[PATCH] landlock: opened file never has a negative dentry

[PATCH] landlock: opened file never has a negative dentry

[Al Viro]

[don't really care which tree that goes through; right now it's
in viro/vfs.git #work.misc, but if somebody prefers to grab it
through a different tree, just say so]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 security/landlock/syscalls.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/security/landlock/syscalls.c b/security/landlock/syscalls.c
index 33eafb71e4f3..0116e9f93ffe 100644
--- a/security/landlock/syscalls.c
+++ b/security/landlock/syscalls.c
@@ -303,7 +303,6 @@ static int get_path_from_fd(const s32 fd, struct path *const path)
 	if ((fd_file(f)->f_op == &ruleset_fops) ||
 	    (fd_file(f)->f_path.mnt->mnt_flags & MNT_INTERNAL) ||
 	    (fd_file(f)->f_path.dentry->d_sb->s_flags & SB_NOUSER) ||
-	    d_is_negative(fd_file(f)->f_path.dentry) ||
 	    IS_PRIVATE(d_backing_inode(fd_file(f)->f_path.dentry)))
 		return -EBADFD;
 
-- 
2.39.5

[PATCH] apparmor: file never has NULL f_path.mnt

[Al Viro]

[don't really care which tree that goes through; right now it's
in viro/vfs.git #work.misc, but if somebody prefers to grab it
through a different tree, just say so]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 security/apparmor/file.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/apparmor/file.c b/security/apparmor/file.c
index d52a5b14dad4..f494217112c9 100644
--- a/security/apparmor/file.c
+++ b/security/apparmor/file.c
@@ -604,7 +604,7 @@ int aa_file_perm(const char *op, const struct cred *subj_cred,
 	rcu_read_unlock();
 	/* TODO: label cross check */
 
-	if (file->f_path.mnt && path_mediated_fs(file->f_path.dentry))
+	if (path_mediated_fs(file->f_path.dentry))
 		error = __file_path_perm(op, subj_cred, label, flabel, file,
 					 request, denied, in_atomic);
 
-- 
2.39.5

[PATCH] selinuxfs_fill_super(): don't bother with selinuxfs_info_free() on failures

[Al Viro]

[don't really care which tree that goes through; right now it's
in viro/vfs.git #work.misc, but if somebody prefers to grab it
through a different tree, just say so]

Failures in there will be followed by sel_kill_sb(), which will call
selinuxfs_info_free() anyway.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 security/selinux/selinuxfs.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index e67a8ce4b64c..b44b5919f4af 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -2097,8 +2097,6 @@ static int sel_fill_super(struct super_block *sb, struct fs_context *fc)
 	pr_err("SELinux: %s:  failed while creating inodes\n",
 		__func__);
 
-	selinux_fs_info_free(sb);
-
 	return ret;
 }
 
-- 
2.39.5

Re: [PATCH] landlock: opened file never has a negative dentry

[Christian Brauner]

On Sun, Jun 15, 2025 at 01:30:11AM +0100, Al Viro wrote:
> [don't really care which tree that goes through; right now it's
> in viro/vfs.git #work.misc, but if somebody prefers to grab it
> through a different tree, just say so]
> 
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

Re: [PATCH] apparmor: file never has NULL f_path.mnt

[Christian Brauner]

On Sun, Jun 15, 2025 at 01:31:10AM +0100, Al Viro wrote:
> [don't really care which tree that goes through; right now it's
> in viro/vfs.git #work.misc, but if somebody prefers to grab it
> through a different tree, just say so]
> 
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

Re: [PATCH] selinuxfs_fill_super(): don't bother with selinuxfs_info_free() on failures

[Christian Brauner]

On Sun, Jun 15, 2025 at 03:01:54AM +0100, Al Viro wrote:
> [don't really care which tree that goes through; right now it's
> in viro/vfs.git #work.misc, but if somebody prefers to grab it
> through a different tree, just say so]
> 
> Failures in there will be followed by sel_kill_sb(), which will call
> selinuxfs_info_free() anyway.
> 
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

Re: [PATCH] apparmor: file never has NULL f_path.mnt

[Ryan Lee]

Forwarding message thread to the AppArmor mailing list so that it also
has a record of this patch.

