MINOR(__entry->s_dev),
> >  		  __entry->i_ino, show_fl_type(__entry->type), __entry->ctx)
> >  );
> > @@ -67,7 +67,7 @@ DECLARE_EVENT_CLASS(filelock_lock,
> >  
> >  	TP_STRUCT__entry(
> >  		__field(struct file_lock *, fl)
> > -		__field(unsigned long, i_ino)
> > +		__field(u64, i_ino)
> 
> Having u64 before a pointer would be tighter on 32 bit systems, and leaves
> out any holes in the trace.
>
> >  		__field(dev_t, s_dev)
> >  		__field(struct file_lock_core *, blocker)
> >  		__field(fl_owner_t, owner)
> > @@ -93,7 +93,7 @@ DECLARE_EVENT_CLASS(filelock_lock,
> >  		__entry->ret = ret;
> >  	),
> >  
> > -	TP_printk("fl=%p dev=0x%x:0x%x ino=0x%lx fl_blocker=%p fl_owner=%p fl_pid=%u fl_flags=%s fl_type=%s fl_start=%lld fl_end=%lld ret=%d",
> > +	TP_printk("fl=%p dev=0x%x:0x%x ino=0x%llx fl_blocker=%p fl_owner=%p fl_pid=%u fl_flags=%s fl_type=%s fl_start=%lld fl_end=%lld ret=%d",
> >  		__entry->fl, MAJOR(__entry->s_dev), MINOR(__entry->s_dev),
> >  		__entry->i_ino, __entry->blocker, __entry->owner,
> >  		__entry->pid, show_fl_flags(__entry->flags),
> > @@ -124,7 +124,7 @@ DECLARE_EVENT_CLASS(filelock_lease,
> >  
> >  	TP_STRUCT__entry(
> >  		__field(struct file_lease *, fl)
> > -		__field(unsigned long, i_ino)
> > +		__field(u64, i_ino)
> 
> Same here.
> 
> >  		__field(dev_t, s_dev)
> >  		__field(struct file_lock_core *, blocker)
> >  		__field(fl_owner_t, owner)
> > @@ -146,7 +146,7 @@ DECLARE_EVENT_CLASS(filelock_lease,
> >  		__entry->downgrade_time = fl ? fl->fl_downgrade_time : 0;
> >  	),
> >  
> > -	TP_printk("fl=%p dev=0x%x:0x%x ino=0x%lx fl_blocker=%p fl_owner=%p fl_flags=%s fl_type=%s fl_break_time=%lu fl_downgrade_time=%lu",
> > +	TP_printk("fl=%p dev=0x%x:0x%x ino=0x%llx fl_blocker=%p fl_owner=%p fl_flags=%s fl_type=%s fl_break_time=%lu fl_downgrade_time=%lu",
> >  		__entry->fl, MAJOR(__entry->s_dev), MINOR(__entry->s_dev),
> >  		__entry->i_ino, __entry->blocker, __entry->owner,
> >  		show_fl_flags(__entry->flags),
> > @@ -175,7 +175,7 @@ TRACE_EVENT(generic_add_lease,
> >  	TP_ARGS(inode, fl),
> >  
> >  	TP_STRUCT__entry(
> > -		__field(unsigned long, i_ino)
> > +		__field(u64, i_ino)
> >  		__field(int, wcount)
> >  		__field(int, rcount)
> >  		__field(int, icount)
> > @@ -196,7 +196,7 @@ TRACE_EVENT(generic_add_lease,
> >  		__entry->type = fl->c.flc_type;
> >  	),
> >  
> > -	TP_printk("dev=0x%x:0x%x ino=0x%lx wcount=%d rcount=%d icount=%d fl_owner=%p fl_flags=%s fl_type=%s",
> > +	TP_printk("dev=0x%x:0x%x ino=0x%llx wcount=%d rcount=%d icount=%d fl_owner=%p fl_flags=%s fl_type=%s",
> >  		MAJOR(__entry->s_dev), MINOR(__entry->s_dev),
> >  		__entry->i_ino, __entry->wcount, __entry->rcount,
> >  		__entry->icount, __entry->owner,
> > diff --git a/include/trace/events/filemap.h b/include/trace/events/filemap.h
> > index f48fe637bfd25885dc6daaf09336ab60626b4944..153491e57cce6df73e30ddee60a52ed7d8923c24 100644
> > --- a/include/trace/events/filemap.h
> > +++ b/include/trace/events/filemap.h
> > @@ -21,7 +21,7 @@ DECLARE_EVENT_CLASS(mm_filemap_op_page_cache,
> >  
> >  	TP_STRUCT__entry(
> >  		__field(unsigned long, pfn)
> > -		__field(unsigned long, i_ino)
> > +		__field(u64, i_ino)
> 
> Again, this would cause a 32 bit hole.
> 
> >  		__field(unsigned long, index)
> >  		__field(dev_t, s_dev)
> >  		__field(unsigned char, order)
> > @@ -38,7 +38,7 @@ DECLARE_EVENT_CLASS(mm_filemap_op_page_cache,
> >  		__entry->order = folio_order(folio);
> >  	),
> >  
> > -	TP_printk("dev %d:%d ino %lx pfn=0x%lx ofs=%lu order=%u",
> > +	TP_printk("dev %d:%d ino %llx pfn=0x%lx ofs=%lu order=%u",
> >  		MAJOR(__entry->s_dev), MINOR(__entry->s_dev),
> >  		__entry->i_ino,
> >  		__entry->pfn,
> > @@ -67,7 +67,7 @@ DECLARE_EVENT_CLASS(mm_filemap_op_page_cache_range,
> >  	TP_ARGS(mapping, index, last_index),
> >  
> >  	TP_STRUCT__entry(
> > -		__field(unsigned long, i_ino)
> > +		__field(u64, i_ino)
> >  		__field(dev_t, s_dev)
> >  		__field(unsigned long, index)
> >  		__field(unsigned long, last_index)
> > @@ -85,7 +85,7 @@ DECLARE_EVENT_CLASS(mm_filemap_op_page_cache_range,
> >  	),
> >  
> >  	TP_printk(
> > -		"dev=%d:%d ino=%lx ofs=%lld-%lld",
> > +		"dev=%d:%d ino=%llx ofs=%lld-%lld",
> >  		MAJOR(__entry->s_dev),
> >  		MINOR(__entry->s_dev), __entry->i_ino,
> >  		((loff_t)__entry->index) << PAGE_SHIFT,
> > @@ -117,7 +117,7 @@ TRACE_EVENT(mm_filemap_fault,
> >  	TP_ARGS(mapping, index),
> >  
> >  	TP_STRUCT__entry(
> > -		__field(unsigned long, i_ino)
> > +		__field(u64, i_ino)
> >  		__field(dev_t, s_dev)
> >  		__field(unsigned long, index)
> >  	),
> > @@ -133,7 +133,7 @@ TRACE_EVENT(mm_filemap_fault,
> >  	),
> >  
> >  	TP_printk(
> > -		"dev=%d:%d ino=%lx ofs=%lld",
> > +		"dev=%d:%d ino=%llx ofs=%lld",
> >  		MAJOR(__entry->s_dev),
> >  		MINOR(__entry->s_dev), __entry->i_ino,
> >  		((loff_t)__entry->index) << PAGE_SHIFT
> > @@ -146,7 +146,7 @@ TRACE_EVENT(filemap_set_wb_err,
> >  		TP_ARGS(mapping, eseq),
> >  
> >  		TP_STRUCT__entry(
> > -			__field(unsigned long, i_ino)
> > +			__field(u64, i_ino)
> >  			__field(dev_t, s_dev)
> >  			__field(errseq_t, errseq)
> >  		),
> > @@ -160,7 +160,7 @@ TRACE_EVENT(filemap_set_wb_err,
> >  				__entry->s_dev = mapping->host->i_rdev;
> >  		),
> >  
> > -		TP_printk("dev=%d:%d ino=0x%lx errseq=0x%x",
> > +		TP_printk("dev=%d:%d ino=0x%llx errseq=0x%x",
> >  			MAJOR(__entry->s_dev), MINOR(__entry->s_dev),
> >  			__entry->i_ino, __entry->errseq)
> >  );
> > @@ -172,7 +172,7 @@ TRACE_EVENT(file_check_and_advance_wb_err,
> >  
> >  		TP_STRUCT__entry(
> >  			__field(struct file *, file)
> > -			__field(unsigned long, i_ino)
> > +			__field(u64, i_ino)
> 
> Having a pointer after the u64 is better.
> 
> >  			__field(dev_t, s_dev)
> >  			__field(errseq_t, old)
> >  			__field(errseq_t, new)
> > @@ -191,7 +191,7 @@ TRACE_EVENT(file_check_and_advance_wb_err,
> >  			__entry->new = file->f_wb_err;
> >  		),
> >  
> > -		TP_printk("file=%p dev=%d:%d ino=0x%lx old=0x%x new=0x%x",
> > +		TP_printk("file=%p dev=%d:%d ino=0x%llx old=0x%x new=0x%x",
> >  			__entry->file, MAJOR(__entry->s_dev),
> >  			MINOR(__entry->s_dev), __entry->i_ino, __entry->old,
> >  			__entry->new)
> > diff --git a/include/trace/events/fs_dax.h b/include/trace/events/fs_dax.h
> > index 50ebc1290ab062a9c30ab00049fb96691f9a0f23..11121baa8ece7928c653b4f874fb10ffbdd02fd0 100644
> > --- a/include/trace/events/fs_dax.h
> > +++ b/include/trace/events/fs_dax.h
> > @@ -12,7 +12,7 @@ DECLARE_EVENT_CLASS(dax_pmd_fault_class,
> >  		pgoff_t max_pgoff, int result),
> >  	TP_ARGS(inode, vmf, max_pgoff, result),
> >  	TP_STRUCT__entry(
> > -		__field(unsigned long, ino)
> > +		__field(u64, ino)
> >  		__field(unsigned long, vm_start)
> >  		__field(unsigned long, vm_end)
> >  		__field(vm_flags_t, vm_flags)
> > @@ -35,7 +35,7 @@ DECLARE_EVENT_CLASS(dax_pmd_fault_class,
> >  		__entry->max_pgoff = max_pgoff;
> >  		__entry->result = result;
> >  	),
> > -	TP_printk("dev %d:%d ino %#lx %s %s address %#lx vm_start "
> > +	TP_printk("dev %d:%d ino %#llx %s %s address %#lx vm_start "
> >  			"%#lx vm_end %#lx pgoff %#lx max_pgoff %#lx %s",
> >  		MAJOR(__entry->dev),
> >  		MINOR(__entry->dev),
> > @@ -66,7 +66,7 @@ DECLARE_EVENT_CLASS(dax_pmd_load_hole_class,
> >  		void *radix_entry),
> >  	TP_ARGS(inode, vmf, zero_folio, radix_entry),
> >  	TP_STRUCT__entry(
> > -		__field(unsigned long, ino)
> > +		__field(u64, ino)
> >  		__field(vm_flags_t, vm_flags)
> >  		__field(unsigned long, address)
> >  		__field(struct folio *, zero_folio)
> > @@ -81,7 +81,7 @@ DECLARE_EVENT_CLASS(dax_pmd_load_hole_class,
> >  		__entry->zero_folio = zero_folio;
> >  		__entry->radix_entry = radix_entry;
> >  	),
> > -	TP_printk("dev %d:%d ino %#lx %s address %#lx zero_folio %p "
> > +	TP_printk("dev %d:%d ino %#llx %s address %#lx zero_folio %p "
> >  			"radix_entry %#lx",
> >  		MAJOR(__entry->dev),
> >  		MINOR(__entry->dev),
> > @@ -106,7 +106,7 @@ DECLARE_EVENT_CLASS(dax_pte_fault_class,
> >  	TP_PROTO(struct inode *inode, struct vm_fault *vmf, int result),
> >  	TP_ARGS(inode, vmf, result),
> >  	TP_STRUCT__entry(
> > -		__field(unsigned long, ino)
> > +		__field(u64, ino)
> >  		__field(vm_flags_t, vm_flags)
> >  		__field(unsigned long, address)
> >  		__field(pgoff_t, pgoff)
> > @@ -123,7 +123,7 @@ DECLARE_EVENT_CLASS(dax_pte_fault_class,
> >  		__entry->pgoff = vmf->pgoff;
> >  		__entry->result = result;
> >  	),
> > -	TP_printk("dev %d:%d ino %#lx %s %s address %#lx pgoff %#lx %s",
> > +	TP_printk("dev %d:%d ino %#llx %s %s address %#lx pgoff %#lx %s",
> >  		MAJOR(__entry->dev),
> >  		MINOR(__entry->dev),
> >  		__entry->ino,
> > @@ -150,7 +150,7 @@ DECLARE_EVENT_CLASS(dax_writeback_range_class,
> >  	TP_PROTO(struct inode *inode, pgoff_t start_index, pgoff_t end_index),
> >  	TP_ARGS(inode, start_index, end_index),
> >  	TP_STRUCT__entry(
> > -		__field(unsigned long, ino)
> > +		__field(u64, ino)
> >  		__field(pgoff_t, start_index)
> >  		__field(pgoff_t, end_index)
> >  		__field(dev_t, dev)
> > @@ -161,7 +161,7 @@ DECLARE_EVENT_CLASS(dax_writeback_range_class,
> >  		__entry->start_index = start_index;
> >  		__entry->end_index = end_index;
> >  	),
> > -	TP_printk("dev %d:%d ino %#lx pgoff %#lx-%#lx",
> > +	TP_printk("dev %d:%d ino %#llx pgoff %#lx-%#lx",
> >  		MAJOR(__entry->dev),
> >  		MINOR(__entry->dev),
> >  		__entry->ino,
> > @@ -182,7 +182,7 @@ TRACE_EVENT(dax_writeback_one,
> >  	TP_PROTO(struct inode *inode, pgoff_t pgoff, pgoff_t pglen),
> >  	TP_ARGS(inode, pgoff, pglen),
> >  	TP_STRUCT__entry(
> > -		__field(unsigned long, ino)
> > +		__field(u64, ino)
> >  		__field(pgoff_t, pgoff)
> >  		__field(pgoff_t, pglen)
> >  		__field(dev_t, dev)
> > @@ -193,7 +193,7 @@ TRACE_EVENT(dax_writeback_one,
> >  		__entry->pgoff = pgoff;
> >  		__entry->pglen = pglen;
> >  	),
> > -	TP_printk("dev %d:%d ino %#lx pgoff %#lx pglen %#lx",
> > +	TP_printk("dev %d:%d ino %#llx pgoff %#lx pglen %#lx",
> >  		MAJOR(__entry->dev),
> >  		MINOR(__entry->dev),
> >  		__entry->ino,
> > diff --git a/include/trace/events/fsverity.h b/include/trace/events/fsverity.h
> > index a8c52f21cbd5eb010c7e7b2fdb8f9de49c8ea326..4477c17e05748360965c4e1840590efe96d6335e 100644
> > --- a/include/trace/events/fsverity.h
> > +++ b/include/trace/events/fsverity.h
> > @@ -16,7 +16,7 @@ TRACE_EVENT(fsverity_enable,
> >  		 const struct merkle_tree_params *params),
> >  	TP_ARGS(inode, params),
> >  	TP_STRUCT__entry(
> > -		__field(ino_t, ino)
> > +		__field(u64, ino)
> 
> Do you need to convert all these ino_t's?
> 
> >  		__field(u64, data_size)
> >  		__field(u64, tree_size)
> >  		__field(unsigned int, merkle_block)
> > @@ -29,8 +29,8 @@ TRACE_EVENT(fsverity_enable,
> >  		__entry->merkle_block = params->block_size;
> >  		__entry->num_levels = params->num_levels;
> >  	),
> > -	TP_printk("ino %lu data_size %llu tree_size %llu merkle_block %u levels %u",
> > -		(unsigned long) __entry->ino,
> > +	TP_printk("ino %llu data_size %llu tree_size %llu merkle_block %u levels %u",
> > +		__entry->ino,
> >  		__entry->data_size,
> >  		__entry->tree_size,
> >  		__entry->merkle_block,
> > @@ -42,7 +42,7 @@ TRACE_EVENT(fsverity_tree_done,
> >  		 const struct merkle_tree_params *params),
> >  	TP_ARGS(inode, vi, params),
> >  	TP_STRUCT__entry(
> > -		__field(ino_t, ino)
> > +		__field(u64, ino)
> >  		__field(u64, data_size)
> >  		__field(u64, tree_size)
> >  		__field(unsigned int, merkle_block)
> > @@ -59,8 +59,8 @@ TRACE_EVENT(fsverity_tree_done,
> >  		memcpy(__get_dynamic_array(root_hash), vi->root_hash, __get_dynamic_array_len(root_hash));
> >  		memcpy(__get_dynamic_array(file_digest), vi->file_digest, __get_dynamic_array_len(file_digest));
> >  	),
> > -	TP_printk("ino %lu data_size %llu tree_size %lld merkle_block %u levels %u root_hash %s digest %s",
> > -		(unsigned long) __entry->ino,
> > +	TP_printk("ino %llu data_size %llu tree_size %lld merkle_block %u levels %u root_hash %s digest %s",
> > +		__entry->ino,
> >  		__entry->data_size,
> >  		__entry->tree_size,
> >  		__entry->merkle_block,
> > @@ -75,7 +75,7 @@ TRACE_EVENT(fsverity_verify_data_block,
> >  		 u64 data_pos),
> >  	TP_ARGS(inode, params, data_pos),
> >  	TP_STRUCT__entry(
> > -		__field(ino_t, ino)
> > +		__field(u64, ino)
> >  		__field(u64, data_pos)
> >  		__field(unsigned int, merkle_block)
> >  	),
> > @@ -84,8 +84,8 @@ TRACE_EVENT(fsverity_verify_data_block,
> >  		__entry->data_pos = data_pos;
> >  		__entry->merkle_block = params->block_size;
> >  	),
> > -	TP_printk("ino %lu data_pos %llu merkle_block %u",
> > -		(unsigned long) __entry->ino,
> > +	TP_printk("ino %llu data_pos %llu merkle_block %u",
> > +		__entry->ino,
> >  		__entry->data_pos,
> >  		__entry->merkle_block)
> >  );
> > @@ -96,7 +96,7 @@ TRACE_EVENT(fsverity_merkle_hit,
> >  		 unsigned int hidx),
> >  	TP_ARGS(inode, data_pos, hblock_idx, level, hidx),
> >  	TP_STRUCT__entry(
> > -		__field(ino_t, ino)
> > +		__field(u64, ino)
> >  		__field(u64, data_pos)
> 
> Heh, this actually removed a hole, but again, why convert ino_t?
> 
> Anyway, I stopped here. But you get the idea.
>
> 
> >  		__field(unsigned long, hblock_idx)
> >  		__field(unsigned int, level)