---------- Forwarded message ---------
From: Christian Brauner <brauner@kernel.org>
Date: Mon, Jun 16, 2025 at 7:23 AM
Subject: Re: [PATCH] apparmor: file never has NULL f_path.mnt
To: Al Viro <viro@zeniv.linux.org.uk>
Cc: <linux-fsdevel@vger.kernel.org>, <linux-security-module@vger.kernel.org>


On Sun, Jun 15, 2025 at 01:31:10AM +0100, Al Viro wrote:
> [don't really care which tree that goes through; right now it's
> in viro/vfs.git #work.misc, but if somebody prefers to grab it
> through a different tree, just say so]
>
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

Re: [PATCH] landlock: opened file never has a negative dentry

[Mickaël Salaün]

On Sun, Jun 15, 2025 at 01:30:11AM +0100, Al Viro wrote:
> [don't really care which tree that goes through; right now it's
> in viro/vfs.git #work.misc, but if somebody prefers to grab it
> through a different tree, just say so]
> 
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Acked-by: Mickaël Salaün <mic@digikod.net>

I'm happy to let you carry this patch with the others.  Thanks.

> ---
>  security/landlock/syscalls.c | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/security/landlock/syscalls.c b/security/landlock/syscalls.c
> index 33eafb71e4f3..0116e9f93ffe 100644
> --- a/security/landlock/syscalls.c
> +++ b/security/landlock/syscalls.c
> @@ -303,7 +303,6 @@ static int get_path_from_fd(const s32 fd, struct path *const path)
>  	if ((fd_file(f)->f_op == &ruleset_fops) ||
>  	    (fd_file(f)->f_path.mnt->mnt_flags & MNT_INTERNAL) ||
>  	    (fd_file(f)->f_path.dentry->d_sb->s_flags & SB_NOUSER) ||
> -	    d_is_negative(fd_file(f)->f_path.dentry) ||
>  	    IS_PRIVATE(d_backing_inode(fd_file(f)->f_path.dentry)))
>  		return -EBADFD;
>  
> -- 
> 2.39.5
> 
> 

Re: [PATCH] selinuxfs_fill_super(): don't bother with selinuxfs_info_free() on failures

[Paul Moore]

On Sat, Jun 14, 2025 at 10:02 PM Al Viro <viro@zeniv.linux.org.uk> wrote:
>
> [don't really care which tree that goes through; right now it's
> in viro/vfs.git #work.misc, but if somebody prefers to grab it
> through a different tree, just say so]
>
> Failures in there will be followed by sel_kill_sb(), which will call
> selinuxfs_info_free() anyway.
>
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---
>  security/selinux/selinuxfs.c | 2 --
>  1 file changed, 2 deletions(-)

Thanks Al.  I went ahead and merged this into the selinux/dev branch
to help avoid any merge issues, but if you've changed your mind and
feel strongly about taking it via your tree let me know.

-- 
paul-moore.com

Re: [PATCH] selinuxfs_fill_super(): don't bother with selinuxfs_info_free() on failures

[Al Viro]

On Tue, Jun 24, 2025 at 07:44:23PM -0400, Paul Moore wrote:
> On Sat, Jun 14, 2025 at 10:02 PM Al Viro <viro@zeniv.linux.org.uk> wrote:
> >
> > [don't really care which tree that goes through; right now it's
> > in viro/vfs.git #work.misc, but if somebody prefers to grab it
> > through a different tree, just say so]
> >
> > Failures in there will be followed by sel_kill_sb(), which will call
> > selinuxfs_info_free() anyway.
> >
> > Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> > ---
> >  security/selinux/selinuxfs.c | 2 --
> >  1 file changed, 2 deletions(-)
> 
> Thanks Al.  I went ahead and merged this into the selinux/dev branch
> to help avoid any merge issues, but if you've changed your mind and
> feel strongly about taking it via your tree let me know.

Dropped from #work.misc and #for-next