Thanks for the review! I'll definitely look at reordering the
tracepoint fields for better packing since that has material
consequences.
-- 
Jeff Layton <jlayton@kernel.org>

^ permalink raw reply

* Re: [PATCH 00/61] vfs: change inode->i_ino from unsigned long to u64
From: Jeff Layton @ 2026-02-27 19:35 UTC (permalink / raw)
  To: Mathieu Desnoyers, Matthew Wilcox
  Cc: Alexander Viro, Christian Brauner, Jan Kara, Steven Rostedt,
	Masami Hiramatsu, Dan Williams, Eric Biggers,
	Theodore Y. Ts'o, Muchun Song, Oscar Salvador,
	David Hildenbrand, David Howells, Paulo Alcantara, Andreas Dilger,
	Jan Kara, Jaegeuk Kim, Chao Yu, Trond Myklebust, Anna Schumaker,
	Chuck Lever, NeilBrown, Olga Kornievskaia, Dai Ngo, Tom Talpey,
	Steve French, Ronnie Sahlberg, Shyam Prasad N, Bharath SM,
	Alexander Aring, Ryusuke Konishi, Viacheslav Dubeyko,
	Eric Van Hensbergen, Latchesar Ionkov, Dominique Martinet,
	Christian Schoenebeck, David Sterba, Marc Dionne, Ian Kent,
	Luis de Bethencourt, Salah Triki, Tigran A. Aivazian,
	Ilya Dryomov, Alex Markuze, Jan Harkes, coda, Nicolas Pitre,
	Tyler Hicks, Amir Goldstein, Christoph Hellwig,
	John Paul Adrian Glaubitz, Yangtao Li, Mikulas Patocka,
	David Woodhouse, Richard Weinberger, Dave Kleikamp,
	Konstantin Komarov, Mark Fasheh, Joel Becker, Joseph Qi,
	Mike Marshall, Martin Brandenburg, Miklos Szeredi, Anders Larsen,
	Zhihao Cheng, Damien Le Moal, Naohiro Aota, Johannes Thumshirn,
	John Johansen, Paul Moore, James Morris, Serge E. Hallyn,
	Mimi Zohar, Roberto Sassu, Dmitry Kasatkin, Eric Snowberg, Fan Wu,
	Stephen Smalley, Ondrej Mosnacek, Casey Schaufler, Alex Deucher,
	Christian König, David Airlie, Simona Vetter, Sumit Semwal,
	Eric Dumazet, Kuniyuki Iwashima, Paolo Abeni, Willem de Bruijn,
	David S. Miller, Jakub Kicinski, Simon Horman, Oleg Nesterov,
	Peter Zijlstra, Ingo Molnar, Arnaldo Carvalho de Melo,
	Namhyung Kim, Mark Rutland, Alexander Shishkin, Jiri Olsa,
	Ian Rogers, Adrian Hunter, James Clark, Darrick J. Wong,
	Martin Schiller, linux-fsdevel, linux-kernel, linux-trace-kernel,
	nvdimm, fsverity, linux-mm, netfs, linux-ext4, linux-f2fs-devel,
	linux-nfs, linux-cifs, samba-technical, linux-nilfs, v9fs,
	linux-afs, autofs, ceph-devel, codalist, ecryptfs, linux-mtd,
	jfs-discussion, ntfs3, ocfs2-devel, devel, linux-unionfs,
	apparmor, linux-security-module, linux-integrity, selinux,
	amd-gfx, dri-devel, linux-media, linaro-mm-sig, netdev,
	linux-perf-users, linux-fscrypt, linux-xfs, linux-hams, linux-x25
In-Reply-To: <b808e186-3eeb-46ed-9826-b0ae6cdcdb8b@efficios.com>

On Fri, 2026-02-27 at 14:01 -0500, Mathieu Desnoyers wrote:
> On 2026-02-27 12:19, Jeff Layton wrote:
> > On Thu, 2026-02-26 at 16:49 +0000, Matthew Wilcox wrote:
> > > On Thu, Feb 26, 2026 at 10:55:02AM -0500, Jeff Layton wrote:
> > > > The bulk of the changes are to format strings and tracepoints, since the
> > > > kernel itself doesn't care that much about the i_ino field. The first
> > > > patch changes some vfs function arguments, so check that one out
> > > > carefully.
> > > 
> > > Why are the format strings all done as separate patches?  Don't we get
> > > bisection hazards by splitting it apart this way?
> > 
> > Circling back to this...
> > 
> > I have a v2 series (~107 patches) that I'm testing now that does this
> > more bisectably with the typedef and macro scaffolding that Mathieu
> > suggested. I'll probably send it early next week.
> > 
> > I had done it this way originally since I figured it was best to break
> > this up by subsystem. Should I continue with this series as a set of
> > patches broken up this way, or is it preferable to combine the pile of
> > format changes into fewer patches?
> 
> Here is the approach I would recommend to maximize signal over noise
> for the follow up email thread discussions:
> 
> Now that your series is bisectable, you could post a [RFC PATCH v2]
> series with the following:
> 
> - Patch 00 introduces the series, points to your git branch implementing
>    the whole series,
> - The first few patches introduce the new type (kino_t) and macro to
>    do the format string transition. Initially kino_t would typedef to
>    unsigned long (no changes).
> - Followed by patches implementing the type + format string changes for
>    a few key subsystems.
> - The final patch would change kino_t and the format string macro to
>    64-bit integers.
> 

That's pretty much the approach the set I have takes. The current set
is here:

    https://git.kernel.org/pub/scm/linux/kernel/git/jlayton/linux.git/log/?h=iino-u64

My question was more about whether I should batch some of the changes
together. My inclination is that doing it in small, incremental patches
is a good thing, but I figured I'd ask before I spam everyone with a
100+ patch series.

> Once everyone agree on those core changes, you could proceed to post
> patches that change additional subsystems in a subsequent round.
> 
> One more comment: have you tried using Coccinelle to do this kind of
> semantic code change ?

I've use coccinelle before for this sort of change, but my skills with
it are pretty primitive. The problem I saw with using it here is that
the main set of changes involved format strings, and that didn't look
straightforward to do with coccinelle. The LLM seems to have sorted it
out with no trouble though.

On a related note, has anyone has taught an LLM how to use Coccinelle.
I wonder if it might give it a better tool for its toolbox, since
Claude at least seems to mostly use bash, perl or python to make
changes across the tree.
-- 
Jeff Layton <jlayton@kernel.org>

^ permalink raw reply

* Re: [PATCH 00/61] vfs: change inode->i_ino from unsigned long to u64
From: Mathieu Desnoyers @ 2026-02-27 19:01 UTC (permalink / raw)
  To: Jeff Layton, Matthew Wilcox
  Cc: Alexander Viro, Christian Brauner, Jan Kara, Steven Rostedt,
	Masami Hiramatsu, Dan Williams, Eric Biggers,
	Theodore Y. Ts'o, Muchun Song, Oscar Salvador,
	David Hildenbrand, David Howells, Paulo Alcantara, Andreas Dilger,
	Jan Kara, Jaegeuk Kim, Chao Yu, Trond Myklebust, Anna Schumaker,
	Chuck Lever, NeilBrown, Olga Kornievskaia, Dai Ngo, Tom Talpey,
	Steve French, Ronnie Sahlberg, Shyam Prasad N, Bharath SM,
	Alexander Aring, Ryusuke Konishi, Viacheslav Dubeyko,
	Eric Van Hensbergen, Latchesar Ionkov, Dominique Martinet,
	Christian Schoenebeck, David Sterba, Marc Dionne, Ian Kent,
	Luis de Bethencourt, Salah Triki, Tigran A. Aivazian,
	Ilya Dryomov, Alex Markuze, Jan Harkes, coda, Nicolas Pitre,
	Tyler Hicks, Amir Goldstein, Christoph Hellwig,
	John Paul Adrian Glaubitz, Yangtao Li, Mikulas Patocka,
	David Woodhouse, Richard Weinberger, Dave Kleikamp,
	Konstantin Komarov, Mark Fasheh, Joel Becker, Joseph Qi,
	Mike Marshall, Martin Brandenburg, Miklos Szeredi, Anders Larsen,
	Zhihao Cheng, Damien Le Moal, Naohiro Aota, Johannes Thumshirn,
	John Johansen, Paul Moore, James Morris, Serge E. Hallyn,
	Mimi Zohar, Roberto Sassu, Dmitry Kasatkin, Eric Snowberg, Fan Wu,
	Stephen Smalley, Ondrej Mosnacek, Casey Schaufler, Alex Deucher,
	Christian König, David Airlie, Simona Vetter, Sumit Semwal,
	Eric Dumazet, Kuniyuki Iwashima, Paolo Abeni, Willem de Bruijn,
	David S. Miller, Jakub Kicinski, Simon Horman, Oleg Nesterov,
	Peter Zijlstra, Ingo Molnar, Arnaldo Carvalho de Melo,
	Namhyung Kim, Mark Rutland, Alexander Shishkin, Jiri Olsa,
	Ian Rogers, Adrian Hunter, James Clark, Darrick J. Wong,
	Martin Schiller, linux-fsdevel, linux-kernel, linux-trace-kernel,
	nvdimm, fsverity, linux-mm, netfs, linux-ext4, linux-f2fs-devel,
	linux-nfs, linux-cifs, samba-technical, linux-nilfs, v9fs,
	linux-afs, autofs, ceph-devel, codalist, ecryptfs, linux-mtd,
	jfs-discussion, ntfs3, ocfs2-devel, devel, linux-unionfs,
	apparmor, linux-security-module, linux-integrity, selinux,
	amd-gfx, dri-devel, linux-media, linaro-mm-sig, netdev,
	linux-perf-users, linux-fscrypt, linux-xfs, linux-hams, linux-x25
In-Reply-To: <4a462d40899698586c110add96ce3fab6ddac30b.camel@kernel.org>

On 2026-02-27 12:19, Jeff Layton wrote:
> On Thu, 2026-02-26 at 16:49 +0000, Matthew Wilcox wrote:
>> On Thu, Feb 26, 2026 at 10:55:02AM -0500, Jeff Layton wrote:
>>> The bulk of the changes are to format strings and tracepoints, since the
>>> kernel itself doesn't care that much about the i_ino field. The first
>>> patch changes some vfs function arguments, so check that one out
>>> carefully.
>>
>> Why are the format strings all done as separate patches?  Don't we get
>> bisection hazards by splitting it apart this way?
> 
> Circling back to this...
> 
> I have a v2 series (~107 patches) that I'm testing now that does this
> more bisectably with the typedef and macro scaffolding that Mathieu
> suggested. I'll probably send it early next week.
> 
> I had done it this way originally since I figured it was best to break
> this up by subsystem. Should I continue with this series as a set of
> patches broken up this way, or is it preferable to combine the pile of
> format changes into fewer patches?

Here is the approach I would recommend to maximize signal over noise
for the follow up email thread discussions:

Now that your series is bisectable, you could post a [RFC PATCH v2]
series with the following:

- Patch 00 introduces the series, points to your git branch implementing
   the whole series,
- The first few patches introduce the new type (kino_t) and macro to
   do the format string transition. Initially kino_t would typedef to
   unsigned long (no changes).
- Followed by patches implementing the type + format string changes for
   a few key subsystems.
- The final patch would change kino_t and the format string macro to
   64-bit integers.

Once everyone agree on those core changes, you could proceed to post
patches that change additional subsystems in a subsequent round.

One more comment: have you tried using Coccinelle to do this kind of
semantic code change ?

Thanks,

Mathieu

-- 
Mathieu Desnoyers
EfficiOS Inc.
https://www.efficios.com

^ permalink raw reply

* Re: [PATCH v5] ima_fs: Avoid creating measurement lists for unsupported hash algos
From: Mimi Zohar @ 2026-02-27 18:46 UTC (permalink / raw)
  To: Roberto Sassu, dima, Roberto Sassu, Dmitry Kasatkin,
	Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
	Silvia Sisinni, Enrico Bravi
  Cc: Jonathan McDowell, linux-integrity, linux-security-module,
	linux-kernel, stable, Dmitry Safonov
In-Reply-To: <0fde824faace320c6d3ef6137bf50cee0289c6c0.camel@huaweicloud.com>


> > > @@ -404,16 +398,24 @@ static int __init create_securityfs_measurement_lists(void)
> > >  		char file_name[NAME_MAX + 1];
> > >  		struct dentry *dentry;
> > >  
> > > -		sprintf(file_name, "ascii_runtime_measurements_%s",
> > > -			hash_algo_name[algo]);
> > > +		if (algo == HASH_ALGO__LAST)
> > > +			sprintf(file_name, "ascii_runtime_measurements_tpm_alg_%x",
> > > +				ima_tpm_chip->allocated_banks[i].alg_id);
> > > +		else
> > > +			sprintf(file_name, "ascii_runtime_measurements_%s",
> > > +				hash_algo_name[algo]);
> > >  		dentry = securityfs_create_file(file_name, S_IRUSR | S_IRGRP,
> > >  						ima_dir, (void *)(uintptr_t)i,
> > >  						&ima_ascii_measurements_ops);
> > >  		if (IS_ERR(dentry))
> > >  			return PTR_ERR(dentry);
> > >  
> > > -		sprintf(file_name, "binary_runtime_measurements_%s",
> > > -			hash_algo_name[algo]);
> > > +		if (algo == HASH_ALGO__LAST)
> > > +			sprintf(file_name, "binary_runtime_measurements_tpm_alg_%x",
> > > +				ima_tpm_chip->allocated_banks[i].alg_id);
> > 
> > There's no point in creating either of the securityfs files if the kernel
> > doesn't support the hash algorithm.
> 
> It is not useful per se, but since it is an information that it is
> produced and maintained by IMA, we can print it. And second, it will
> expose the fact that there is an unsupported algorithm (in the case of
> SHA3-256, the fix is add to the TPM - crypto subsystem mapping in tpm2-
> cmd.c).

Yes, agreed.

Dmitry, the Subject line implies the measurement lists aren't being created, yet
you're actually creating them.  Please update the patch description before re-
posting.

thanks,

Mimi

^ permalink raw reply

* Re: [PATCH] integrity: digsig: Add blank line after declarations
From: Mimi Zohar @ 2026-02-27 18:38 UTC (permalink / raw)
  To: Chi Wang, trivial
  Cc: Roberto Sassu, Dmitry Kasatkin, linux-integrity, linux-kernel,
	Chi Wang
In-Reply-To: <20260227062311.140597-1-wangchi05@163.com>

On Fri, 2026-02-27 at 14:23 +0800, Chi Wang wrote:
> From: Chi Wang <wangchi@kylinos.cn>
> 
> Fixes checkpatch warning:
> WARNING: Missing a blank line after declarations
> +                       int err = PTR_ERR(keyring[id]);
> +                       pr_err("no %s keyring: %d\n", keyring_name[id], err);
> 
> Add a blank line after the variable declaration to comply with
> the kernel coding style.
> 
> Signed-off-by: Chi Wang <wangchi@kylinos.cn>

Agreed checkpatch complains today, but probably not back in 2011 when the patch
was upstreamed.  Cosmetic changes are normally upstreamed only with other
changes.

thanks,

Mimi

^ permalink raw reply

* Re: [PATCH 1/2] ima: efi: Drop unnecessary check for CONFIG_MODULE_SIG/CONFIG_KEXEC_SIG
From: Mimi Zohar @ 2026-02-27 18:21 UTC (permalink / raw)
  To: Thomas Weißschuh, Roberto Sassu, Dmitry Kasatkin,
	Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
	Madhavan Srinivasan, Michael Ellerman, Nicholas Piggin,
	Christophe Leroy (CS GROUP)
  Cc: linux-integrity, linux-security-module, linux-kernel,
	linuxppc-dev, Aaron Tomlin, Nicolas Schier
In-Reply-To: <20260226-ima-ifdef-v1-1-8b9613edbbdb@weissschuh.net>

On Thu, 2026-02-26 at 08:20 +0100, Thomas Weißschuh wrote:
> When configuration settings are disabled the guarded functions are
> defined as empty stubs, so the check is unnecessary.
> 
> Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
> Reviewed-by: Aaron Tomlin <atomlin@atomlin.com>
> Reviewed-by: Nicolas Schier <nsc@kernel.org>
> ---
>  security/integrity/ima/ima_efi.c | 6 ++----
>  1 file changed, 2 insertions(+), 4 deletions(-)
> 
> diff --git a/security/integrity/ima/ima_efi.c b/security/integrity/ima/ima_efi.c
> index 138029bfcce1..a35dd166ad47 100644
> --- a/security/integrity/ima/ima_efi.c
> +++ b/security/integrity/ima/ima_efi.c
> @@ -68,10 +68,8 @@ static const char * const sb_arch_rules[] = {
>  const char * const *arch_get_ima_policy(void)
>  {
>  	if (IS_ENABLED(CONFIG_IMA_ARCH_POLICY) && arch_ima_get_secureboot()) {
> -		if (IS_ENABLED(CONFIG_MODULE_SIG))
> -			set_module_sig_enforced();
> -		if (IS_ENABLED(CONFIG_KEXEC_SIG))
> -			set_kexec_sig_enforced();
> +		set_module_sig_enforced();
> +		set_kexec_sig_enforced();
>  		return sb_arch_rules;
>  	}
>  	return NULL;

Thanks, Thomas.

With commit 63e8a44395a4 ("integrity: Make arch_ima_get_secureboot integrity-
wide"), there was a merge conflict.  After fixing the merge conflict, your
patches are now queued in next-integrity.

Mimi

^ permalink raw reply

* Re: [PATCH 00/61] vfs: change inode->i_ino from unsigned long to u64
From: Jeff Layton @ 2026-02-27 17:19 UTC (permalink / raw)
  To: Matthew Wilcox
  Cc: Alexander Viro, Christian Brauner, Jan Kara, Steven Rostedt,
	Masami Hiramatsu, Mathieu Desnoyers, Dan Williams, Eric Biggers,
	Theodore Y. Ts'o, Muchun Song, Oscar Salvador,
	David Hildenbrand, David Howells, Paulo Alcantara, Andreas Dilger,
	Jan Kara, Jaegeuk Kim, Chao Yu, Trond Myklebust, Anna Schumaker,
	Chuck Lever, NeilBrown, Olga Kornievskaia, Dai Ngo, Tom Talpey,
	Steve French, Ronnie Sahlberg, Shyam Prasad N, Bharath SM,
	Alexander Aring, Ryusuke Konishi, Viacheslav Dubeyko,
	Eric Van Hensbergen, Latchesar Ionkov, Dominique Martinet,
	Christian Schoenebeck, David Sterba, Marc Dionne, Ian Kent,
	Luis de Bethencourt, Salah Triki, Tigran A. Aivazian,
	Ilya Dryomov, Alex Markuze, Jan Harkes, coda, Nicolas Pitre,
	Tyler Hicks, Amir Goldstein, Christoph Hellwig,
	John Paul Adrian Glaubitz, Yangtao Li, Mikulas Patocka,
	David Woodhouse, Richard Weinberger, Dave Kleikamp,
	Konstantin Komarov, Mark Fasheh, Joel Becker, Joseph Qi,
	Mike Marshall, Martin Brandenburg, Miklos Szeredi, Anders Larsen,
	Zhihao Cheng, Damien Le Moal, Naohiro Aota, Johannes Thumshirn,
	John Johansen, Paul Moore, James Morris, Serge E. Hallyn,
	Mimi Zohar, Roberto Sassu, Dmitry Kasatkin, Eric Snowberg, Fan Wu,
	Stephen Smalley, Ondrej Mosnacek, Casey Schaufler, Alex Deucher,
	Christian König, David Airlie, Simona Vetter, Sumit Semwal,
	Eric Dumazet, Kuniyuki Iwashima, Paolo Abeni, Willem de Bruijn,
	David S. Miller, Jakub Kicinski, Simon Horman, Oleg Nesterov,
	Peter Zijlstra, Ingo Molnar, Arnaldo Carvalho de Melo,
	Namhyung Kim, Mark Rutland, Alexander Shishkin, Jiri Olsa,
	Ian Rogers, Adrian Hunter, James Clark, Darrick J. Wong,
	Martin Schiller, linux-fsdevel, linux-kernel, linux-trace-kernel,
	nvdimm, fsverity, linux-mm, netfs, linux-ext4, linux-f2fs-devel,
	linux-nfs, linux-cifs, samba-technical, linux-nilfs, v9fs,
	linux-afs, autofs, ceph-devel, codalist, ecryptfs, linux-mtd,
	jfs-discussion, ntfs3, ocfs2-devel, devel, linux-unionfs,
	apparmor, linux-security-module, linux-integrity, selinux,
	amd-gfx, dri-devel, linux-media, linaro-mm-sig, netdev,
	linux-perf-users, linux-fscrypt, linux-xfs, linux-hams, linux-x25
In-Reply-To: <aaB5lgKd8FOIizPg@casper.infradead.org>

On Thu, 2026-02-26 at 16:49 +0000, Matthew Wilcox wrote:
> On Thu, Feb 26, 2026 at 10:55:02AM -0500, Jeff Layton wrote:
> > The bulk of the changes are to format strings and tracepoints, since the
> > kernel itself doesn't care that much about the i_ino field. The first
> > patch changes some vfs function arguments, so check that one out
> > carefully.
> 
> Why are the format strings all done as separate patches?  Don't we get
> bisection hazards by splitting it apart this way?

Circling back to this...

I have a v2 series (~107 patches) that I'm testing now that does this
more bisectably with the typedef and macro scaffolding that Mathieu
suggested. I'll probably send it early next week.

I had done it this way originally since I figured it was best to break
this up by subsystem. Should I continue with this series as a set of
patches broken up this way, or is it preferable to combine the pile of
format changes into fewer patches?
-- 
Jeff Layton <jlayton@kernel.org>

^ permalink raw reply

* Re: [PATCH 51/61] security: update audit format strings for u64 i_ino
From: Ryan Lee @ 2026-02-27 16:46 UTC (permalink / raw)
  To: Jeff Layton
  Cc: Alexander Viro, Christian Brauner, Jan Kara, Steven Rostedt,
	Masami Hiramatsu, Mathieu Desnoyers, Dan Williams, Matthew Wilcox,
	Eric Biggers, Theodore Y. Ts'o, Muchun Song, Oscar Salvador,
	David Hildenbrand, David Howells, Paulo Alcantara, Andreas Dilger,
	Jan Kara, Jaegeuk Kim, Chao Yu, Trond Myklebust, Anna Schumaker,
	Chuck Lever, NeilBrown, Olga Kornievskaia, Dai Ngo, Tom Talpey,
	Steve French, Ronnie Sahlberg, Shyam Prasad N, Bharath SM,
	Alexander Aring, Ryusuke Konishi, Viacheslav Dubeyko,
	Eric Van Hensbergen, Latchesar Ionkov, Dominique Martinet,
	Christian Schoenebeck, David Sterba, Marc Dionne, Ian Kent,
	Luis de Bethencourt, Salah Triki, Tigran A. Aivazian,
	Ilya Dryomov, Alex Markuze, Jan Harkes, coda, Nicolas Pitre,
	Tyler Hicks, Amir Goldstein, Christoph Hellwig,
	John Paul Adrian Glaubitz, Yangtao Li, Mikulas Patocka,
	David Woodhouse, Richard Weinberger, Dave Kleikamp,
	Konstantin Komarov, Mark Fasheh, Joel Becker, Joseph Qi,
	Mike Marshall, Martin Brandenburg, Miklos Szeredi, Anders Larsen,
	Zhihao Cheng, Damien Le Moal, Naohiro Aota, Johannes Thumshirn,
	John Johansen, Paul Moore, James Morris, Serge E. Hallyn,
	Mimi Zohar, Roberto Sassu, Dmitry Kasatkin, Eric Snowberg, Fan Wu,
	Stephen Smalley, Ondrej Mosnacek, Casey Schaufler, Alex Deucher,
	Christian König, David Airlie, Simona Vetter, Sumit Semwal,
	Eric Dumazet, Kuniyuki Iwashima, Paolo Abeni, Willem de Bruijn,
	David S. Miller, Jakub Kicinski, Simon Horman, Oleg Nesterov,
	Peter Zijlstra, Ingo Molnar, Arnaldo Carvalho de Melo,
	Namhyung Kim, Mark Rutland, Alexander Shishkin, Jiri Olsa,
	Ian Rogers, Adrian Hunter, James Clark, Darrick J. Wong,
	Martin Schiller, linux-fsdevel, linux-kernel, linux-trace-kernel,
	nvdimm, fsverity, linux-mm, netfs, linux-ext4, linux-f2fs-devel,
	linux-nfs, linux-cifs, samba-technical, linux-nilfs, v9fs,
	linux-afs, autofs, ceph-devel, codalist, ecryptfs, linux-mtd,
	jfs-discussion, ntfs3, ocfs2-devel, devel, linux-unionfs,
	apparmor, linux-security-module, linux-integrity, selinux,
	amd-gfx, dri-devel, linux-media, linaro-mm-sig, netdev,
	linux-perf-users, linux-fscrypt, linux-xfs, linux-hams, linux-x25
In-Reply-To: <20260226-iino-u64-v1-51-ccceff366db9@kernel.org>

On Thu, Feb 26, 2026 at 9:13 AM Jeff Layton <jlayton@kernel.org> wrote:
>
> Update %lu/%ld to %llu/%lld in security audit logging functions that
> print inode->i_ino, since i_ino is now u64.
>
> Files updated: apparmor/apparmorfs.c, integrity/integrity_audit.c,
> ipe/audit.c, lsm_audit.c.
>
> Signed-off-by: Jeff Layton <jlayton@kernel.org>
> ---
>  security/apparmor/apparmorfs.c       |  4 ++--
>  security/integrity/integrity_audit.c |  2 +-
>  security/ipe/audit.c                 |  2 +-
>  security/lsm_audit.c                 | 10 +++++-----
>  security/selinux/hooks.c             |  4 ++--
>  security/smack/smack_lsm.c           | 12 ++++++------
>  6 files changed, 17 insertions(+), 17 deletions(-)
>
> diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
> index 2f84bd23edb69e7e69cb097e554091df0132816d..7b645f40e71c956f216fa6a7d69c3ecd4e2a5ff4 100644
> --- a/security/apparmor/apparmorfs.c
> +++ b/security/apparmor/apparmorfs.c
> @@ -149,7 +149,7 @@ static int aafs_count;
>
>  static int aafs_show_path(struct seq_file *seq, struct dentry *dentry)
>  {
> -       seq_printf(seq, "%s:[%lu]", AAFS_NAME, d_inode(dentry)->i_ino);
> +       seq_printf(seq, "%s:[%llu]", AAFS_NAME, d_inode(dentry)->i_ino);
>         return 0;
>  }
>
> @@ -2644,7 +2644,7 @@ static int policy_readlink(struct dentry *dentry, char __user *buffer,
>         char name[32];

I have confirmed that the buffer is still big enough for a 64-bit inode number.

>         int res;
>
> -       res = snprintf(name, sizeof(name), "%s:[%lu]", AAFS_NAME,
> +       res = snprintf(name, sizeof(name), "%s:[%llu]", AAFS_NAME,
>                        d_inode(dentry)->i_ino);
>         if (res > 0 && res < sizeof(name))
>                 res = readlink_copy(buffer, buflen, name, strlen(name));

For the AppArmor portion:

Reviewed-By: Ryan Lee <ryan.lee@canonical.com>

> diff --git a/security/integrity/integrity_audit.c b/security/integrity/integrity_audit.c
> index 0ec5e4c22cb2a1066c2b897776ead6d3db72635c..d8d9e5ff1cd22b091f462d1e83d28d2d6bd983e9 100644
> --- a/security/integrity/integrity_audit.c
> +++ b/security/integrity/integrity_audit.c
> @@ -62,7 +62,7 @@ void integrity_audit_message(int audit_msgno, struct inode *inode,
>         if (inode) {
>                 audit_log_format(ab, " dev=");
>                 audit_log_untrustedstring(ab, inode->i_sb->s_id);
> -               audit_log_format(ab, " ino=%lu", inode->i_ino);
> +               audit_log_format(ab, " ino=%llu", inode->i_ino);
>         }
>         audit_log_format(ab, " res=%d errno=%d", !result, errno);
>         audit_log_end(ab);
> diff --git a/security/ipe/audit.c b/security/ipe/audit.c
> index 3f0deeb54912730d9acf5e021a4a0cb29a34e982..93fb59fbddd60b56c0b22be2a38b809ef9e18b76 100644
> --- a/security/ipe/audit.c
> +++ b/security/ipe/audit.c
> @@ -153,7 +153,7 @@ void ipe_audit_match(const struct ipe_eval_ctx *const ctx,
>                 if (inode) {
>                         audit_log_format(ab, " dev=");
>                         audit_log_untrustedstring(ab, inode->i_sb->s_id);
> -                       audit_log_format(ab, " ino=%lu", inode->i_ino);
> +                       audit_log_format(ab, " ino=%llu", inode->i_ino);
>                 } else {
>                         audit_log_format(ab, " dev=? ino=?");
>                 }
> diff --git a/security/lsm_audit.c b/security/lsm_audit.c
> index 7d623b00495c14b079e10e963c21a9f949c11f07..737f5a263a8f79416133315edf363ece3d79c722 100644
> --- a/security/lsm_audit.c
> +++ b/security/lsm_audit.c
> @@ -202,7 +202,7 @@ void audit_log_lsm_data(struct audit_buffer *ab,
>                 if (inode) {
>                         audit_log_format(ab, " dev=");
>                         audit_log_untrustedstring(ab, inode->i_sb->s_id);
> -                       audit_log_format(ab, " ino=%lu", inode->i_ino);
> +                       audit_log_format(ab, " ino=%llu", inode->i_ino);
>                 }
>                 break;
>         }
> @@ -215,7 +215,7 @@ void audit_log_lsm_data(struct audit_buffer *ab,
>                 if (inode) {
>                         audit_log_format(ab, " dev=");
>                         audit_log_untrustedstring(ab, inode->i_sb->s_id);
> -                       audit_log_format(ab, " ino=%lu", inode->i_ino);
> +                       audit_log_format(ab, " ino=%llu", inode->i_ino);
>                 }
>                 break;
>         }
> @@ -228,7 +228,7 @@ void audit_log_lsm_data(struct audit_buffer *ab,
>                 if (inode) {
>                         audit_log_format(ab, " dev=");
>                         audit_log_untrustedstring(ab, inode->i_sb->s_id);
> -                       audit_log_format(ab, " ino=%lu", inode->i_ino);
> +                       audit_log_format(ab, " ino=%llu", inode->i_ino);
>                 }
>
>                 audit_log_format(ab, " ioctlcmd=0x%hx", a->u.op->cmd);
> @@ -246,7 +246,7 @@ void audit_log_lsm_data(struct audit_buffer *ab,
>                 if (inode) {
>                         audit_log_format(ab, " dev=");
>                         audit_log_untrustedstring(ab, inode->i_sb->s_id);
> -                       audit_log_format(ab, " ino=%lu", inode->i_ino);
> +                       audit_log_format(ab, " ino=%llu", inode->i_ino);
>                 }
>                 break;
>         }
> @@ -265,7 +265,7 @@ void audit_log_lsm_data(struct audit_buffer *ab,
>                 }
>                 audit_log_format(ab, " dev=");
>                 audit_log_untrustedstring(ab, inode->i_sb->s_id);
> -               audit_log_format(ab, " ino=%lu", inode->i_ino);
> +               audit_log_format(ab, " ino=%llu", inode->i_ino);
>                 rcu_read_unlock();
>                 break;
>         }
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index d8224ea113d1ac273aac1fb52324f00b3301ae75..150ea86ebc1f7c7f8391af4109a3da82b12d00d2 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -1400,7 +1400,7 @@ static int inode_doinit_use_xattr(struct inode *inode, struct dentry *dentry,
>         if (rc < 0) {
>                 kfree(context);
>                 if (rc != -ENODATA) {
> -                       pr_warn("SELinux: %s:  getxattr returned %d for dev=%s ino=%ld\n",
> +                       pr_warn("SELinux: %s:  getxattr returned %d for dev=%s ino=%lld\n",
>                                 __func__, -rc, inode->i_sb->s_id, inode->i_ino);
>                         return rc;
>                 }
> @@ -3477,7 +3477,7 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
>                                            &newsid);
>         if (rc) {
>                 pr_err("SELinux:  unable to map context to SID"
> -                      "for (%s, %lu), rc=%d\n",
> +                      "for (%s, %llu), rc=%d\n",
>                        inode->i_sb->s_id, inode->i_ino, -rc);
>                 return;
>         }
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index 98af9d7b943469d0ddd344fc78c0b87ca40c16c4..7e2f54c17a5d5c70740bbfa92ba4d4f1aca2cf22 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -182,7 +182,7 @@ static int smk_bu_inode(struct inode *inode, int mode, int rc)
>         char acc[SMK_NUM_ACCESS_TYPE + 1];
>
>         if (isp->smk_flags & SMK_INODE_IMPURE)
> -               pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
> +               pr_info("Smack Unconfined Corruption: inode=(%s %lld) %s\n",
>                         inode->i_sb->s_id, inode->i_ino, current->comm);
>
>         if (rc <= 0)
> @@ -195,7 +195,7 @@ static int smk_bu_inode(struct inode *inode, int mode, int rc)
>
>         smk_bu_mode(mode, acc);
>
> -       pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
> +       pr_info("Smack %s: (%s %s %s) inode=(%s %lld) %s\n", smk_bu_mess[rc],
>                 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
>                 inode->i_sb->s_id, inode->i_ino, current->comm);
>         return 0;
> @@ -214,7 +214,7 @@ static int smk_bu_file(struct file *file, int mode, int rc)
>         char acc[SMK_NUM_ACCESS_TYPE + 1];
>
>         if (isp->smk_flags & SMK_INODE_IMPURE)
> -               pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
> +               pr_info("Smack Unconfined Corruption: inode=(%s %lld) %s\n",
>                         inode->i_sb->s_id, inode->i_ino, current->comm);
>
>         if (rc <= 0)
> @@ -223,7 +223,7 @@ static int smk_bu_file(struct file *file, int mode, int rc)
>                 rc = 0;
>
>         smk_bu_mode(mode, acc);
> -       pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
> +       pr_info("Smack %s: (%s %s %s) file=(%s %lld %pD) %s\n", smk_bu_mess[rc],
>                 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
>                 inode->i_sb->s_id, inode->i_ino, file,
>                 current->comm);
> @@ -244,7 +244,7 @@ static int smk_bu_credfile(const struct cred *cred, struct file *file,
>         char acc[SMK_NUM_ACCESS_TYPE + 1];
>
>         if (isp->smk_flags & SMK_INODE_IMPURE)
> -               pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
> +               pr_info("Smack Unconfined Corruption: inode=(%s %lld) %s\n",
>                         inode->i_sb->s_id, inode->i_ino, current->comm);
>
>         if (rc <= 0)
> @@ -253,7 +253,7 @@ static int smk_bu_credfile(const struct cred *cred, struct file *file,
>                 rc = 0;
>
>         smk_bu_mode(mode, acc);
> -       pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
> +       pr_info("Smack %s: (%s %s %s) file=(%s %lld %pD) %s\n", smk_bu_mess[rc],
>                 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
>                 inode->i_sb->s_id, inode->i_ino, file,
>                 current->comm);
>
> --
> 2.53.0
>
>

^ permalink raw reply

* [PATCH v2] ima: Define and use a digest_size field in the ima_algo_desc structure
From: Roberto Sassu @ 2026-02-27 12:06 UTC (permalink / raw)
  To: zohar, dmitry.kasatkin, eric.snowberg, paul, jmorris, serge
  Cc: linux-integrity, linux-security-module, linux-kernel,
	devnull+dima.arista.com, Roberto Sassu

From: Roberto Sassu <roberto.sassu@huawei.com>

Add the digest_size field to the ima_algo_desc structure to determine the
digest size from the correct source.

If the hash algorithm is among allocated PCR banks, take the value from the
TPM bank info (equal to the value from the crypto subsystem if the TPM
algorithm is supported by it; otherwise, not exceding the size of the
digest buffer in the tpm_digest structure, used by IMA).

If the hash algorithm is SHA1, use the predefined value. Lastly, if the
hash algorithm is the default one but not among the PCR banks, take the
digest size from the crypto subsystem (the default hash algorithm is
checked when parsing the ima_hash= command line option).

Finally, use the new information to correctly show the template digest in
ima_measurements_show() and ima_ascii_measurements_show().

Link: https://github.com/linux-integrity/linux/issues/14
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
 security/integrity/ima/ima.h        |  1 +
 security/integrity/ima/ima_crypto.c |  6 ++++++
 security/integrity/ima/ima_fs.c     | 18 ++++++------------
 3 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 89ebe98ffc5e..c38a9eb945b6 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -53,6 +53,7 @@ extern atomic_t ima_setxattr_allowed_hash_algorithms;
 struct ima_algo_desc {
 	struct crypto_shash *tfm;
 	enum hash_algo algo;
+	unsigned int digest_size;
 };
 
 /* set during initialization */
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index 8ae7821a65c2..c2a859710d20 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -109,6 +109,7 @@ static struct crypto_shash *ima_alloc_tfm(enum hash_algo algo)
 
 int __init ima_init_crypto(void)
 {
+	unsigned int digest_size;
 	enum hash_algo algo;
 	long rc;
 	int i;
@@ -147,7 +148,9 @@ int __init ima_init_crypto(void)
 
 	for (i = 0; i < NR_BANKS(ima_tpm_chip); i++) {
 		algo = ima_tpm_chip->allocated_banks[i].crypto_id;
+		digest_size = ima_tpm_chip->allocated_banks[i].digest_size;
 		ima_algo_array[i].algo = algo;
+		ima_algo_array[i].digest_size = digest_size;
 
 		/* unknown TPM algorithm */
 		if (algo == HASH_ALGO__LAST)
@@ -183,12 +186,15 @@ int __init ima_init_crypto(void)
 		}
 
 		ima_algo_array[ima_sha1_idx].algo = HASH_ALGO_SHA1;
+		ima_algo_array[ima_sha1_idx].digest_size = SHA1_DIGEST_SIZE;
 	}
 
 	if (ima_hash_algo_idx >= NR_BANKS(ima_tpm_chip) &&
 	    ima_hash_algo_idx != ima_sha1_idx) {
+		digest_size = hash_digest_size[ima_hash_algo];
 		ima_algo_array[ima_hash_algo_idx].tfm = ima_shash_tfm;
 		ima_algo_array[ima_hash_algo_idx].algo = ima_hash_algo;
+		ima_algo_array[ima_hash_algo_idx].digest_size = digest_size;
 	}
 
 	return 0;
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index 012a58959ff0..23d3a14b8ce3 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -132,16 +132,12 @@ int ima_measurements_show(struct seq_file *m, void *v)
 	char *template_name;
 	u32 pcr, namelen, template_data_len; /* temporary fields */
 	bool is_ima_template = false;
-	enum hash_algo algo;
 	int i, algo_idx;
 
 	algo_idx = ima_sha1_idx;
-	algo = HASH_ALGO_SHA1;
 
-	if (m->file != NULL) {
+	if (m->file != NULL)
 		algo_idx = (unsigned long)file_inode(m->file)->i_private;
-		algo = ima_algo_array[algo_idx].algo;
-	}
 
 	/* get entry */
 	e = qe->entry;
@@ -160,7 +156,8 @@ int ima_measurements_show(struct seq_file *m, void *v)
 	ima_putc(m, &pcr, sizeof(e->pcr));
 
 	/* 2nd: template digest */
-	ima_putc(m, e->digests[algo_idx].digest, hash_digest_size[algo]);
+	ima_putc(m, e->digests[algo_idx].digest,
+		 ima_algo_array[algo_idx].digest_size);
 
 	/* 3rd: template name size */
 	namelen = !ima_canonical_fmt ? strlen(template_name) :
@@ -229,16 +226,12 @@ static int ima_ascii_measurements_show(struct seq_file *m, void *v)
 	struct ima_queue_entry *qe = v;
 	struct ima_template_entry *e;
 	char *template_name;
-	enum hash_algo algo;
 	int i, algo_idx;
 
 	algo_idx = ima_sha1_idx;
-	algo = HASH_ALGO_SHA1;
 
-	if (m->file != NULL) {
+	if (m->file != NULL)
 		algo_idx = (unsigned long)file_inode(m->file)->i_private;
-		algo = ima_algo_array[algo_idx].algo;
-	}
 
 	/* get entry */
 	e = qe->entry;
@@ -252,7 +245,8 @@ static int ima_ascii_measurements_show(struct seq_file *m, void *v)
 	seq_printf(m, "%2d ", e->pcr);
 
 	/* 2nd: template hash */
-	ima_print_digest(m, e->digests[algo_idx].digest, hash_digest_size[algo]);
+	ima_print_digest(m, e->digests[algo_idx].digest,
+			 ima_algo_array[algo_idx].digest_size);
 
 	/* 3th:  template name */
 	seq_printf(m, " %s", template_name);
-- 
2.43.0


^ permalink raw reply related

* Re: [PATCH 50/61] zonefs: update format strings for u64 i_ino
From: Johannes Thumshirn @ 2026-02-27 11:55 UTC (permalink / raw)
  To: Jeff Layton, Alexander Viro, Christian Brauner, Jan Kara,
	Steven Rostedt, Masami Hiramatsu, Mathieu Desnoyers, Dan Williams,
	Matthew Wilcox, Eric Biggers, Theodore Y. Ts'o, Muchun Song,
	Oscar Salvador, David Hildenbrand, David Howells, Paulo Alcantara,
	Andreas Dilger, Jan Kara, Jaegeuk Kim, Chao Yu, Trond Myklebust,
	Anna Schumaker, Chuck Lever, NeilBrown, Olga Kornievskaia,
	Dai Ngo, Tom Talpey, Steve French, Ronnie Sahlberg,
	Shyam Prasad N, Bharath SM, Alexander Aring, Ryusuke Konishi,
	Viacheslav Dubeyko, Eric Van Hensbergen, Latchesar Ionkov,
	Dominique Martinet, Christian Schoenebeck, David Sterba,
	Marc Dionne, Ian Kent, Luis de Bethencourt, Salah Triki,
	Tigran A. Aivazian, Ilya Dryomov, Alex Markuze, Jan Harkes,
	coda@cs.cmu.edu, Nicolas Pitre, Tyler Hicks, Amir Goldstein,
	hch@infradead.org, John Paul Adrian Glaubitz, Yangtao Li,
	Mikulas Patocka, David Woodhouse, Richard Weinberger,
	Dave Kleikamp, Konstantin Komarov, Mark Fasheh, Joel Becker,
	Joseph Qi, Mike Marshall, Martin Brandenburg, Miklos Szeredi,
	Anders Larsen, Zhihao Cheng, Damien Le Moal, Naohiro Aota,
	Johannes Thumshirn, John Johansen, Paul Moore, James Morris,
	Serge E. Hallyn, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
	Eric Snowberg, Fan Wu, Stephen Smalley, Ondrej Mosnacek,
	Casey Schaufler, Alex Deucher, Christian König, David Airlie,
	Simona Vetter, Sumit Semwal, Eric Dumazet, Kuniyuki Iwashima,
	Paolo Abeni, Willem de Bruijn, David S. Miller, Jakub Kicinski,
	Simon Horman, Oleg Nesterov, Peter Zijlstra, Ingo Molnar,
	Arnaldo Carvalho de Melo, Namhyung Kim, Mark Rutland,
	Alexander Shishkin, Jiri Olsa, Ian Rogers, Adrian Hunter,
	James Clark, Darrick J. Wong, Martin Schiller
  Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-trace-kernel@vger.kernel.org, nvdimm@lists.linux.dev,
	fsverity@lists.linux.dev, linux-mm@kvack.org,
	netfs@lists.linux.dev, linux-ext4@vger.kernel.org,
	linux-f2fs-devel@lists.sourceforge.net, linux-nfs@vger.kernel.org,
	linux-cifs@vger.kernel.org, samba-technical@lists.samba.org,
	linux-nilfs@vger.kernel.org, v9fs@lists.linux.dev,
	linux-afs@lists.infradead.org, autofs@vger.kernel.org,
	ceph-devel@vger.kernel.org, codalist@coda.cs.cmu.edu,
	ecryptfs@vger.kernel.org, linux-mtd@lists.infradead.org,
	jfs-discussion@lists.sourceforge.net, ntfs3@lists.linux.dev,
	ocfs2-devel@lists.linux.dev, devel@lists.orangefs.org,
	linux-unionfs@vger.kernel.org, apparmor@lists.ubuntu.com,
	linux-security-module@vger.kernel.org,
	linux-integrity@vger.kernel.org, selinux@vger.kernel.org,
	amd-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org,
	linux-media@vger.kernel.org, linaro-mm-sig@lists.linaro.org,
	netdev@vger.kernel.org, linux-perf-users@vger.kernel.org,
	linux-fscrypt@vger.kernel.org, linux-xfs@vger.kernel.org,
	linux-hams@vger.kernel.org, linux-x25@vger.kernel.org
In-Reply-To: <20260226-iino-u64-v1-50-ccceff366db9@kernel.org>

Looks good,

Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>


^ permalink raw reply

* Re: [PATCH 00/61] vfs: change inode->i_ino from unsigned long to u64
From: Jeff Layton @ 2026-02-27 11:52 UTC (permalink / raw)
  To: Christian König, Alexander Viro, Christian Brauner, Jan Kara,
	Steven Rostedt, Masami Hiramatsu, Mathieu Desnoyers, Dan Williams,
	Matthew Wilcox, Eric Biggers, Theodore Y. Ts'o, Muchun Song,
	Oscar Salvador, David Hildenbrand, David Howells, Paulo Alcantara,
	Andreas Dilger, Jan Kara, Jaegeuk Kim, Chao Yu, Trond Myklebust,
	Anna Schumaker, Chuck Lever, NeilBrown, Olga Kornievskaia,
	Dai Ngo, Tom Talpey, Steve French, Ronnie Sahlberg,
	Shyam Prasad N, Bharath SM, Alexander Aring, Ryusuke Konishi,
	Viacheslav Dubeyko, Eric Van Hensbergen, Latchesar Ionkov,
	Dominique Martinet, Christian Schoenebeck, David Sterba,
	Marc Dionne, Ian Kent, Luis de Bethencourt, Salah Triki,
	Tigran A. Aivazian, Ilya Dryomov, Alex Markuze, Jan Harkes, coda,
	Nicolas Pitre, Tyler Hicks, Amir Goldstein, Christoph Hellwig,
	John Paul Adrian Glaubitz, Yangtao Li, Mikulas Patocka,
	David Woodhouse, Richard Weinberger, Dave Kleikamp,
	Konstantin Komarov, Mark Fasheh, Joel Becker, Joseph Qi,
	Mike Marshall, Martin Brandenburg, Miklos Szeredi, Anders Larsen,
	Zhihao Cheng, Damien Le Moal, Naohiro Aota, Johannes Thumshirn,
	John Johansen, Paul Moore, James Morris, Serge E. Hallyn,
	Mimi Zohar, Roberto Sassu, Dmitry Kasatkin, Eric Snowberg, Fan Wu,
	Stephen Smalley, Ondrej Mosnacek, Casey Schaufler, Alex Deucher,
	David Airlie, Simona Vetter, Sumit Semwal, Eric Dumazet,
	Kuniyuki Iwashima, Paolo Abeni, Willem de Bruijn, David S. Miller,
	Jakub Kicinski, Simon Horman, Oleg Nesterov, Peter Zijlstra,
	Ingo Molnar, Arnaldo Carvalho de Melo, Namhyung Kim, Mark Rutland,
	Alexander Shishkin, Jiri Olsa, Ian Rogers, Adrian Hunter,
	James Clark, Darrick J. Wong, Martin Schiller
  Cc: linux-fsdevel, linux-kernel, linux-trace-kernel, nvdimm, fsverity,
	linux-mm, netfs, linux-ext4, linux-f2fs-devel, linux-nfs,
	linux-cifs, samba-technical, linux-nilfs, v9fs, linux-afs, autofs,
	ceph-devel, codalist, ecryptfs, linux-mtd, jfs-discussion, ntfs3,
	ocfs2-devel, devel, linux-unionfs, apparmor,
	linux-security-module, linux-integrity, selinux, amd-gfx,
	dri-devel, linux-media, linaro-mm-sig, netdev, linux-perf-users,
	linux-fscrypt, linux-xfs, linux-hams, linux-x25
In-Reply-To: <b4f32cab-2b34-4002-83d1-3ae038a4bb38@amd.com>

On Fri, 2026-02-27 at 10:30 +0100, Christian König wrote:
> On 2/26/26 16:55, Jeff Layton wrote:
> > Christian said [1] to "just do it" when I proposed this, so here we are!
> > 
> > For historical reasons, the inode->i_ino field is an unsigned long,
> > which means that it's 32 bits on 32 bit architectures. This has caused a
> > number of filesystems to implement hacks to hash a 64-bit identifier
> > into a 32-bit field, and deprives us of a universal identifier field for
> > an inode.
> > 
> > This patchset changes the inode->i_ino field from an unsigned long to a
> > u64. This shouldn't make any material difference on 64-bit hosts, but
> > 32-bit hosts will see struct inode grow by at least 4 bytes. This could
> > have effects on slabcache sizes and field alignment.
> > 
> > The bulk of the changes are to format strings and tracepoints, since the
> > kernel itself doesn't care that much about the i_ino field. The first
> > patch changes some vfs function arguments, so check that one out
> > carefully.
> > 
> > With this change, we may be able to shrink some inode structures. For
> > instance, struct nfs_inode has a fileid field that holds the 64-bit
> > inode number. With this set of changes, that field could be eliminated.
> > I'd rather leave that sort of cleanups for later just to keep this
> > simple.
> > 
> > Much of this set was generated by LLM, but I attributed it to myself
> > since I consider this to be in the "menial tasks" category of LLM usage.
> 
> Sounds reasonable to me, should get_next_ino() also be changed to return an 64bit ino?
> 

I'm not opposed to doing that, but I'd probably leave that for a
follow-on cleanup. Just doing the i_ino conversion is already making
for a huge patchset.
-- 
Jeff Layton <jlayton@kernel.org>

^ permalink raw reply

* Re: [PATCH 00/61] vfs: change inode->i_ino from unsigned long to u64
From: Christian Brauner @ 2026-02-27 10:06 UTC (permalink / raw)
  To: Jeff Layton
  Cc: Alexander Viro, Jan Kara, Steven Rostedt, Masami Hiramatsu,
	Mathieu Desnoyers, Dan Williams, Matthew Wilcox, Eric Biggers,
	Theodore Y. Ts'o, Muchun Song, Oscar Salvador,
	David Hildenbrand, David Howells, Paulo Alcantara, Andreas Dilger,
	Jan Kara, Jaegeuk Kim, Chao Yu, Trond Myklebust, Anna Schumaker,
	Chuck Lever, NeilBrown, Olga Kornievskaia, Dai Ngo, Tom Talpey,
	Steve French, Ronnie Sahlberg, Shyam Prasad N, Bharath SM,
	Alexander Aring, Ryusuke Konishi, Viacheslav Dubeyko,
	Eric Van Hensbergen, Latchesar Ionkov, Dominique Martinet,
	Christian Schoenebeck, David Sterba, Marc Dionne, Ian Kent,
	Luis de Bethencourt, Salah Triki, Tigran A. Aivazian,
	Ilya Dryomov, Alex Markuze, Jan Harkes, coda, Nicolas Pitre,
	Tyler Hicks, Amir Goldstein, Christoph Hellwig,
	John Paul Adrian Glaubitz, Yangtao Li, Mikulas Patocka,
	David Woodhouse, Richard Weinberger, Dave Kleikamp,
	Konstantin Komarov, Mark Fasheh, Joel Becker, Joseph Qi,
	Mike Marshall, Martin Brandenburg, Miklos Szeredi, Anders Larsen,
	Zhihao Cheng, Damien Le Moal, Naohiro Aota, Johannes Thumshirn,
	John Johansen, Paul Moore, James Morris, Serge E. Hallyn,
	Mimi Zohar, Roberto Sassu, Dmitry Kasatkin, Eric Snowberg, Fan Wu,
	Stephen Smalley, Ondrej Mosnacek, Casey Schaufler, Alex Deucher,
	Christian König, David Airlie, Simona Vetter, Sumit Semwal,
	Eric Dumazet, Kuniyuki Iwashima, Paolo Abeni, Willem de Bruijn,
	David S. Miller, Jakub Kicinski, Simon Horman, Oleg Nesterov,
	Peter Zijlstra, Ingo Molnar, Arnaldo Carvalho de Melo,
	Namhyung Kim, Mark Rutland, Alexander Shishkin, Jiri Olsa,
	Ian Rogers, Adrian Hunter, James Clark, Darrick J. Wong,
	Martin Schiller, linux-fsdevel, linux-kernel, linux-trace-kernel,
	nvdimm, fsverity, linux-mm, netfs, linux-ext4, linux-f2fs-devel,
	linux-nfs, linux-cifs, samba-technical, linux-nilfs, v9fs,
	linux-afs, autofs, ceph-devel, codalist, ecryptfs, linux-mtd,
	jfs-discussion, ntfs3, ocfs2-devel, devel, linux-unionfs,
	apparmor, linux-security-module, linux-integrity, selinux,
	amd-gfx, dri-devel, linux-media, linaro-mm-sig, netdev,
	linux-perf-users, linux-fscrypt, linux-xfs, linux-hams, linux-x25
In-Reply-To: <20260226-iino-u64-v1-0-ccceff366db9@kernel.org>

On Thu, Feb 26, 2026 at 10:55:02AM -0500, Jeff Layton wrote:
> Christian said [1] to "just do it" when I proposed this, so here we are!
> 
> For historical reasons, the inode->i_ino field is an unsigned long,
> which means that it's 32 bits on 32 bit architectures. This has caused a
> number of filesystems to implement hacks to hash a 64-bit identifier
> into a 32-bit field, and deprives us of a universal identifier field for
> an inode.
> 
> This patchset changes the inode->i_ino field from an unsigned long to a
> u64. This shouldn't make any material difference on 64-bit hosts, but
> 32-bit hosts will see struct inode grow by at least 4 bytes. This could
> have effects on slabcache sizes and field alignment.
> 
> The bulk of the changes are to format strings and tracepoints, since the
> kernel itself doesn't care that much about the i_ino field. The first
> patch changes some vfs function arguments, so check that one out
> carefully.
> 
> With this change, we may be able to shrink some inode structures. For
> instance, struct nfs_inode has a fileid field that holds the 64-bit
> inode number. With this set of changes, that field could be eliminated.
> I'd rather leave that sort of cleanups for later just to keep this
> simple.
> 
> Much of this set was generated by LLM, but I attributed it to myself
> since I consider this to be in the "menial tasks" category of LLM usage.
> 
> [1]: https://lore.kernel.org/linux-fsdevel/20260219-portrait-winkt-959070cee42f@brauner/

I'm working under the assumption that we have crossed the threshold and
people send patches they did completely themselves and also patches that
were done with the help of or almost completely by a tool. You have to
defend it one way or the other.

Frankly, as long as you understand what you're doing in general well and
I know that you are a trusted and thorough developer/maintainer I could
not care less if you tell me whether or not you did this all on your
own or with the help of some tool. In my experience, laziness grows with
experience but so does the amount of ideas. 

So attribute it to yourself or attribute it partially to the tool. I
personally don't care.

^ permalink raw reply


This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox