From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev,
Georgia Garcia <georgia.garcia@canonical.com>,
John Johansen <john.johansen@canonical.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.6 401/530] apparmor: pass cred through to audit info.
Date: Fri, 24 Nov 2023 17:49:27 +0000 [thread overview]
Message-ID: <20231124172040.234942754@linuxfoundation.org> (raw)
In-Reply-To: <20231124172028.107505484@linuxfoundation.org>
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: John Johansen <john.johansen@canonical.com>
[ Upstream commit 90c436a64a6e20482a9a613c47eb4af2e8a5328e ]
The cred is needed to properly audit some messages, and will be needed
in the future for uid conditional mediation. So pass it through to
where the apparmor_audit_data struct gets defined.
Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Stable-dep-of: 157a3537d6bc ("apparmor: Fix regression in mount mediation")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/apparmor/apparmorfs.c | 11 ++-
security/apparmor/capability.c | 5 +-
security/apparmor/domain.c | 97 +++++++++++-------
security/apparmor/file.c | 131 +++++++++++++++++--------
security/apparmor/include/audit.h | 1 +
security/apparmor/include/capability.h | 3 +-
security/apparmor/include/file.h | 17 ++--
security/apparmor/include/ipc.h | 4 +-
security/apparmor/include/mount.h | 21 ++--
security/apparmor/include/net.h | 6 +-
security/apparmor/include/policy.h | 9 +-
security/apparmor/include/resource.h | 3 +-
security/apparmor/include/task.h | 3 +-
security/apparmor/ipc.c | 14 ++-
security/apparmor/lsm.c | 85 +++++++++-------
security/apparmor/mount.c | 85 ++++++++++------
security/apparmor/net.c | 17 ++--
security/apparmor/policy.c | 33 ++++---
security/apparmor/resource.c | 23 +++--
security/apparmor/task.c | 31 +++---
20 files changed, 388 insertions(+), 211 deletions(-)
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index bd6a910f65282..261cef4c622fb 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -423,7 +423,7 @@ static ssize_t policy_update(u32 mask, const char __user *buf, size_t size,
/* high level check about policy management - fine grained in
* below after unpack
*/
- error = aa_may_manage_policy(label, ns, mask);
+ error = aa_may_manage_policy(current_cred(), label, ns, mask);
if (error)
goto end_section;
@@ -486,7 +486,8 @@ static ssize_t profile_remove(struct file *f, const char __user *buf,
/* high level check about policy management - fine grained in
* below after unpack
*/
- error = aa_may_manage_policy(label, ns, AA_MAY_REMOVE_POLICY);
+ error = aa_may_manage_policy(current_cred(), label, ns,
+ AA_MAY_REMOVE_POLICY);
if (error)
goto out;
@@ -1805,7 +1806,8 @@ static int ns_mkdir_op(struct mnt_idmap *idmap, struct inode *dir,
int error;
label = begin_current_label_crit_section();
- error = aa_may_manage_policy(label, NULL, AA_MAY_LOAD_POLICY);
+ error = aa_may_manage_policy(current_cred(), label, NULL,
+ AA_MAY_LOAD_POLICY);
end_current_label_crit_section(label);
if (error)
return error;
@@ -1854,7 +1856,8 @@ static int ns_rmdir_op(struct inode *dir, struct dentry *dentry)
int error;
label = begin_current_label_crit_section();
- error = aa_may_manage_policy(label, NULL, AA_MAY_LOAD_POLICY);
+ error = aa_may_manage_policy(current_cred(), label, NULL,
+ AA_MAY_LOAD_POLICY);
end_current_label_crit_section(label);
if (error)
return error;
diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c
index 58490cca035da..2fb6a2ea0b998 100644
--- a/security/apparmor/capability.c
+++ b/security/apparmor/capability.c
@@ -140,6 +140,7 @@ static int profile_capable(struct aa_profile *profile, int cap,
/**
* aa_capable - test permission to use capability
+ * @subj_cread: cred we are testing capability against
* @label: label being tested for capability (NOT NULL)
* @cap: capability to be tested
* @opts: CAP_OPT_NOAUDIT bit determines whether audit record is generated
@@ -148,12 +149,14 @@ static int profile_capable(struct aa_profile *profile, int cap,
*
* Returns: 0 on success, or else an error code.
*/
-int aa_capable(struct aa_label *label, int cap, unsigned int opts)
+int aa_capable(const struct cred *subj_cred, struct aa_label *label,
+ int cap, unsigned int opts)
{
struct aa_profile *profile;
int error = 0;
DEFINE_AUDIT_DATA(ad, LSM_AUDIT_DATA_CAP, AA_CLASS_CAP, OP_CAPABLE);
+ ad.subj_cred = subj_cred;
ad.common.u.cap = cap;
error = fn_for_each_confined(label, profile,
profile_capable(profile, cap, opts, &ad));
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index f3715cda59c52..543105cf7e334 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -31,6 +31,7 @@
/**
* may_change_ptraced_domain - check if can change profile on ptraced task
+ * @cred: cred of task changing domain
* @to_label: profile to change to (NOT NULL)
* @info: message if there is an error
*
@@ -39,28 +40,34 @@
*
* Returns: %0 or error if change not allowed
*/
-static int may_change_ptraced_domain(struct aa_label *to_label,
+static int may_change_ptraced_domain(const struct cred *to_cred,
+ struct aa_label *to_label,
const char **info)
{
struct task_struct *tracer;
struct aa_label *tracerl = NULL;
+ const struct cred *tracer_cred = NULL;
+
int error = 0;
rcu_read_lock();
tracer = ptrace_parent(current);
- if (tracer)
+ if (tracer) {
/* released below */
tracerl = aa_get_task_label(tracer);
-
+ tracer_cred = get_task_cred(tracer);
+ }
/* not ptraced */
if (!tracer || unconfined(tracerl))
goto out;
- error = aa_may_ptrace(tracerl, to_label, PTRACE_MODE_ATTACH);
+ error = aa_may_ptrace(tracer_cred, tracerl, to_cred, to_label,
+ PTRACE_MODE_ATTACH);
out:
rcu_read_unlock();
aa_put_label(tracerl);
+ put_cred(tracer_cred);
if (error)
*info = "ptrace prevents transition";
@@ -619,7 +626,8 @@ static struct aa_label *x_to_label(struct aa_profile *profile,
return new;
}
-static struct aa_label *profile_transition(struct aa_profile *profile,
+static struct aa_label *profile_transition(const struct cred *subj_cred,
+ struct aa_profile *profile,
const struct linux_binprm *bprm,
char *buffer, struct path_cond *cond,
bool *secure_exec)
@@ -709,7 +717,8 @@ static struct aa_label *profile_transition(struct aa_profile *profile,
}
audit:
- aa_audit_file(profile, &perms, OP_EXEC, MAY_EXEC, name, target, new,
+ aa_audit_file(subj_cred, profile, &perms, OP_EXEC, MAY_EXEC, name,
+ target, new,
cond->uid, info, error);
if (!new || nonewprivs) {
aa_put_label(new);
@@ -719,7 +728,8 @@ static struct aa_label *profile_transition(struct aa_profile *profile,
return new;
}
-static int profile_onexec(struct aa_profile *profile, struct aa_label *onexec,
+static int profile_onexec(const struct cred *subj_cred,
+ struct aa_profile *profile, struct aa_label *onexec,
bool stack, const struct linux_binprm *bprm,
char *buffer, struct path_cond *cond,
bool *secure_exec)
@@ -787,13 +797,15 @@ static int profile_onexec(struct aa_profile *profile, struct aa_label *onexec,
}
audit:
- return aa_audit_file(profile, &perms, OP_EXEC, AA_MAY_ONEXEC, xname,
+ return aa_audit_file(subj_cred, profile, &perms, OP_EXEC,
+ AA_MAY_ONEXEC, xname,
NULL, onexec, cond->uid, info, error);
}
/* ensure none ns domain transitions are correctly applied with onexec */
-static struct aa_label *handle_onexec(struct aa_label *label,
+static struct aa_label *handle_onexec(const struct cred *subj_cred,
+ struct aa_label *label,
struct aa_label *onexec, bool stack,
const struct linux_binprm *bprm,
char *buffer, struct path_cond *cond,
@@ -810,26 +822,28 @@ static struct aa_label *handle_onexec(struct aa_label *label,
if (!stack) {
error = fn_for_each_in_ns(label, profile,
- profile_onexec(profile, onexec, stack,
+ profile_onexec(subj_cred, profile, onexec, stack,
bprm, buffer, cond, unsafe));
if (error)
return ERR_PTR(error);
new = fn_label_build_in_ns(label, profile, GFP_KERNEL,
aa_get_newest_label(onexec),
- profile_transition(profile, bprm, buffer,
+ profile_transition(subj_cred, profile, bprm,
+ buffer,
cond, unsafe));
} else {
/* TODO: determine how much we want to loosen this */
error = fn_for_each_in_ns(label, profile,
- profile_onexec(profile, onexec, stack, bprm,
+ profile_onexec(subj_cred, profile, onexec, stack, bprm,
buffer, cond, unsafe));
if (error)
return ERR_PTR(error);
new = fn_label_build_in_ns(label, profile, GFP_KERNEL,
aa_label_merge(&profile->label, onexec,
GFP_KERNEL),
- profile_transition(profile, bprm, buffer,
+ profile_transition(subj_cred, profile, bprm,
+ buffer,
cond, unsafe));
}
@@ -838,7 +852,8 @@ static struct aa_label *handle_onexec(struct aa_label *label,
/* TODO: get rid of GLOBAL_ROOT_UID */
error = fn_for_each_in_ns(label, profile,
- aa_audit_file(profile, &nullperms, OP_CHANGE_ONEXEC,
+ aa_audit_file(subj_cred, profile, &nullperms,
+ OP_CHANGE_ONEXEC,
AA_MAY_ONEXEC, bprm->filename, NULL,
onexec, GLOBAL_ROOT_UID,
"failed to build target label", -ENOMEM));
@@ -857,6 +872,7 @@ int apparmor_bprm_creds_for_exec(struct linux_binprm *bprm)
{
struct aa_task_ctx *ctx;
struct aa_label *label, *new = NULL;
+ const struct cred *subj_cred;
struct aa_profile *profile;
char *buffer = NULL;
const char *info = NULL;
@@ -869,6 +885,7 @@ int apparmor_bprm_creds_for_exec(struct linux_binprm *bprm)
file_inode(bprm->file)->i_mode
};
+ subj_cred = current_cred();
ctx = task_ctx(current);
AA_BUG(!cred_label(bprm->cred));
AA_BUG(!ctx);
@@ -895,11 +912,12 @@ int apparmor_bprm_creds_for_exec(struct linux_binprm *bprm)
/* Test for onexec first as onexec override other x transitions. */
if (ctx->onexec)
- new = handle_onexec(label, ctx->onexec, ctx->token,
+ new = handle_onexec(subj_cred, label, ctx->onexec, ctx->token,
bprm, buffer, &cond, &unsafe);
else
new = fn_label_build(label, profile, GFP_KERNEL,
- profile_transition(profile, bprm, buffer,
+ profile_transition(subj_cred, profile, bprm,
+ buffer,
&cond, &unsafe));
AA_BUG(!new);
@@ -934,7 +952,7 @@ int apparmor_bprm_creds_for_exec(struct linux_binprm *bprm)
if (bprm->unsafe & (LSM_UNSAFE_PTRACE)) {
/* TODO: test needs to be profile of label to new */
- error = may_change_ptraced_domain(new, &info);
+ error = may_change_ptraced_domain(bprm->cred, new, &info);
if (error)
goto audit;
}
@@ -971,7 +989,8 @@ int apparmor_bprm_creds_for_exec(struct linux_binprm *bprm)
audit:
error = fn_for_each(label, profile,
- aa_audit_file(profile, &nullperms, OP_EXEC, MAY_EXEC,
+ aa_audit_file(current_cred(), profile, &nullperms,
+ OP_EXEC, MAY_EXEC,
bprm->filename, NULL, new,
vfsuid_into_kuid(vfsuid), info, error));
aa_put_label(new);
@@ -987,7 +1006,8 @@ int apparmor_bprm_creds_for_exec(struct linux_binprm *bprm)
*
* Returns: label for hat transition OR ERR_PTR. Does NOT return NULL
*/
-static struct aa_label *build_change_hat(struct aa_profile *profile,
+static struct aa_label *build_change_hat(const struct cred *subj_cred,
+ struct aa_profile *profile,
const char *name, bool sibling)
{
struct aa_profile *root, *hat = NULL;
@@ -1019,7 +1039,8 @@ static struct aa_label *build_change_hat(struct aa_profile *profile,
aa_put_profile(root);
audit:
- aa_audit_file(profile, &nullperms, OP_CHANGE_HAT, AA_MAY_CHANGEHAT,
+ aa_audit_file(subj_cred, profile, &nullperms, OP_CHANGE_HAT,
+ AA_MAY_CHANGEHAT,
name, hat ? hat->base.hname : NULL,
hat ? &hat->label : NULL, GLOBAL_ROOT_UID, info,
error);
@@ -1035,7 +1056,8 @@ static struct aa_label *build_change_hat(struct aa_profile *profile,
*
* Returns: label for hat transition or ERR_PTR. Does not return NULL
*/
-static struct aa_label *change_hat(struct aa_label *label, const char *hats[],
+static struct aa_label *change_hat(const struct cred *subj_cred,
+ struct aa_label *label, const char *hats[],
int count, int flags)
{
struct aa_profile *profile, *root, *hat = NULL;
@@ -1111,7 +1133,8 @@ static struct aa_label *change_hat(struct aa_label *label, const char *hats[],
*/
/* TODO: get rid of GLOBAL_ROOT_UID */
if (count > 1 || COMPLAIN_MODE(profile)) {
- aa_audit_file(profile, &nullperms, OP_CHANGE_HAT,
+ aa_audit_file(subj_cred, profile, &nullperms,
+ OP_CHANGE_HAT,
AA_MAY_CHANGEHAT, name, NULL, NULL,
GLOBAL_ROOT_UID, info, error);
}
@@ -1120,7 +1143,8 @@ static struct aa_label *change_hat(struct aa_label *label, const char *hats[],
build:
new = fn_label_build_in_ns(label, profile, GFP_KERNEL,
- build_change_hat(profile, name, sibling),
+ build_change_hat(subj_cred, profile, name,
+ sibling),
aa_get_label(&profile->label));
if (!new) {
info = "label build failed";
@@ -1150,7 +1174,7 @@ static struct aa_label *change_hat(struct aa_label *label, const char *hats[],
*/
int aa_change_hat(const char *hats[], int count, u64 token, int flags)
{
- const struct cred *cred;
+ const struct cred *subj_cred;
struct aa_task_ctx *ctx = task_ctx(current);
struct aa_label *label, *previous, *new = NULL, *target = NULL;
struct aa_profile *profile;
@@ -1159,8 +1183,8 @@ int aa_change_hat(const char *hats[], int count, u64 token, int flags)
int error = 0;
/* released below */
- cred = get_current_cred();
- label = aa_get_newest_cred_label(cred);
+ subj_cred = get_current_cred();
+ label = aa_get_newest_cred_label(subj_cred);
previous = aa_get_newest_label(ctx->previous);
/*
@@ -1180,7 +1204,7 @@ int aa_change_hat(const char *hats[], int count, u64 token, int flags)
}
if (count) {
- new = change_hat(label, hats, count, flags);
+ new = change_hat(subj_cred, label, hats, count, flags);
AA_BUG(!new);
if (IS_ERR(new)) {
error = PTR_ERR(new);
@@ -1189,7 +1213,8 @@ int aa_change_hat(const char *hats[], int count, u64 token, int flags)
goto out;
}
- error = may_change_ptraced_domain(new, &info);
+ /* target cred is the same as current except new label */
+ error = may_change_ptraced_domain(subj_cred, new, &info);
if (error)
goto fail;
@@ -1242,7 +1267,7 @@ int aa_change_hat(const char *hats[], int count, u64 token, int flags)
aa_put_label(new);
aa_put_label(previous);
aa_put_label(label);
- put_cred(cred);
+ put_cred(subj_cred);
return error;
@@ -1252,7 +1277,7 @@ int aa_change_hat(const char *hats[], int count, u64 token, int flags)
fail:
fn_for_each_in_ns(label, profile,
- aa_audit_file(profile, &perms, OP_CHANGE_HAT,
+ aa_audit_file(subj_cred, profile, &perms, OP_CHANGE_HAT,
AA_MAY_CHANGEHAT, NULL, NULL, target,
GLOBAL_ROOT_UID, info, error));
@@ -1261,6 +1286,7 @@ int aa_change_hat(const char *hats[], int count, u64 token, int flags)
static int change_profile_perms_wrapper(const char *op, const char *name,
+ const struct cred *subj_cred,
struct aa_profile *profile,
struct aa_label *target, bool stack,
u32 request, struct aa_perms *perms)
@@ -1275,7 +1301,8 @@ static int change_profile_perms_wrapper(const char *op, const char *name,
rules->file.start[AA_CLASS_FILE],
perms);
if (error)
- error = aa_audit_file(profile, perms, op, request, name,
+ error = aa_audit_file(subj_cred, profile, perms, op, request,
+ name,
NULL, target, GLOBAL_ROOT_UID, info,
error);
@@ -1304,6 +1331,7 @@ int aa_change_profile(const char *fqname, int flags)
const char *auditname = fqname; /* retain leading & if stack */
bool stack = flags & AA_CHANGE_STACK;
struct aa_task_ctx *ctx = task_ctx(current);
+ const struct cred *subj_cred = get_current_cred();
int error = 0;
char *op;
u32 request;
@@ -1381,6 +1409,7 @@ int aa_change_profile(const char *fqname, int flags)
*/
error = fn_for_each_in_ns(label, profile,
change_profile_perms_wrapper(op, auditname,
+ subj_cred,
profile, target, stack,
request, &perms));
if (error)
@@ -1391,7 +1420,7 @@ int aa_change_profile(const char *fqname, int flags)
check:
/* check if tracing task is allowed to trace target domain */
- error = may_change_ptraced_domain(target, &info);
+ error = may_change_ptraced_domain(subj_cred, target, &info);
if (error && !fn_for_each_in_ns(label, profile,
COMPLAIN_MODE(profile)))
goto audit;
@@ -1451,7 +1480,8 @@ int aa_change_profile(const char *fqname, int flags)
audit:
error = fn_for_each_in_ns(label, profile,
- aa_audit_file(profile, &perms, op, request, auditname,
+ aa_audit_file(subj_cred,
+ profile, &perms, op, request, auditname,
NULL, new ? new : target,
GLOBAL_ROOT_UID, info, error));
@@ -1459,6 +1489,7 @@ int aa_change_profile(const char *fqname, int flags)
aa_put_label(new);
aa_put_label(target);
aa_put_label(label);
+ put_cred(subj_cred);
return error;
}
diff --git a/security/apparmor/file.c b/security/apparmor/file.c
index 5bfa70a972071..6fd21324a097f 100644
--- a/security/apparmor/file.c
+++ b/security/apparmor/file.c
@@ -45,7 +45,7 @@ static void file_audit_cb(struct audit_buffer *ab, void *va)
{
struct common_audit_data *sa = va;
struct apparmor_audit_data *ad = aad(sa);
- kuid_t fsuid = current_fsuid();
+ kuid_t fsuid = ad->subj_cred ? ad->subj_cred->fsuid : current_fsuid();
char str[10];
if (ad->request & AA_AUDIT_FILE_MASK) {
@@ -77,6 +77,7 @@ static void file_audit_cb(struct audit_buffer *ab, void *va)
/**
* aa_audit_file - handle the auditing of file operations
+ * @subj_cred: cred of the subject
* @profile: the profile being enforced (NOT NULL)
* @perms: the permissions computed for the request (NOT NULL)
* @op: operation being mediated
@@ -90,7 +91,8 @@ static void file_audit_cb(struct audit_buffer *ab, void *va)
*
* Returns: %0 or error on failure
*/
-int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms,
+int aa_audit_file(const struct cred *subj_cred,
+ struct aa_profile *profile, struct aa_perms *perms,
const char *op, u32 request, const char *name,
const char *target, struct aa_label *tlabel,
kuid_t ouid, const char *info, int error)
@@ -98,6 +100,7 @@ int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms,
int type = AUDIT_APPARMOR_AUTO;
DEFINE_AUDIT_DATA(ad, LSM_AUDIT_DATA_TASK, AA_CLASS_FILE, op);
+ ad.subj_cred = subj_cred;
ad.request = request;
ad.name = name;
ad.fs.target = target;
@@ -141,7 +144,21 @@ int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms,
return aa_audit(type, profile, &ad, file_audit_cb);
}
-static int path_name(const char *op, struct aa_label *label,
+/**
+ * is_deleted - test if a file has been completely unlinked
+ * @dentry: dentry of file to test for deletion (NOT NULL)
+ *
+ * Returns: true if deleted else false
+ */
+static inline bool is_deleted(struct dentry *dentry)
+{
+ if (d_unlinked(dentry) && d_backing_inode(dentry)->i_nlink == 0)
+ return true;
+ return false;
+}
+
+static int path_name(const char *op, const struct cred *subj_cred,
+ struct aa_label *label,
const struct path *path, int flags, char *buffer,
const char **name, struct path_cond *cond, u32 request)
{
@@ -153,7 +170,8 @@ static int path_name(const char *op, struct aa_label *label,
labels_profile(label)->disconnected);
if (error) {
fn_for_each_confined(label, profile,
- aa_audit_file(profile, &nullperms, op, request, *name,
+ aa_audit_file(subj_cred,
+ profile, &nullperms, op, request, *name,
NULL, NULL, cond->uid, info, error));
return error;
}
@@ -207,9 +225,9 @@ aa_state_t aa_str_perms(struct aa_policydb *file_rules, aa_state_t start,
return state;
}
-static int __aa_path_perm(const char *op, struct aa_profile *profile,
- const char *name, u32 request,
- struct path_cond *cond, int flags,
+static int __aa_path_perm(const char *op, const struct cred *subj_cred,
+ struct aa_profile *profile, const char *name,
+ u32 request, struct path_cond *cond, int flags,
struct aa_perms *perms)
{
struct aa_ruleset *rules = list_first_entry(&profile->rules,
@@ -222,12 +240,14 @@ static int __aa_path_perm(const char *op, struct aa_profile *profile,
name, cond, perms);
if (request & ~perms->allow)
e = -EACCES;
- return aa_audit_file(profile, perms, op, request, name, NULL, NULL,
+ return aa_audit_file(subj_cred,
+ profile, perms, op, request, name, NULL, NULL,
cond->uid, NULL, e);
}
-static int profile_path_perm(const char *op, struct aa_profile *profile,
+static int profile_path_perm(const char *op, const struct cred *subj_cred,
+ struct aa_profile *profile,
const struct path *path, char *buffer, u32 request,
struct path_cond *cond, int flags,
struct aa_perms *perms)
@@ -238,18 +258,19 @@ static int profile_path_perm(const char *op, struct aa_profile *profile,
if (profile_unconfined(profile))
return 0;
- error = path_name(op, &profile->label, path,
+ error = path_name(op, subj_cred, &profile->label, path,
flags | profile->path_flags, buffer, &name, cond,
request);
if (error)
return error;
- return __aa_path_perm(op, profile, name, request, cond, flags,
- perms);
+ return __aa_path_perm(op, subj_cred, profile, name, request, cond,
+ flags, perms);
}
/**
* aa_path_perm - do permissions check & audit for @path
* @op: operation being checked
+ * @subj_cred: subject cred
* @label: profile being enforced (NOT NULL)
* @path: path to check permissions of (NOT NULL)
* @flags: any additional path flags beyond what the profile specifies
@@ -258,7 +279,8 @@ static int profile_path_perm(const char *op, struct aa_profile *profile,
*
* Returns: %0 else error if access denied or other error
*/
-int aa_path_perm(const char *op, struct aa_label *label,
+int aa_path_perm(const char *op, const struct cred *subj_cred,
+ struct aa_label *label,
const struct path *path, int flags, u32 request,
struct path_cond *cond)
{
@@ -273,8 +295,8 @@ int aa_path_perm(const char *op, struct aa_label *label,
if (!buffer)
return -ENOMEM;
error = fn_for_each_confined(label, profile,
- profile_path_perm(op, profile, path, buffer, request,
- cond, flags, &perms));
+ profile_path_perm(op, subj_cred, profile, path, buffer,
+ request, cond, flags, &perms));
aa_put_buffer(buffer);
@@ -301,7 +323,8 @@ static inline bool xindex_is_subset(u32 link, u32 target)
return true;
}
-static int profile_path_link(struct aa_profile *profile,
+static int profile_path_link(const struct cred *subj_cred,
+ struct aa_profile *profile,
const struct path *link, char *buffer,
const struct path *target, char *buffer2,
struct path_cond *cond)
@@ -315,13 +338,15 @@ static int profile_path_link(struct aa_profile *profile,
aa_state_t state;
int error;
- error = path_name(OP_LINK, &profile->label, link, profile->path_flags,
+ error = path_name(OP_LINK, subj_cred, &profile->label, link,
+ profile->path_flags,
buffer, &lname, cond, AA_MAY_LINK);
if (error)
goto audit;
/* buffer2 freed below, tname is pointer in buffer2 */
- error = path_name(OP_LINK, &profile->label, target, profile->path_flags,
+ error = path_name(OP_LINK, subj_cred, &profile->label, target,
+ profile->path_flags,
buffer2, &tname, cond, AA_MAY_LINK);
if (error)
goto audit;
@@ -381,12 +406,14 @@ static int profile_path_link(struct aa_profile *profile,
error = 0;
audit:
- return aa_audit_file(profile, &lperms, OP_LINK, request, lname, tname,
+ return aa_audit_file(subj_cred,
+ profile, &lperms, OP_LINK, request, lname, tname,
NULL, cond->uid, info, error);
}
/**
* aa_path_link - Handle hard link permission check
+ * @subj_cred: subject cred
* @label: the label being enforced (NOT NULL)
* @old_dentry: the target dentry (NOT NULL)
* @new_dir: directory the new link will be created in (NOT NULL)
@@ -403,7 +430,8 @@ static int profile_path_link(struct aa_profile *profile,
*
* Returns: %0 if allowed else error
*/
-int aa_path_link(struct aa_label *label, struct dentry *old_dentry,
+int aa_path_link(const struct cred *subj_cred,
+ struct aa_label *label, struct dentry *old_dentry,
const struct path *new_dir, struct dentry *new_dentry)
{
struct path link = { .mnt = new_dir->mnt, .dentry = new_dentry };
@@ -424,8 +452,8 @@ int aa_path_link(struct aa_label *label, struct dentry *old_dentry,
goto out;
error = fn_for_each_confined(label, profile,
- profile_path_link(profile, &link, buffer, &target,
- buffer2, &cond));
+ profile_path_link(subj_cred, profile, &link, buffer,
+ &target, buffer2, &cond));
out:
aa_put_buffer(buffer);
aa_put_buffer(buffer2);
@@ -453,7 +481,8 @@ static void update_file_ctx(struct aa_file_ctx *fctx, struct aa_label *label,
spin_unlock(&fctx->lock);
}
-static int __file_path_perm(const char *op, struct aa_label *label,
+static int __file_path_perm(const char *op, const struct cred *subj_cred,
+ struct aa_label *label,
struct aa_label *flabel, struct file *file,
u32 request, u32 denied, bool in_atomic)
{
@@ -480,7 +509,8 @@ static int __file_path_perm(const char *op, struct aa_label *label,
/* check every profile in task label not in current cache */
error = fn_for_each_not_in_set(flabel, label, profile,
- profile_path_perm(op, profile, &file->f_path, buffer,
+ profile_path_perm(op, subj_cred, profile,
+ &file->f_path, buffer,
request, &cond, flags, &perms));
if (denied && !error) {
/*
@@ -493,12 +523,14 @@ static int __file_path_perm(const char *op, struct aa_label *label,
*/
if (label == flabel)
error = fn_for_each(label, profile,
- profile_path_perm(op, profile, &file->f_path,
+ profile_path_perm(op, subj_cred,
+ profile, &file->f_path,
buffer, request, &cond, flags,
&perms));
else
error = fn_for_each_not_in_set(label, flabel, profile,
- profile_path_perm(op, profile, &file->f_path,
+ profile_path_perm(op, subj_cred,
+ profile, &file->f_path,
buffer, request, &cond, flags,
&perms));
}
@@ -510,7 +542,8 @@ static int __file_path_perm(const char *op, struct aa_label *label,
return error;
}
-static int __file_sock_perm(const char *op, struct aa_label *label,
+static int __file_sock_perm(const char *op, const struct cred *subj_cred,
+ struct aa_label *label,
struct aa_label *flabel, struct file *file,
u32 request, u32 denied)
{
@@ -524,11 +557,12 @@ static int __file_sock_perm(const char *op, struct aa_label *label,
return 0;
/* TODO: improve to skip profiles cached in flabel */
- error = aa_sock_file_perm(label, op, request, sock);
+ error = aa_sock_file_perm(subj_cred, label, op, request, sock);
if (denied) {
/* TODO: improve to skip profiles checked above */
/* check every profile in file label to is cached */
- last_error(error, aa_sock_file_perm(flabel, op, request, sock));
+ last_error(error, aa_sock_file_perm(subj_cred, flabel, op,
+ request, sock));
}
if (!error)
update_file_ctx(file_ctx(file), label, request);
@@ -539,6 +573,7 @@ static int __file_sock_perm(const char *op, struct aa_label *label,
/**
* aa_file_perm - do permission revalidation check & audit for @file
* @op: operation being checked
+ * @subj_cred: subject cred
* @label: label being enforced (NOT NULL)
* @file: file to revalidate access permissions on (NOT NULL)
* @request: requested permissions
@@ -546,7 +581,8 @@ static int __file_sock_perm(const char *op, struct aa_label *label,
*
* Returns: %0 if access allowed else error
*/
-int aa_file_perm(const char *op, struct aa_label *label, struct file *file,
+int aa_file_perm(const char *op, const struct cred *subj_cred,
+ struct aa_label *label, struct file *file,
u32 request, bool in_atomic)
{
struct aa_file_ctx *fctx;
@@ -582,19 +618,19 @@ int aa_file_perm(const char *op, struct aa_label *label, struct file *file,
/* TODO: label cross check */
if (file->f_path.mnt && path_mediated_fs(file->f_path.dentry))
- error = __file_path_perm(op, label, flabel, file, request,
- denied, in_atomic);
+ error = __file_path_perm(op, subj_cred, label, flabel, file,
+ request, denied, in_atomic);
else if (S_ISSOCK(file_inode(file)->i_mode))
- error = __file_sock_perm(op, label, flabel, file, request,
- denied);
+ error = __file_sock_perm(op, subj_cred, label, flabel, file,
+ request, denied);
aa_put_label(flabel);
done:
return error;
}
-static void revalidate_tty(struct aa_label *label)
+static void revalidate_tty(const struct cred *subj_cred, struct aa_label *label)
{
struct tty_struct *tty;
int drop_tty = 0;
@@ -612,8 +648,8 @@ static void revalidate_tty(struct aa_label *label)
struct tty_file_private, list);
file = file_priv->file;
- if (aa_file_perm(OP_INHERIT, label, file, MAY_READ | MAY_WRITE,
- IN_ATOMIC))
+ if (aa_file_perm(OP_INHERIT, subj_cred, label, file,
+ MAY_READ | MAY_WRITE, IN_ATOMIC))
drop_tty = 1;
}
spin_unlock(&tty->files_lock);
@@ -623,12 +659,17 @@ static void revalidate_tty(struct aa_label *label)
no_tty();
}
+struct cred_label {
+ const struct cred *cred;
+ struct aa_label *label;
+};
+
static int match_file(const void *p, struct file *file, unsigned int fd)
{
- struct aa_label *label = (struct aa_label *)p;
+ struct cred_label *cl = (struct cred_label *)p;
- if (aa_file_perm(OP_INHERIT, label, file, aa_map_file_to_perms(file),
- IN_ATOMIC))
+ if (aa_file_perm(OP_INHERIT, cl->cred, cl->label, file,
+ aa_map_file_to_perms(file), IN_ATOMIC))
return fd + 1;
return 0;
}
@@ -638,13 +679,17 @@ static int match_file(const void *p, struct file *file, unsigned int fd)
void aa_inherit_files(const struct cred *cred, struct files_struct *files)
{
struct aa_label *label = aa_get_newest_cred_label(cred);
+ struct cred_label cl = {
+ .cred = cred,
+ .label = label,
+ };
struct file *devnull = NULL;
unsigned int n;
- revalidate_tty(label);
+ revalidate_tty(cred, label);
/* Revalidate access to inherited open files. */
- n = iterate_fd(files, 0, match_file, label);
+ n = iterate_fd(files, 0, match_file, &cl);
if (!n) /* none found? */
goto out;
@@ -654,7 +699,7 @@ void aa_inherit_files(const struct cred *cred, struct files_struct *files)
/* replace all the matching ones with this */
do {
replace_fd(n - 1, devnull, 0);
- } while ((n = iterate_fd(files, n, match_file, label)) != 0);
+ } while ((n = iterate_fd(files, n, match_file, &cl)) != 0);
if (devnull)
fput(devnull);
out:
diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h
index 096f0a04af87f..42d701fec5a6d 100644
--- a/security/apparmor/include/audit.h
+++ b/security/apparmor/include/audit.h
@@ -109,6 +109,7 @@ struct apparmor_audit_data {
int type;
u16 class;
const char *op;
+ const struct cred *subj_cred;
struct aa_label *subj_label;
const char *name;
const char *info;
diff --git a/security/apparmor/include/capability.h b/security/apparmor/include/capability.h
index d420e2d10b31b..d6dcc604ec0cc 100644
--- a/security/apparmor/include/capability.h
+++ b/security/apparmor/include/capability.h
@@ -36,7 +36,8 @@ struct aa_caps {
extern struct aa_sfs_entry aa_sfs_entry_caps[];
-int aa_capable(struct aa_label *label, int cap, unsigned int opts);
+int aa_capable(const struct cred *subj_cred, struct aa_label *label,
+ int cap, unsigned int opts);
static inline void aa_free_cap_rules(struct aa_caps *caps)
{
diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h
index 5be620af33ba0..64dc6d1a7a05c 100644
--- a/security/apparmor/include/file.h
+++ b/security/apparmor/include/file.h
@@ -108,7 +108,8 @@ struct path_cond {
#define COMBINED_PERM_MASK(X) ((X).allow | (X).audit | (X).quiet | (X).kill)
-int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms,
+int aa_audit_file(const struct cred *cred,
+ struct aa_profile *profile, struct aa_perms *perms,
const char *op, u32 request, const char *name,
const char *target, struct aa_label *tlabel, kuid_t ouid,
const char *info, int error);
@@ -119,14 +120,16 @@ aa_state_t aa_str_perms(struct aa_policydb *file_rules, aa_state_t start,
const char *name, struct path_cond *cond,
struct aa_perms *perms);
-int aa_path_perm(const char *op, struct aa_label *label,
- const struct path *path, int flags, u32 request,
- struct path_cond *cond);
+int aa_path_perm(const char *op, const struct cred *subj_cred,
+ struct aa_label *label, const struct path *path,
+ int flags, u32 request, struct path_cond *cond);
-int aa_path_link(struct aa_label *label, struct dentry *old_dentry,
- const struct path *new_dir, struct dentry *new_dentry);
+int aa_path_link(const struct cred *subj_cred, struct aa_label *label,
+ struct dentry *old_dentry, const struct path *new_dir,
+ struct dentry *new_dentry);
-int aa_file_perm(const char *op, struct aa_label *label, struct file *file,
+int aa_file_perm(const char *op, const struct cred *subj_cred,
+ struct aa_label *label, struct file *file,
u32 request, bool in_atomic);
void aa_inherit_files(const struct cred *cred, struct files_struct *files);
diff --git a/security/apparmor/include/ipc.h b/security/apparmor/include/ipc.h
index a1ac6ffb95e9c..74d17052f76bc 100644
--- a/security/apparmor/include/ipc.h
+++ b/security/apparmor/include/ipc.h
@@ -13,6 +13,8 @@
#include <linux/sched.h>
-int aa_may_signal(struct aa_label *sender, struct aa_label *target, int sig);
+int aa_may_signal(const struct cred *subj_cred, struct aa_label *sender,
+ const struct cred *target_cred, struct aa_label *target,
+ int sig);
#endif /* __AA_IPC_H */
diff --git a/security/apparmor/include/mount.h b/security/apparmor/include/mount.h
index a710683b24965..10c76f906a653 100644
--- a/security/apparmor/include/mount.h
+++ b/security/apparmor/include/mount.h
@@ -25,26 +25,33 @@
#define AA_MS_IGNORE_MASK (MS_KERNMOUNT | MS_NOSEC | MS_ACTIVE | MS_BORN)
-int aa_remount(struct aa_label *label, const struct path *path,
+int aa_remount(const struct cred *subj_cred,
+ struct aa_label *label, const struct path *path,
unsigned long flags, void *data);
-int aa_bind_mount(struct aa_label *label, const struct path *path,
+int aa_bind_mount(const struct cred *subj_cred,
+ struct aa_label *label, const struct path *path,
const char *old_name, unsigned long flags);
-int aa_mount_change_type(struct aa_label *label, const struct path *path,
+int aa_mount_change_type(const struct cred *subj_cred,
+ struct aa_label *label, const struct path *path,
unsigned long flags);
-int aa_move_mount(struct aa_label *label, const struct path *path,
+int aa_move_mount(const struct cred *subj_cred,
+ struct aa_label *label, const struct path *path,
const char *old_name);
-int aa_new_mount(struct aa_label *label, const char *dev_name,
+int aa_new_mount(const struct cred *subj_cred,
+ struct aa_label *label, const char *dev_name,
const struct path *path, const char *type, unsigned long flags,
void *data);
-int aa_umount(struct aa_label *label, struct vfsmount *mnt, int flags);
+int aa_umount(const struct cred *subj_cred,
+ struct aa_label *label, struct vfsmount *mnt, int flags);
-int aa_pivotroot(struct aa_label *label, const struct path *old_path,
+int aa_pivotroot(const struct cred *subj_cred,
+ struct aa_label *label, const struct path *old_path,
const struct path *new_path);
#endif /* __AA_MOUNT_H */
diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h
index a336e57864e89..aa8515af677f0 100644
--- a/security/apparmor/include/net.h
+++ b/security/apparmor/include/net.h
@@ -93,7 +93,8 @@ void audit_net_cb(struct audit_buffer *ab, void *va);
int aa_profile_af_perm(struct aa_profile *profile,
struct apparmor_audit_data *ad,
u32 request, u16 family, int type);
-int aa_af_perm(struct aa_label *label, const char *op, u32 request, u16 family,
+int aa_af_perm(const struct cred *subj_cred, struct aa_label *label,
+ const char *op, u32 request, u16 family,
int type, int protocol);
static inline int aa_profile_af_sk_perm(struct aa_profile *profile,
struct apparmor_audit_data *ad,
@@ -105,7 +106,8 @@ static inline int aa_profile_af_sk_perm(struct aa_profile *profile,
}
int aa_sk_perm(const char *op, u32 request, struct sock *sk);
-int aa_sock_file_perm(struct aa_label *label, const char *op, u32 request,
+int aa_sock_file_perm(const struct cred *subj_cred, struct aa_label *label,
+ const char *op, u32 request,
struct socket *sock);
int apparmor_secmark_check(struct aa_label *label, char *op, u32 request,
diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
index 545f791cabdae..fa15a5c7febb8 100644
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -370,9 +370,12 @@ static inline int AUDIT_MODE(struct aa_profile *profile)
return profile->audit;
}
-bool aa_policy_view_capable(struct aa_label *label, struct aa_ns *ns);
-bool aa_policy_admin_capable(struct aa_label *label, struct aa_ns *ns);
-int aa_may_manage_policy(struct aa_label *label, struct aa_ns *ns,
+bool aa_policy_view_capable(const struct cred *subj_cred,
+ struct aa_label *label, struct aa_ns *ns);
+bool aa_policy_admin_capable(const struct cred *subj_cred,
+ struct aa_label *label, struct aa_ns *ns);
+int aa_may_manage_policy(const struct cred *subj_cred,
+ struct aa_label *label, struct aa_ns *ns,
u32 mask);
bool aa_current_policy_view_capable(struct aa_ns *ns);
bool aa_current_policy_admin_capable(struct aa_ns *ns);
diff --git a/security/apparmor/include/resource.h b/security/apparmor/include/resource.h
index 961d85d328ea9..ad2c0da8e64fc 100644
--- a/security/apparmor/include/resource.h
+++ b/security/apparmor/include/resource.h
@@ -33,7 +33,8 @@ struct aa_rlimit {
extern struct aa_sfs_entry aa_sfs_entry_rlimit[];
int aa_map_resource(int resource);
-int aa_task_setrlimit(struct aa_label *label, struct task_struct *task,
+int aa_task_setrlimit(const struct cred *subj_cred, struct aa_label *label,
+ struct task_struct *task,
unsigned int resource, struct rlimit *new_rlim);
void __aa_transition_rlimits(struct aa_label *old, struct aa_label *new);
diff --git a/security/apparmor/include/task.h b/security/apparmor/include/task.h
index 13437d62c70f4..29ba55107b7d6 100644
--- a/security/apparmor/include/task.h
+++ b/security/apparmor/include/task.h
@@ -91,7 +91,8 @@ static inline void aa_clear_task_ctx_trans(struct aa_task_ctx *ctx)
"segv usr2 pipe alrm term stkflt chld cont stop stp ttin ttou urg " \
"xcpu xfsz vtalrm prof winch io pwr sys emt lost"
-int aa_may_ptrace(struct aa_label *tracer, struct aa_label *tracee,
+int aa_may_ptrace(const struct cred *tracer_cred, struct aa_label *tracer,
+ const struct cred *tracee_cred, struct aa_label *tracee,
u32 request);
diff --git a/security/apparmor/ipc.c b/security/apparmor/ipc.c
index fd8306399b820..c0d0dbd7b4c4b 100644
--- a/security/apparmor/ipc.c
+++ b/security/apparmor/ipc.c
@@ -75,7 +75,8 @@ static void audit_signal_cb(struct audit_buffer *ab, void *va)
FLAGS_NONE, GFP_ATOMIC);
}
-static int profile_signal_perm(struct aa_profile *profile,
+static int profile_signal_perm(const struct cred *cred,
+ struct aa_profile *profile,
struct aa_label *peer, u32 request,
struct apparmor_audit_data *ad)
{
@@ -88,6 +89,7 @@ static int profile_signal_perm(struct aa_profile *profile,
!ANY_RULE_MEDIATES(&profile->rules, AA_CLASS_SIGNAL))
return 0;
+ ad->subj_cred = cred;
ad->peer = peer;
/* TODO: secondary cache check <profile, profile, perm> */
state = aa_dfa_next(rules->policy.dfa,
@@ -98,7 +100,9 @@ static int profile_signal_perm(struct aa_profile *profile,
return aa_check_perms(profile, &perms, request, ad, audit_signal_cb);
}
-int aa_may_signal(struct aa_label *sender, struct aa_label *target, int sig)
+int aa_may_signal(const struct cred *subj_cred, struct aa_label *sender,
+ const struct cred *target_cred, struct aa_label *target,
+ int sig)
{
struct aa_profile *profile;
DEFINE_AUDIT_DATA(ad, LSM_AUDIT_DATA_NONE, AA_CLASS_SIGNAL, OP_SIGNAL);
@@ -106,6 +110,8 @@ int aa_may_signal(struct aa_label *sender, struct aa_label *target, int sig)
ad.signal = map_signal_num(sig);
ad.unmappedsig = sig;
return xcheck_labels(sender, target, profile,
- profile_signal_perm(profile, target, MAY_WRITE, &ad),
- profile_signal_perm(profile, sender, MAY_READ, &ad));
+ profile_signal_perm(subj_cred, profile, target,
+ MAY_WRITE, &ad),
+ profile_signal_perm(target_cred, profile, sender,
+ MAY_READ, &ad));
}
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 359fbfbb4a66e..60f95cc4532a8 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -116,15 +116,17 @@ static int apparmor_ptrace_access_check(struct task_struct *child,
unsigned int mode)
{
struct aa_label *tracer, *tracee;
+ const struct cred *cred;
int error;
+ cred = get_task_cred(child);
+ tracee = cred_label(cred); /* ref count on cred */
tracer = __begin_current_label_crit_section();
- tracee = aa_get_task_label(child);
- error = aa_may_ptrace(tracer, tracee,
+ error = aa_may_ptrace(current_cred(), tracer, cred, tracee,
(mode & PTRACE_MODE_READ) ? AA_PTRACE_READ
: AA_PTRACE_TRACE);
- aa_put_label(tracee);
__end_current_label_crit_section(tracer);
+ put_cred(cred);
return error;
}
@@ -132,12 +134,15 @@ static int apparmor_ptrace_access_check(struct task_struct *child,
static int apparmor_ptrace_traceme(struct task_struct *parent)
{
struct aa_label *tracer, *tracee;
+ const struct cred *cred;
int error;
tracee = __begin_current_label_crit_section();
- tracer = aa_get_task_label(parent);
- error = aa_may_ptrace(tracer, tracee, AA_PTRACE_TRACE);
- aa_put_label(tracer);
+ cred = get_task_cred(parent);
+ tracer = cred_label(cred); /* ref count on cred */
+ error = aa_may_ptrace(cred, tracer, current_cred(), tracee,
+ AA_PTRACE_TRACE);
+ put_cred(cred);
__end_current_label_crit_section(tracee);
return error;
@@ -188,7 +193,7 @@ static int apparmor_capable(const struct cred *cred, struct user_namespace *ns,
label = aa_get_newest_cred_label(cred);
if (!unconfined(label))
- error = aa_capable(label, cap, opts);
+ error = aa_capable(cred, label, cap, opts);
aa_put_label(label);
return error;
@@ -211,7 +216,8 @@ static int common_perm(const char *op, const struct path *path, u32 mask,
label = __begin_current_label_crit_section();
if (!unconfined(label))
- error = aa_path_perm(op, label, path, 0, mask, cond);
+ error = aa_path_perm(op, current_cred(), label, path, 0, mask,
+ cond);
__end_current_label_crit_section(label);
return error;
@@ -357,7 +363,8 @@ static int apparmor_path_link(struct dentry *old_dentry, const struct path *new_
label = begin_current_label_crit_section();
if (!unconfined(label))
- error = aa_path_link(label, old_dentry, new_dir, new_dentry);
+ error = aa_path_link(current_cred(), label, old_dentry, new_dir,
+ new_dentry);
end_current_label_crit_section(label);
return error;
@@ -396,23 +403,27 @@ static int apparmor_path_rename(const struct path *old_dir, struct dentry *old_d
vfsuid = i_uid_into_vfsuid(idmap, d_backing_inode(old_dentry));
cond_exchange.uid = vfsuid_into_kuid(vfsuid);
- error = aa_path_perm(OP_RENAME_SRC, label, &new_path, 0,
+ error = aa_path_perm(OP_RENAME_SRC, current_cred(),
+ label, &new_path, 0,
MAY_READ | AA_MAY_GETATTR | MAY_WRITE |
AA_MAY_SETATTR | AA_MAY_DELETE,
&cond_exchange);
if (!error)
- error = aa_path_perm(OP_RENAME_DEST, label, &old_path,
+ error = aa_path_perm(OP_RENAME_DEST, current_cred(),
+ label, &old_path,
0, MAY_WRITE | AA_MAY_SETATTR |
AA_MAY_CREATE, &cond_exchange);
}
if (!error)
- error = aa_path_perm(OP_RENAME_SRC, label, &old_path, 0,
+ error = aa_path_perm(OP_RENAME_SRC, current_cred(),
+ label, &old_path, 0,
MAY_READ | AA_MAY_GETATTR | MAY_WRITE |
AA_MAY_SETATTR | AA_MAY_DELETE,
&cond);
if (!error)
- error = aa_path_perm(OP_RENAME_DEST, label, &new_path,
+ error = aa_path_perm(OP_RENAME_DEST, current_cred(),
+ label, &new_path,
0, MAY_WRITE | AA_MAY_SETATTR |
AA_MAY_CREATE, &cond);
@@ -467,7 +478,8 @@ static int apparmor_file_open(struct file *file)
vfsuid = i_uid_into_vfsuid(idmap, inode);
cond.uid = vfsuid_into_kuid(vfsuid);
- error = aa_path_perm(OP_OPEN, label, &file->f_path, 0,
+ error = aa_path_perm(OP_OPEN, file->f_cred,
+ label, &file->f_path, 0,
aa_map_file_to_perms(file), &cond);
/* todo cache full allowed permissions set and state */
fctx->allow = aa_map_file_to_perms(file);
@@ -507,7 +519,7 @@ static int common_file_perm(const char *op, struct file *file, u32 mask,
return -EACCES;
label = __begin_current_label_crit_section();
- error = aa_file_perm(op, label, file, mask, in_atomic);
+ error = aa_file_perm(op, current_cred(), label, file, mask, in_atomic);
__end_current_label_crit_section(label);
return error;
@@ -585,17 +597,21 @@ static int apparmor_sb_mount(const char *dev_name, const struct path *path,
label = __begin_current_label_crit_section();
if (!unconfined(label)) {
if (flags & MS_REMOUNT)
- error = aa_remount(label, path, flags, data);
+ error = aa_remount(current_cred(), label, path, flags,
+ data);
else if (flags & MS_BIND)
- error = aa_bind_mount(label, path, dev_name, flags);
+ error = aa_bind_mount(current_cred(), label, path,
+ dev_name, flags);
else if (flags & (MS_SHARED | MS_PRIVATE | MS_SLAVE |
MS_UNBINDABLE))
- error = aa_mount_change_type(label, path, flags);
+ error = aa_mount_change_type(current_cred(), label,
+ path, flags);
else if (flags & MS_MOVE)
- error = aa_move_mount(label, path, dev_name);
+ error = aa_move_mount(current_cred(), label, path,
+ dev_name);
else
- error = aa_new_mount(label, dev_name, path, type,
- flags, data);
+ error = aa_new_mount(current_cred(), label, dev_name,
+ path, type, flags, data);
}
__end_current_label_crit_section(label);
@@ -609,7 +625,7 @@ static int apparmor_sb_umount(struct vfsmount *mnt, int flags)
label = __begin_current_label_crit_section();
if (!unconfined(label))
- error = aa_umount(label, mnt, flags);
+ error = aa_umount(current_cred(), label, mnt, flags);
__end_current_label_crit_section(label);
return error;
@@ -623,7 +639,7 @@ static int apparmor_sb_pivotroot(const struct path *old_path,
label = aa_get_current_label();
if (!unconfined(label))
- error = aa_pivotroot(label, old_path, new_path);
+ error = aa_pivotroot(current_cred(), label, old_path, new_path);
aa_put_label(label);
return error;
@@ -785,7 +801,8 @@ static int apparmor_task_setrlimit(struct task_struct *task,
int error = 0;
if (!unconfined(label))
- error = aa_task_setrlimit(label, task, resource, new_rlim);
+ error = aa_task_setrlimit(current_cred(), label, task,
+ resource, new_rlim);
__end_current_label_crit_section(label);
return error;
@@ -794,26 +811,27 @@ static int apparmor_task_setrlimit(struct task_struct *task,
static int apparmor_task_kill(struct task_struct *target, struct kernel_siginfo *info,
int sig, const struct cred *cred)
{
+ const struct cred *tc;
struct aa_label *cl, *tl;
int error;
+ tc = get_task_cred(target);
+ tl = aa_get_newest_cred_label(tc);
if (cred) {
/*
* Dealing with USB IO specific behavior
*/
cl = aa_get_newest_cred_label(cred);
- tl = aa_get_task_label(target);
- error = aa_may_signal(cl, tl, sig);
+ error = aa_may_signal(cred, cl, tc, tl, sig);
aa_put_label(cl);
- aa_put_label(tl);
return error;
+ } else {
+ cl = __begin_current_label_crit_section();
+ error = aa_may_signal(current_cred(), cl, tc, tl, sig);
+ __end_current_label_crit_section(cl);
}
-
- cl = __begin_current_label_crit_section();
- tl = aa_get_task_label(target);
- error = aa_may_signal(cl, tl, sig);
aa_put_label(tl);
- __end_current_label_crit_section(cl);
+ put_cred(tc);
return error;
}
@@ -879,7 +897,8 @@ static int apparmor_socket_create(int family, int type, int protocol, int kern)
if (!(kern || unconfined(label)))
error = af_select(family,
create_perm(label, family, type, protocol),
- aa_af_perm(label, OP_CREATE, AA_MAY_CREATE,
+ aa_af_perm(current_cred(), label,
+ OP_CREATE, AA_MAY_CREATE,
family, type, protocol));
end_current_label_crit_section(label);
diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c
index 3830bceff9c8b..2bb77aacc49ae 100644
--- a/security/apparmor/mount.c
+++ b/security/apparmor/mount.c
@@ -113,6 +113,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
/**
* audit_mount - handle the auditing of mount operations
+ * @subj_cred: cred of the subject
* @profile: the profile being enforced (NOT NULL)
* @op: operation being mediated (NOT NULL)
* @name: name of object being mediated (MAYBE NULL)
@@ -128,7 +129,8 @@ static void audit_cb(struct audit_buffer *ab, void *va)
*
* Returns: %0 or error on failure
*/
-static int audit_mount(struct aa_profile *profile, const char *op,
+static int audit_mount(const struct cred *subj_cred,
+ struct aa_profile *profile, const char *op,
const char *name, const char *src_name,
const char *type, const char *trans,
unsigned long flags, const void *data, u32 request,
@@ -166,6 +168,7 @@ static int audit_mount(struct aa_profile *profile, const char *op,
return error;
}
+ ad.subj_cred = subj_cred;
ad.name = name;
ad.mnt.src_name = src_name;
ad.mnt.type = type;
@@ -284,6 +287,7 @@ static int path_flags(struct aa_profile *profile, const struct path *path)
/**
* match_mnt_path_str - handle path matching for mount
+ * @subj_cred: cred of confined subject
* @profile: the confining profile
* @mntpath: for the mntpnt (NOT NULL)
* @buffer: buffer to be used to lookup mntpath
@@ -296,7 +300,8 @@ static int path_flags(struct aa_profile *profile, const struct path *path)
*
* Returns: 0 on success else error
*/
-static int match_mnt_path_str(struct aa_profile *profile,
+static int match_mnt_path_str(const struct cred *subj_cred,
+ struct aa_profile *profile,
const struct path *mntpath, char *buffer,
const char *devname, const char *type,
unsigned long flags, void *data, bool binary,
@@ -337,12 +342,14 @@ static int match_mnt_path_str(struct aa_profile *profile,
error = 0;
audit:
- return audit_mount(profile, OP_MOUNT, mntpnt, devname, type, NULL,
+ return audit_mount(subj_cred, profile, OP_MOUNT, mntpnt, devname,
+ type, NULL,
flags, data, AA_MAY_MOUNT, &perms, info, error);
}
/**
* match_mnt - handle path matching for mount
+ * @subj_cred: cred of the subject
* @profile: the confining profile
* @path: for the mntpnt (NOT NULL)
* @buffer: buffer to be used to lookup mntpath
@@ -355,7 +362,8 @@ static int match_mnt_path_str(struct aa_profile *profile,
*
* Returns: 0 on success else error
*/
-static int match_mnt(struct aa_profile *profile, const struct path *path,
+static int match_mnt(const struct cred *subj_cred,
+ struct aa_profile *profile, const struct path *path,
char *buffer, const struct path *devpath, char *devbuffer,
const char *type, unsigned long flags, void *data,
bool binary)
@@ -379,11 +387,12 @@ static int match_mnt(struct aa_profile *profile, const struct path *path,
devname = ERR_PTR(error);
}
- return match_mnt_path_str(profile, path, buffer, devname, type, flags,
- data, binary, info);
+ return match_mnt_path_str(subj_cred, profile, path, buffer, devname,
+ type, flags, data, binary, info);
}
-int aa_remount(struct aa_label *label, const struct path *path,
+int aa_remount(const struct cred *subj_cred,
+ struct aa_label *label, const struct path *path,
unsigned long flags, void *data)
{
struct aa_profile *profile;
@@ -400,14 +409,16 @@ int aa_remount(struct aa_label *label, const struct path *path,
if (!buffer)
return -ENOMEM;
error = fn_for_each_confined(label, profile,
- match_mnt(profile, path, buffer, NULL, NULL, NULL,
+ match_mnt(subj_cred, profile, path, buffer, NULL,
+ NULL, NULL,
flags, data, binary));
aa_put_buffer(buffer);
return error;
}
-int aa_bind_mount(struct aa_label *label, const struct path *path,
+int aa_bind_mount(const struct cred *subj_cred,
+ struct aa_label *label, const struct path *path,
const char *dev_name, unsigned long flags)
{
struct aa_profile *profile;
@@ -434,8 +445,8 @@ int aa_bind_mount(struct aa_label *label, const struct path *path,
goto out;
error = fn_for_each_confined(label, profile,
- match_mnt(profile, path, buffer, &old_path, old_buffer,
- NULL, flags, NULL, false));
+ match_mnt(subj_cred, profile, path, buffer, &old_path,
+ old_buffer, NULL, flags, NULL, false));
out:
aa_put_buffer(buffer);
aa_put_buffer(old_buffer);
@@ -444,7 +455,8 @@ int aa_bind_mount(struct aa_label *label, const struct path *path,
return error;
}
-int aa_mount_change_type(struct aa_label *label, const struct path *path,
+int aa_mount_change_type(const struct cred *subj_cred,
+ struct aa_label *label, const struct path *path,
unsigned long flags)
{
struct aa_profile *profile;
@@ -462,14 +474,16 @@ int aa_mount_change_type(struct aa_label *label, const struct path *path,
if (!buffer)
return -ENOMEM;
error = fn_for_each_confined(label, profile,
- match_mnt(profile, path, buffer, NULL, NULL, NULL,
+ match_mnt(subj_cred, profile, path, buffer, NULL,
+ NULL, NULL,
flags, NULL, false));
aa_put_buffer(buffer);
return error;
}
-int aa_move_mount(struct aa_label *label, const struct path *path,
+int aa_move_mount(const struct cred *subj_cred,
+ struct aa_label *label, const struct path *path,
const char *orig_name)
{
struct aa_profile *profile;
@@ -493,7 +507,8 @@ int aa_move_mount(struct aa_label *label, const struct path *path,
if (!buffer || !old_buffer)
goto out;
error = fn_for_each_confined(label, profile,
- match_mnt(profile, path, buffer, &old_path, old_buffer,
+ match_mnt(subj_cred, profile, path, buffer, &old_path,
+ old_buffer,
NULL, MS_MOVE, NULL, false));
out:
aa_put_buffer(buffer);
@@ -503,9 +518,9 @@ int aa_move_mount(struct aa_label *label, const struct path *path,
return error;
}
-int aa_new_mount(struct aa_label *label, const char *dev_name,
- const struct path *path, const char *type, unsigned long flags,
- void *data)
+int aa_new_mount(const struct cred *subj_cred, struct aa_label *label,
+ const char *dev_name, const struct path *path,
+ const char *type, unsigned long flags, void *data)
{
struct aa_profile *profile;
char *buffer = NULL, *dev_buffer = NULL;
@@ -550,12 +565,14 @@ int aa_new_mount(struct aa_label *label, const char *dev_name,
goto out;
}
error = fn_for_each_confined(label, profile,
- match_mnt(profile, path, buffer, dev_path, dev_buffer,
+ match_mnt(subj_cred, profile, path, buffer,
+ dev_path, dev_buffer,
type, flags, data, binary));
} else {
error = fn_for_each_confined(label, profile,
- match_mnt_path_str(profile, path, buffer, dev_name,
- type, flags, data, binary, NULL));
+ match_mnt_path_str(subj_cred, profile, path,
+ buffer, dev_name,
+ type, flags, data, binary, NULL));
}
out:
@@ -567,7 +584,8 @@ int aa_new_mount(struct aa_label *label, const char *dev_name,
return error;
}
-static int profile_umount(struct aa_profile *profile, const struct path *path,
+static int profile_umount(const struct cred *subj_cred,
+ struct aa_profile *profile, const struct path *path,
char *buffer)
{
struct aa_ruleset *rules = list_first_entry(&profile->rules,
@@ -596,11 +614,13 @@ static int profile_umount(struct aa_profile *profile, const struct path *path,
error = -EACCES;
audit:
- return audit_mount(profile, OP_UMOUNT, name, NULL, NULL, NULL, 0, NULL,
+ return audit_mount(subj_cred, profile, OP_UMOUNT, name, NULL, NULL,
+ NULL, 0, NULL,
AA_MAY_UMOUNT, &perms, info, error);
}
-int aa_umount(struct aa_label *label, struct vfsmount *mnt, int flags)
+int aa_umount(const struct cred *subj_cred, struct aa_label *label,
+ struct vfsmount *mnt, int flags)
{
struct aa_profile *profile;
char *buffer = NULL;
@@ -615,7 +635,7 @@ int aa_umount(struct aa_label *label, struct vfsmount *mnt, int flags)
return -ENOMEM;
error = fn_for_each_confined(label, profile,
- profile_umount(profile, &path, buffer));
+ profile_umount(subj_cred, profile, &path, buffer));
aa_put_buffer(buffer);
return error;
@@ -625,7 +645,8 @@ int aa_umount(struct aa_label *label, struct vfsmount *mnt, int flags)
*
* Returns: label for transition or ERR_PTR. Does not return NULL
*/
-static struct aa_label *build_pivotroot(struct aa_profile *profile,
+static struct aa_label *build_pivotroot(const struct cred *subj_cred,
+ struct aa_profile *profile,
const struct path *new_path,
char *new_buffer,
const struct path *old_path,
@@ -670,7 +691,8 @@ static struct aa_label *build_pivotroot(struct aa_profile *profile,
error = 0;
audit:
- error = audit_mount(profile, OP_PIVOTROOT, new_name, old_name,
+ error = audit_mount(subj_cred, profile, OP_PIVOTROOT, new_name,
+ old_name,
NULL, trans_name, 0, NULL, AA_MAY_PIVOTROOT,
&perms, info, error);
if (error)
@@ -679,7 +701,8 @@ static struct aa_label *build_pivotroot(struct aa_profile *profile,
return aa_get_newest_label(&profile->label);
}
-int aa_pivotroot(struct aa_label *label, const struct path *old_path,
+int aa_pivotroot(const struct cred *subj_cred, struct aa_label *label,
+ const struct path *old_path,
const struct path *new_path)
{
struct aa_profile *profile;
@@ -697,7 +720,8 @@ int aa_pivotroot(struct aa_label *label, const struct path *old_path,
if (!old_buffer || !new_buffer)
goto out;
target = fn_label_build(label, profile, GFP_KERNEL,
- build_pivotroot(profile, new_path, new_buffer,
+ build_pivotroot(subj_cred, profile, new_path,
+ new_buffer,
old_path, old_buffer));
if (!target) {
info = "label build failed";
@@ -723,7 +747,8 @@ int aa_pivotroot(struct aa_label *label, const struct path *old_path,
fail:
/* TODO: add back in auditing of new_name and old_name */
error = fn_for_each(label, profile,
- audit_mount(profile, OP_PIVOTROOT, NULL /*new_name */,
+ audit_mount(subj_cred, profile, OP_PIVOTROOT,
+ NULL /*new_name */,
NULL /* old_name */,
NULL, NULL,
0, NULL, AA_MAY_PIVOTROOT, &nullperms, info,
diff --git a/security/apparmor/net.c b/security/apparmor/net.c
index 5e50f80e35db0..704c171232ab4 100644
--- a/security/apparmor/net.c
+++ b/security/apparmor/net.c
@@ -135,8 +135,8 @@ int aa_profile_af_perm(struct aa_profile *profile,
return aa_check_perms(profile, &perms, request, ad, audit_net_cb);
}
-int aa_af_perm(struct aa_label *label, const char *op, u32 request, u16 family,
- int type, int protocol)
+int aa_af_perm(const struct cred *subj_cred, struct aa_label *label,
+ const char *op, u32 request, u16 family, int type, int protocol)
{
struct aa_profile *profile;
DEFINE_AUDIT_NET(ad, op, NULL, family, type, protocol);
@@ -146,7 +146,9 @@ int aa_af_perm(struct aa_label *label, const char *op, u32 request, u16 family,
type));
}
-static int aa_label_sk_perm(struct aa_label *label, const char *op, u32 request,
+static int aa_label_sk_perm(const struct cred *subj_cred,
+ struct aa_label *label,
+ const char *op, u32 request,
struct sock *sk)
{
struct aa_sk_ctx *ctx = SK_CTX(sk);
@@ -159,6 +161,7 @@ static int aa_label_sk_perm(struct aa_label *label, const char *op, u32 request,
struct aa_profile *profile;
DEFINE_AUDIT_SK(ad, op, sk);
+ ad.subj_cred = subj_cred;
error = fn_for_each_confined(label, profile,
aa_profile_af_sk_perm(profile, &ad, request, sk));
}
@@ -176,21 +179,21 @@ int aa_sk_perm(const char *op, u32 request, struct sock *sk)
/* TODO: switch to begin_current_label ???? */
label = begin_current_label_crit_section();
- error = aa_label_sk_perm(label, op, request, sk);
+ error = aa_label_sk_perm(current_cred(), label, op, request, sk);
end_current_label_crit_section(label);
return error;
}
-int aa_sock_file_perm(struct aa_label *label, const char *op, u32 request,
- struct socket *sock)
+int aa_sock_file_perm(const struct cred *subj_cred, struct aa_label *label,
+ const char *op, u32 request, struct socket *sock)
{
AA_BUG(!label);
AA_BUG(!sock);
AA_BUG(!sock->sk);
- return aa_label_sk_perm(label, op, request, sock->sk);
+ return aa_label_sk_perm(subj_cred, label, op, request, sock->sk);
}
#ifdef CONFIG_NETWORK_SECMARK
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index e5f1ef83b0fda..8a07793ce1032 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -762,21 +762,23 @@ static int audit_policy(struct aa_label *subj_label, const char *op,
/* don't call out to other LSMs in the stack for apparmor policy admin
* permissions
*/
-static int policy_ns_capable(struct aa_label *label,
+static int policy_ns_capable(const struct cred *subj_cred,
+ struct aa_label *label,
struct user_namespace *userns, int cap)
{
int err;
/* check for MAC_ADMIN cap in cred */
- err = cap_capable(current_cred(), userns, cap, CAP_OPT_NONE);
+ err = cap_capable(subj_cred, userns, cap, CAP_OPT_NONE);
if (!err)
- err = aa_capable(label, cap, CAP_OPT_NONE);
+ err = aa_capable(subj_cred, label, cap, CAP_OPT_NONE);
return err;
}
/**
* aa_policy_view_capable - check if viewing policy in at @ns is allowed
+ * @subj_cred: cred of subject
* @label: label that is trying to view policy in ns
* @ns: namespace being viewed by @label (may be NULL if @label's ns)
*
@@ -785,9 +787,10 @@ static int policy_ns_capable(struct aa_label *label,
* If @ns is NULL then the namespace being viewed is assumed to be the
* tasks current namespace.
*/
-bool aa_policy_view_capable(struct aa_label *label, struct aa_ns *ns)
+bool aa_policy_view_capable(const struct cred *subj_cred,
+ struct aa_label *label, struct aa_ns *ns)
{
- struct user_namespace *user_ns = current_user_ns();
+ struct user_namespace *user_ns = subj_cred->user_ns;
struct aa_ns *view_ns = labels_view(label);
bool root_in_user_ns = uid_eq(current_euid(), make_kuid(user_ns, 0)) ||
in_egroup_p(make_kgid(user_ns, 0));
@@ -804,15 +807,17 @@ bool aa_policy_view_capable(struct aa_label *label, struct aa_ns *ns)
return response;
}
-bool aa_policy_admin_capable(struct aa_label *label, struct aa_ns *ns)
+bool aa_policy_admin_capable(const struct cred *subj_cred,
+ struct aa_label *label, struct aa_ns *ns)
{
- struct user_namespace *user_ns = current_user_ns();
- bool capable = policy_ns_capable(label, user_ns, CAP_MAC_ADMIN) == 0;
+ struct user_namespace *user_ns = subj_cred->user_ns;
+ bool capable = policy_ns_capable(subj_cred, label, user_ns,
+ CAP_MAC_ADMIN) == 0;
AA_DEBUG("cap_mac_admin? %d\n", capable);
AA_DEBUG("policy locked? %d\n", aa_g_lock_policy);
- return aa_policy_view_capable(label, ns) && capable &&
+ return aa_policy_view_capable(subj_cred, label, ns) && capable &&
!aa_g_lock_policy;
}
@@ -822,7 +827,7 @@ bool aa_current_policy_view_capable(struct aa_ns *ns)
bool res;
label = __begin_current_label_crit_section();
- res = aa_policy_view_capable(label, ns);
+ res = aa_policy_view_capable(current_cred(), label, ns);
__end_current_label_crit_section(label);
return res;
@@ -834,7 +839,7 @@ bool aa_current_policy_admin_capable(struct aa_ns *ns)
bool res;
label = __begin_current_label_crit_section();
- res = aa_policy_admin_capable(label, ns);
+ res = aa_policy_admin_capable(current_cred(), label, ns);
__end_current_label_crit_section(label);
return res;
@@ -842,13 +847,15 @@ bool aa_current_policy_admin_capable(struct aa_ns *ns)
/**
* aa_may_manage_policy - can the current task manage policy
+ * @subj_cred; subjects cred
* @label: label to check if it can manage policy
* @ns: namespace being managed by @label (may be NULL if @label's ns)
* @mask: contains the policy manipulation operation being done
*
* Returns: 0 if the task is allowed to manipulate policy else error
*/
-int aa_may_manage_policy(struct aa_label *label, struct aa_ns *ns, u32 mask)
+int aa_may_manage_policy(const struct cred *subj_cred, struct aa_label *label,
+ struct aa_ns *ns, u32 mask)
{
const char *op;
@@ -864,7 +871,7 @@ int aa_may_manage_policy(struct aa_label *label, struct aa_ns *ns, u32 mask)
return audit_policy(label, op, NULL, NULL, "policy_locked",
-EACCES);
- if (!aa_policy_admin_capable(label, ns))
+ if (!aa_policy_admin_capable(subj_cred, label, ns))
return audit_policy(label, op, NULL, NULL, "not policy admin",
-EACCES);
diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c
index 73ba26c646a5e..dcc94c3153d51 100644
--- a/security/apparmor/resource.c
+++ b/security/apparmor/resource.c
@@ -43,6 +43,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
/**
* audit_resource - audit setting resource limit
+ * @subj_cred: cred setting the resource
* @profile: profile being enforced (NOT NULL)
* @resource: rlimit being auditing
* @value: value being set
@@ -52,13 +53,15 @@ static void audit_cb(struct audit_buffer *ab, void *va)
*
* Returns: 0 or ad->error else other error code on failure
*/
-static int audit_resource(struct aa_profile *profile, unsigned int resource,
+static int audit_resource(const struct cred *subj_cred,
+ struct aa_profile *profile, unsigned int resource,
unsigned long value, struct aa_label *peer,
const char *info, int error)
{
DEFINE_AUDIT_DATA(ad, LSM_AUDIT_DATA_NONE, AA_CLASS_RLIMITS,
OP_SETRLIMIT);
+ ad.subj_cred = subj_cred;
ad.rlim.rlim = resource;
ad.rlim.max = value;
ad.peer = peer;
@@ -82,7 +85,8 @@ int aa_map_resource(int resource)
return rlim_map[resource];
}
-static int profile_setrlimit(struct aa_profile *profile, unsigned int resource,
+static int profile_setrlimit(const struct cred *subj_cred,
+ struct aa_profile *profile, unsigned int resource,
struct rlimit *new_rlim)
{
struct aa_ruleset *rules = list_first_entry(&profile->rules,
@@ -92,12 +96,13 @@ static int profile_setrlimit(struct aa_profile *profile, unsigned int resource,
if (rules->rlimits.mask & (1 << resource) && new_rlim->rlim_max >
rules->rlimits.limits[resource].rlim_max)
e = -EACCES;
- return audit_resource(profile, resource, new_rlim->rlim_max, NULL, NULL,
- e);
+ return audit_resource(subj_cred, profile, resource, new_rlim->rlim_max,
+ NULL, NULL, e);
}
/**
* aa_task_setrlimit - test permission to set an rlimit
+ * @subj_cred: cred setting the limit
* @label: label confining the task (NOT NULL)
* @task: task the resource is being set on
* @resource: the resource being set
@@ -107,7 +112,8 @@ static int profile_setrlimit(struct aa_profile *profile, unsigned int resource,
*
* Returns: 0 or error code if setting resource failed
*/
-int aa_task_setrlimit(struct aa_label *label, struct task_struct *task,
+int aa_task_setrlimit(const struct cred *subj_cred, struct aa_label *label,
+ struct task_struct *task,
unsigned int resource, struct rlimit *new_rlim)
{
struct aa_profile *profile;
@@ -126,14 +132,15 @@ int aa_task_setrlimit(struct aa_label *label, struct task_struct *task,
*/
if (label != peer &&
- aa_capable(label, CAP_SYS_RESOURCE, CAP_OPT_NOAUDIT) != 0)
+ aa_capable(subj_cred, label, CAP_SYS_RESOURCE, CAP_OPT_NOAUDIT) != 0)
error = fn_for_each(label, profile,
- audit_resource(profile, resource,
+ audit_resource(subj_cred, profile, resource,
new_rlim->rlim_max, peer,
"cap_sys_resource", -EACCES));
else
error = fn_for_each_confined(label, profile,
- profile_setrlimit(profile, resource, new_rlim));
+ profile_setrlimit(subj_cred, profile, resource,
+ new_rlim));
aa_put_label(peer);
return error;
diff --git a/security/apparmor/task.c b/security/apparmor/task.c
index 79850e8321420..0d7af707cccdd 100644
--- a/security/apparmor/task.c
+++ b/security/apparmor/task.c
@@ -226,14 +226,16 @@ static void audit_ptrace_cb(struct audit_buffer *ab, void *va)
/* assumes check for RULE_MEDIATES is already done */
/* TODO: conditionals */
-static int profile_ptrace_perm(struct aa_profile *profile,
- struct aa_label *peer, u32 request,
- struct apparmor_audit_data *ad)
+static int profile_ptrace_perm(const struct cred *cred,
+ struct aa_profile *profile,
+ struct aa_label *peer, u32 request,
+ struct apparmor_audit_data *ad)
{
struct aa_ruleset *rules = list_first_entry(&profile->rules,
typeof(*rules), list);
struct aa_perms perms = { };
+ ad->subj_cred = cred;
ad->peer = peer;
aa_profile_match_label(profile, rules, peer, AA_CLASS_PTRACE, request,
&perms);
@@ -241,7 +243,8 @@ static int profile_ptrace_perm(struct aa_profile *profile,
return aa_check_perms(profile, &perms, request, ad, audit_ptrace_cb);
}
-static int profile_tracee_perm(struct aa_profile *tracee,
+static int profile_tracee_perm(const struct cred *cred,
+ struct aa_profile *tracee,
struct aa_label *tracer, u32 request,
struct apparmor_audit_data *ad)
{
@@ -249,10 +252,11 @@ static int profile_tracee_perm(struct aa_profile *tracee,
!ANY_RULE_MEDIATES(&tracee->rules, AA_CLASS_PTRACE))
return 0;
- return profile_ptrace_perm(tracee, tracer, request, ad);
+ return profile_ptrace_perm(cred, tracee, tracer, request, ad);
}
-static int profile_tracer_perm(struct aa_profile *tracer,
+static int profile_tracer_perm(const struct cred *cred,
+ struct aa_profile *tracer,
struct aa_label *tracee, u32 request,
struct apparmor_audit_data *ad)
{
@@ -260,7 +264,7 @@ static int profile_tracer_perm(struct aa_profile *tracer,
return 0;
if (ANY_RULE_MEDIATES(&tracer->rules, AA_CLASS_PTRACE))
- return profile_ptrace_perm(tracer, tracee, request, ad);
+ return profile_ptrace_perm(cred, tracer, tracee, request, ad);
/* profile uses the old style capability check for ptrace */
if (&tracer->label == tracee)
@@ -269,8 +273,8 @@ static int profile_tracer_perm(struct aa_profile *tracer,
ad->subj_label = &tracer->label;
ad->peer = tracee;
ad->request = 0;
- ad->error = aa_capable(&tracer->label, CAP_SYS_PTRACE,
- CAP_OPT_NONE);
+ ad->error = aa_capable(cred, &tracer->label, CAP_SYS_PTRACE,
+ CAP_OPT_NONE);
return aa_audit(AUDIT_APPARMOR_AUTO, tracer, ad, audit_ptrace_cb);
}
@@ -283,7 +287,8 @@ static int profile_tracer_perm(struct aa_profile *tracer,
*
* Returns: %0 else error code if permission denied or error
*/
-int aa_may_ptrace(struct aa_label *tracer, struct aa_label *tracee,
+int aa_may_ptrace(const struct cred *tracer_cred, struct aa_label *tracer,
+ const struct cred *tracee_cred, struct aa_label *tracee,
u32 request)
{
struct aa_profile *profile;
@@ -291,6 +296,8 @@ int aa_may_ptrace(struct aa_label *tracer, struct aa_label *tracee,
DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_NONE, AA_CLASS_PTRACE, OP_PTRACE);
return xcheck_labels(tracer, tracee, profile,
- profile_tracer_perm(profile, tracee, request, &sa),
- profile_tracee_perm(profile, tracer, xrequest, &sa));
+ profile_tracer_perm(tracer_cred, profile, tracee,
+ request, &sa),
+ profile_tracee_perm(tracee_cred, profile, tracer,
+ xrequest, &sa));
}
--
2.42.0
next prev parent reply other threads:[~2023-11-24 18:21 UTC|newest]
Thread overview: 550+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-24 17:42 [PATCH 6.6 000/530] 6.6.3-rc1 review Greg Kroah-Hartman
2023-11-24 17:42 ` [PATCH 6.6 001/530] locking/ww_mutex/test: Fix potential workqueue corruption Greg Kroah-Hartman
2023-11-24 17:42 ` [PATCH 6.6 002/530] btrfs: abort transaction on generation mismatch when marking eb as dirty Greg Kroah-Hartman
2023-11-24 17:42 ` [PATCH 6.6 003/530] lib/generic-radix-tree.c: Dont overflow in peek() Greg Kroah-Hartman
2023-11-24 17:42 ` [PATCH 6.6 004/530] x86/retpoline: Make sure there are no unconverted return thunks due to KCSAN Greg Kroah-Hartman
2023-11-24 17:42 ` [PATCH 6.6 005/530] perf/core: Bail out early if the request AUX area is out of bound Greg Kroah-Hartman
2023-11-24 17:42 ` [PATCH 6.6 006/530] rcu: Dump memory object info if callback function is invalid Greg Kroah-Hartman
2023-11-24 17:42 ` [PATCH 6.6 007/530] srcu: Fix srcu_struct node grpmask overflow on 64-bit systems Greg Kroah-Hartman
2023-11-24 17:42 ` [PATCH 6.6 008/530] selftests/lkdtm: Disable CONFIG_UBSAN_TRAP in test config Greg Kroah-Hartman
2023-11-24 17:42 ` [PATCH 6.6 009/530] clocksource/drivers/timer-imx-gpt: Fix potential memory leak Greg Kroah-Hartman
2023-11-24 17:42 ` [PATCH 6.6 010/530] clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware Greg Kroah-Hartman
2023-11-24 17:42 ` [PATCH 6.6 011/530] srcu: Only accelerate on enqueue time Greg Kroah-Hartman
2023-11-24 17:42 ` [PATCH 6.6 012/530] smp,csd: Throw an error if a CSD lock is stuck for too long Greg Kroah-Hartman
2023-11-24 17:42 ` [PATCH 6.6 013/530] cpu/hotplug: Dont offline the last non-isolated CPU Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 014/530] workqueue: Provide one lock class key per work_on_cpu() callsite Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 015/530] x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 016/530] wifi: plfxlc: fix clang-specific fortify warning Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 017/530] wifi: ath12k: Ignore fragments from uninitialized peer in dp Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 018/530] wifi: mac80211_hwsim: fix clang-specific fortify warning Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 019/530] wifi: mac80211: dont return unset power in ieee80211_get_tx_power() Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 020/530] atl1c: Work around the DMA RX overflow issue Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 021/530] bpf: Detect IP == ksym.end as part of BPF program Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 022/530] wifi: ath9k: fix clang-specific fortify warnings Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 023/530] wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats() Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 024/530] wifi: ath10k: fix clang-specific fortify warning Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 025/530] wifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps() Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 026/530] ACPI: APEI: Fix AER info corruption when error status data has multiple sections Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 027/530] net: sfp: add quirk for Fiberstone GPON-ONU-34-20BI Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 028/530] wifi: mt76: mt7921e: Support MT7992 IP in Xiaomi Redmibook 15 Pro (2023) Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 029/530] wifi: mt76: fix clang-specific fortify warnings Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 030/530] net: annotate data-races around sk->sk_tx_queue_mapping Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 031/530] net: annotate data-races around sk->sk_dst_pending_confirm Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 032/530] wifi: ath12k: mhi: fix potential memory leak in ath12k_mhi_register() Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 033/530] wifi: ath10k: Dont touch the CE interrupt registers after power up Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 034/530] net: sfp: add quirk for FSs 2.5G copper SFP Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 035/530] vsock: read from sockets error queue Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 036/530] bpf: Ensure proper register state printing for cond jumps Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 037/530] wifi: iwlwifi: mvm: fix size check for fw_link_id Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 038/530] Bluetooth: btusb: Add date->evt_skb is NULL check Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 039/530] Bluetooth: Fix double free in hci_conn_cleanup Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 040/530] ACPI: EC: Add quirk for HP 250 G7 Notebook PC Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 041/530] tsnep: Fix tsnep_request_irq() format-overflow warning Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 042/530] gpiolib: acpi: Add a ignore interrupt quirk for Peaq C1010 Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 043/530] platform/chrome: kunit: initialize lock for fake ec_dev Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 044/530] of: address: Fix address translation when address-size is greater than 2 Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 045/530] platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 046/530] drm/gma500: Fix call trace when psb_gem_mm_init() fails Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 047/530] drm/amdkfd: ratelimited SQ interrupt messages Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 048/530] drm/komeda: drop all currently held locks if deadlock happens Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 049/530] drm/amd/display: Blank phantom OTG before enabling Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 050/530] drm/amd/display: Dont lock phantom pipe on disabling Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 051/530] drm/amd/display: add seamless pipe topology transition check Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 052/530] drm/edid: Fixup h/vsync_end instead of h/vtotal Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 053/530] md: dont rely on mddev->pers to be set in mddev_suspend() Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 054/530] drm/amdgpu: not to save bo in the case of RAS err_event_athub Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 055/530] drm/amdkfd: Fix a race condition of vram buffer unref in svm code Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 056/530] drm/amdgpu: update retry times for psp vmbx wait Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 057/530] drm/amd: Update `update_pcie_parameters` functions to use uint8_t arguments Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 058/530] drm/amd/display: use full update for clip size increase of large plane source Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 059/530] string.h: add array-wrappers for (v)memdup_user() Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 060/530] kernel: kexec: copy user-array safely Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 061/530] kernel: watch_queue: " Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 062/530] drm_lease.c: " Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 063/530] drm: vmwgfx_surface.c: " Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 064/530] drm/msm/dp: skip validity check for DP CTS EDID checksum Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 065/530] drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 066/530] drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 067/530] drm/amdgpu: Fix potential null pointer derefernce Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 068/530] drm/panel: fix a possible null pointer dereference Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 069/530] drm/panel/panel-tpo-tpg110: " Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 070/530] drm/radeon: " Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 071/530] drm/amdgpu/vkms: " Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 072/530] drm/panel: st7703: Pick different reset sequence Greg Kroah-Hartman
2023-11-24 17:43 ` [PATCH 6.6 073/530] drm/amdkfd: Fix shift out-of-bounds issue Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 074/530] drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 075/530] drm/amd: Disable PP_PCIE_DPM_MASK when dynamic speed switching not supported Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 076/530] drm/amd/display: fix num_ways overflow error Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 077/530] drm/amd: check num of link levels when update pcie param Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 078/530] soc: qcom: pmic: Fix resource leaks in a device_for_each_child_node() loop Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 079/530] arm64: dts: rockchip: Add NanoPC T6 PCIe e-key support Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 080/530] arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 081/530] selftests/efivarfs: create-read: fix a resource leak Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 082/530] ASoC: mediatek: mt8188-mt6359: support dynamic pinctrl Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 083/530] ASoC: soc-card: Add storage for PCI SSID Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 084/530] ASoC: SOF: Pass PCI SSID to machine driver Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 085/530] ASoC: Intel: sof_sdw: Copy PCI SSID to struct snd_soc_card Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 086/530] ASoC: cs35l56: Use PCI SSID as the firmware UID Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 087/530] crypto: pcrypt - Fix hungtask for PADATA_RESET Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 088/530] ALSA: scarlett2: Move USB IDs out from device_info struct Greg Kroah-Hartman
2023-11-25 7:16 ` Takashi Iwai
2023-11-25 15:21 ` Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 089/530] ASoC: SOF: ipc4: handle EXCEPTION_CAUGHT notification from firmware Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 090/530] RDMA/hfi1: Use FIELD_GET() to extract Link Width Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 091/530] scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 092/530] scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 093/530] fs/jfs: Add check for negative db_l2nbperpage Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 094/530] fs/jfs: Add validity check for db_maxag and db_agpref Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 095/530] jfs: fix array-index-out-of-bounds in dbFindLeaf Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 096/530] jfs: fix array-index-out-of-bounds in diAlloc Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 097/530] HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround Greg Kroah-Hartman
2023-12-22 14:15 ` Uli v. d. Ohe
2023-12-22 14:31 ` Greg KH
2023-12-22 15:34 ` Uli v. d. Ohe
2023-11-24 17:44 ` [PATCH 6.6 098/530] ARM: 9320/1: fix stack depot IRQ stack filter Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 099/530] ALSA: hda: Fix possible null-ptr-deref when assigning a stream Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 100/530] gpiolib: of: Add quirk for mt2701-cs42448 ASoC sound Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 101/530] PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 102/530] PCI: mvebu: Use FIELD_PREP() with Link Width Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 103/530] atm: iphase: Do PCI error checks on own line Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 104/530] PCI: Do error check on own line to split long "if" conditions Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 105/530] scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 106/530] PCI: Use FIELD_GET() to extract Link Width Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 107/530] PCI: Extract ATS disabling to a helper function Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 108/530] PCI: Disable ATS for specific Intel IPU E2000 devices Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 109/530] PCI: dwc: Add dw_pcie_link_set_max_link_width() Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 110/530] PCI: dwc: Add missing PCI_EXP_LNKCAP_MLW handling Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 111/530] misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 112/530] PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 113/530] ASoC: Intel: soc-acpi-cht: Add Lenovo Yoga Tab 3 Pro YT3-X90 quirk Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 114/530] crypto: hisilicon/qm - prevent soft lockup in receive loop Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 115/530] HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 116/530] exfat: support handle zero-size directory Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 117/530] mfd: intel-lpss: Add Intel Lunar Lake-M PCI IDs Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 118/530] iio: adc: stm32-adc: harden against NULL pointer deref in stm32_adc_probe() Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 119/530] thunderbolt: Apply USB 3.x bandwidth quirk only in software connection manager Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 120/530] tty: vcc: Add check for kstrdup() in vcc_probe() Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 121/530] dt-bindings: phy: qcom,snps-eusb2-repeater: Add magic tuning overrides Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 122/530] phy: qualcomm: phy-qcom-eusb2-repeater: Use regmap_fields Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 123/530] phy: qualcomm: phy-qcom-eusb2-repeater: Zero out untouched tuning regs Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 124/530] usb: dwc3: core: configure TX/RX threshold for DWC3_IP Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 125/530] usb: ucsi: glink: use the connector orientation GPIO to provide switch events Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 126/530] soundwire: dmi-quirks: update HP Omen match Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 127/530] f2fs: fix error path of __f2fs_build_free_nids Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 128/530] f2fs: fix error handling of __get_node_page Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 129/530] usb: host: xhci: Avoid XHCI resume delay if SSUSB device is not present Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 130/530] usb: gadget: f_ncm: Always set current gadget in ncm_bind() Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 131/530] 9p/trans_fd: Annotate data-racy writes to file::f_flags Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 132/530] 9p: v9fs_listxattr: fix %s null argument warning Greg Kroah-Hartman
2023-11-24 17:44 ` [PATCH 6.6 133/530] i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 134/530] i2c: i801: Add support for Intel Birch Stream SoC Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 135/530] i2c: fix memleak in i2c_new_client_device() Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 136/530] i2c: sun6i-p2wi: Prevent potential division by zero Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 137/530] virtio-blk: fix implicit overflow on virtio_max_dma_size Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 138/530] i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 139/530] media: gspca: cpia1: shift-out-of-bounds in set_flicker Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 140/530] media: vivid: avoid integer overflow Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 141/530] media: ipu-bridge: increase sensor_name size Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 142/530] gfs2: ignore negated quota changes Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 143/530] gfs2: fix an oops in gfs2_permission Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 144/530] media: cobalt: Use FIELD_GET() to extract Link Width Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 145/530] media: ccs: Fix driver quirk struct documentation Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 146/530] media: imon: fix access to invalid resource for the second interface Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 147/530] drm/amd/display: Avoid NULL dereference of timing generator Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 148/530] gfs2: Fix slab-use-after-free in gfs2_qd_dealloc Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 149/530] kgdb: Flush console before entering kgdb on panic Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 150/530] riscv: VMAP_STACK overflow detection thread-safe Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 151/530] i2c: dev: copy userspace array safely Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 152/530] ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 153/530] drm/qxl: prevent memory leak Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 154/530] ALSA: hda/realtek: Add quirk for ASUS UX7602ZM Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 155/530] drm/amdgpu: fix software pci_unplug on some chips Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 156/530] pwm: Fix double shift bug Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 157/530] mtd: rawnand: tegra: add missing check for platform_get_irq() Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 158/530] wifi: iwlwifi: Use FW rate for non-data frames Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 159/530] sched/core: Optimize in_task() and in_interrupt() a bit Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 160/530] samples/bpf: syscall_tp_user: Rename num_progs into nr_tests Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 161/530] samples/bpf: syscall_tp_user: Fix array out-of-bound access Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 162/530] dt-bindings: serial: fix regex pattern for matching serial node children Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 163/530] SUNRPC: ECONNRESET might require a rebind Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 164/530] mtd: rawnand: intel: check return value of devm_kasprintf() Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 165/530] mtd: rawnand: meson: " Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 166/530] drm/i915/mtl: avoid stringop-overflow warning Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 167/530] NFSv4.1: fix handling NFS4ERR_DELAY when testing for session trunking Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 168/530] SUNRPC: Add an IS_ERR() check back to where it was Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 169/530] NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 170/530] SUNRPC: Fix RPC client cleaned up the freed pipefs dentries Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 171/530] RISC-V: hwprobe: Fix vDSO SIGSEGV Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 172/530] riscv: provide riscv-specific is_trap_insn() Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 173/530] gfs2: Silence "suspicious RCU usage in gfs2_permission" warning Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 174/530] drm/i915/tc: Fix -Wformat-truncation in intel_tc_port_init Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 175/530] riscv: split cache ops out of dma-noncoherent.c Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 176/530] vdpa_sim_blk: allocate the buffer zeroed Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 177/530] vhost-vdpa: fix use after free in vhost_vdpa_probe() Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 178/530] gcc-plugins: randstruct: Only warn about true flexible arrays Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 179/530] bpf: handle ldimm64 properly in check_cfg() Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 180/530] bpf: fix precision backtracking instruction iteration Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 181/530] bpf: fix control-flow graph checking in privileged mode Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 182/530] net: set SOCK_RCU_FREE before inserting socket into hashtable Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 183/530] ipvlan: add ipvlan_route_v6_outbound() helper Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 184/530] tty: Fix uninit-value access in ppp_sync_receive() Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 185/530] net: ti: icssg-prueth: Add missing icss_iep_put to error path Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 186/530] net: ti: icssg-prueth: Fix error cleanup on failing pruss_request_mem_region Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 187/530] xen/events: avoid using info_for_irq() in xen_send_IPI_one() Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 188/530] net: hns3: fix add VLAN fail issue Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 189/530] net: hns3: add barrier in vf mailbox reply process Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 190/530] net: hns3: fix incorrect capability bit display for copper port Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 191/530] net: hns3: fix out-of-bounds access may occur when coalesce info is read via debugfs Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 192/530] net: hns3: fix variable may not initialized problem in hns3_init_mac_addr() Greg Kroah-Hartman
2023-11-24 17:45 ` [PATCH 6.6 193/530] net: hns3: fix VF reset fail issue Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 194/530] net: hns3: fix VF wrong speed and duplex issue Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 195/530] tipc: Fix kernel-infoleak due to uninitialized TLV value Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 196/530] net: mvneta: fix calls to page_pool_get_stats Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 197/530] ppp: limit MRU to 64K Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 198/530] xen/events: fix delayed eoi list handling Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 199/530] blk-mq: make sure active queue usage is held for bio_integrity_prep() Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 200/530] ptp: annotate data-race around q->head and q->tail Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 201/530] bonding: stop the device in bond_setup_by_slave() Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 202/530] net: ethernet: cortina: Fix max RX frame define Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 203/530] net: ethernet: cortina: Handle large frames Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 204/530] net: ethernet: cortina: Fix MTU max setting Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 205/530] af_unix: fix use-after-free in unix_stream_read_actor() Greg Kroah-Hartman
2023-11-25 22:16 ` Pascal Ernster
2023-11-25 23:49 ` Pascal Ernster
2023-11-26 0:54 ` Holger Hoffstätte
2023-11-26 8:24 ` Pascal Ernster
2023-11-26 12:41 ` Pascal Ernster
2023-11-26 13:42 ` Pascal Ernster
2023-12-10 5:47 ` Pascal Ernster
2023-11-24 17:46 ` [PATCH 6.6 206/530] netfilter: nf_conntrack_bridge: initialize err to 0 Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 207/530] netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 208/530] netfilter: nf_tables: bogus ENOENT when destroying element which does not exist Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 209/530] net: stmmac: fix rx budget limit check Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 210/530] net: stmmac: avoid rx queue overrun Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 211/530] pds_core: use correct index to mask irq Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 212/530] pds_core: fix up some format-truncation complaints Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 213/530] gve: Fixes for napi_poll when budget is 0 Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 214/530] io_uring/fdinfo: remove need for sqpoll lock for thread/pid retrieval Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 215/530] Revert "net/mlx5: DR, Supporting inline WQE when possible" Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 216/530] net/mlx5: Free used cpus mask when an IRQ is released Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 217/530] net/mlx5: Decouple PHC .adjtime and .adjphase implementations Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 218/530] net/mlx5e: fix double free of encap_header Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 219/530] net/mlx5e: fix double free of encap_header in update funcs Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 220/530] net/mlx5e: Fix pedit endianness Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 221/530] net/mlx5e: Dont modify the peer sent-to-vport rules for IPSec offload Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 222/530] net/mlx5e: Avoid referencing skb after free-ing in drop path of mlx5e_sq_xmit_wqe Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 223/530] net/mlx5e: Track xmit submission to PTP WQ after populating metadata map Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 224/530] net/mlx5e: Update doorbell for port timestamping CQ before the software counter Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 225/530] net/mlx5: Increase size of irq name buffer Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 226/530] net/mlx5e: Reduce the size of icosq_str Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 227/530] net/mlx5e: Check return value of snprintf writing to fw_version buffer Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 228/530] net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 229/530] net: sched: do not offload flows with a helper in act_ct Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 230/530] macvlan: Dont propagate promisc change to lower dev in passthru Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 231/530] tools/power/turbostat: Fix a knl bug Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 232/530] tools/power/turbostat: Enable the C-state Pre-wake printing Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 233/530] scsi: ufs: core: Expand MCQ queue slot to DeviceQueueDepth + 1 Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 234/530] cifs: spnego: add ; in HOST_KEY_LEN Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 235/530] cifs: fix check of rc in function generate_smb3signingkey Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 236/530] perf/core: Fix cpuctx refcounting Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 237/530] i915/perf: Fix NULL deref bugs with drm_dbg() calls Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 238/530] perf: arm_cspmu: Reject events meant for other PMUs Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 239/530] drivers: perf: Check find_first_bit() return value Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 240/530] media: venus: hfi: add checks to perform sanity on queue pointers Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 241/530] perf intel-pt: Fix async branch flags Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 242/530] powerpc/perf: Fix disabling BHRB and instruction sampling Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 243/530] randstruct: Fix gcc-plugin performance mode to stay in group Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 244/530] spi: Fix null dereference on suspend Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 245/530] bpf: Fix check_stack_write_fixed_off() to correctly spill imm Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 246/530] bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 247/530] scsi: mpt3sas: Fix loop logic Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 248/530] scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 249/530] scsi: ufs: qcom: Update PHY settings only when scaling to higher gears Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 250/530] scsi: qla2xxx: Fix system crash due to bad pointer access Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 251/530] scsi: ufs: core: Fix racing issue between ufshcd_mcq_abort() and ISR Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 252/530] x86/shstk: Delay signal entry SSP write until after user accesses Greg Kroah-Hartman
2023-11-24 17:46 ` [PATCH 6.6 253/530] crypto: x86/sha - load modules based on CPU features Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 254/530] x86/PCI: Avoid PME from D3hot/D3cold for AMD Rembrandt and Phoenix USB4 Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 255/530] x86/apic/msi: Fix misconfigured non-maskable MSI quirk Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 256/530] x86/cpu/hygon: Fix the CPU topology evaluation for real Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 257/530] KVM: x86: hyper-v: Dont auto-enable stimer on write from user-space Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 258/530] KVM: x86: Ignore MSR_AMD64_TW_CFG access Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 259/530] KVM: x86: Clear bit12 of ICR after APIC-write VM-exit Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 260/530] KVM: x86: Fix lapic timer interrupt lost after loading a snapshot Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 261/530] mmc: sdhci-pci-gli: GL9755: Mask the replay timer timeout of AER Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 262/530] sched: psi: fix unprivileged polling against cgroups Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 263/530] audit: dont take task_lock() in audit_exe_compare() code path Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 264/530] audit: dont WARN_ON_ONCE(!current->mm) in audit_exe_compare() Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 265/530] proc: sysctl: prevent aliased sysctls from getting passed to init Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 266/530] tty/sysrq: replace smp_processor_id() with get_cpu() Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 267/530] tty: serial: meson: fix hard LOCKUP on crtscts mode Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 268/530] acpi/processor: sanitize _OSC/_PDC capabilities for Xen dom0 Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 269/530] hvc/xen: fix console unplug Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 270/530] hvc/xen: fix error path in xen_hvc_init() to always register frontend driver Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 271/530] hvc/xen: fix event channel handling for secondary consoles Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 272/530] PCI/sysfs: Protect drivers D3cold preference from user space Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 273/530] mm/damon/sysfs: remove requested targets when online-commit inputs Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 274/530] mm/damon/sysfs: update monitoring target regions for online input commit Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 275/530] watchdog: move softlockup_panic back to early_param Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 276/530] iommufd: Fix missing update of domains_itree after splitting iopt_area Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 277/530] fbdev: stifb: Make the STI next font pointer a 32-bit signed offset Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 278/530] dm crypt: account large pages in cc->n_allocated_pages Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 279/530] mm/damon/lru_sort: avoid divide-by-zero in hot threshold calculation Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 280/530] mm/damon/ops-common: avoid divide-by-zero during region hotness calculation Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 281/530] mm/damon: implement a function for max nr_accesses safe calculation Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 282/530] mm/damon/core: avoid divide-by-zero during monitoring results update Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 283/530] mm/damon/sysfs-schemes: handle tried region directory allocation failure Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 284/530] mm/damon/sysfs-schemes: handle tried regions sysfs " Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 285/530] mm/damon/core.c: avoid unintentional filtering out of schemes Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 286/530] mm/damon/sysfs: check error from damon_sysfs_update_target() Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 287/530] parisc: Add nop instructions after TLB inserts Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 288/530] ACPI: resource: Do IRQ override on TongFang GMxXGxx Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 289/530] regmap: Ensure range selector registers are updated after cache sync Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 290/530] wifi: ath11k: fix temperature event locking Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 291/530] wifi: ath11k: fix dfs radar " Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 292/530] wifi: ath11k: fix htt pktlog locking Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 293/530] wifi: ath11k: fix gtk offload status event locking Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 294/530] wifi: ath12k: fix htt mlo-offset " Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 295/530] wifi: ath12k: fix dfs-radar and temperature " Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 296/530] mmc: meson-gx: Remove setting of CMD_CFG_ERROR Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 297/530] genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 298/530] sched/core: Fix RQCF_ACT_SKIP leak Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 299/530] pmdomain: bcm: bcm2835-power: check if the ASB register is equal to enable Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 300/530] KEYS: trusted: tee: Refactor register SHM usage Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 301/530] KEYS: trusted: Rollback init_trusted() consistently Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 302/530] PCI: keystone: Dont discard .remove() callback Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 303/530] PCI: keystone: Dont discard .probe() callback Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 304/530] pmdomain: amlogic: Fix mask for the second NNA mem PD domain Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 305/530] arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 306/530] arm64: module: Fix PLT counting when CONFIG_RANDOMIZE_BASE=n Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 307/530] pmdomain: imx: Make imx pgc power domain also set the fwnode Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 308/530] parisc/agp: Use 64-bit LE values in SBA IOMMU PDIR table Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 309/530] parisc/pdc: Add width field to struct pdc_model Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 310/530] parisc/power: Add power soft-off when running on qemu Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 311/530] cpufreq: stats: Fix buffer overflow detection in trans_stats() Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 312/530] powercap: intel_rapl: Downgrade BIOS locked limits pr_warn() to pr_debug() Greg Kroah-Hartman
2023-11-24 17:47 ` [PATCH 6.6 313/530] clk: socfpga: Fix undefined behavior bug in struct stratix10_clock_data Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 314/530] clk: visconti: Fix undefined behavior bug in struct visconti_pll_provider Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 315/530] integrity: powerpc: Do not select CA_MACHINE_KEYRING Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 316/530] clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 317/530] clk: qcom: ipq6018: " Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 318/530] ksmbd: fix recursive locking in vfs helpers Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 319/530] ksmbd: handle malformed smb1 message Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 320/530] ksmbd: fix slab out of bounds write in smb_inherit_dacl() Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 321/530] mmc: vub300: fix an error code Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 322/530] mmc: sdhci_am654: fix start loop index for TAP value parsing Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 323/530] mmc: Add quirk MMC_QUIRK_BROKEN_CACHE_FLUSH for Micron eMMC Q2J54A Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 324/530] PCI: qcom-ep: Add dedicated callback for writing to DBI2 registers Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 325/530] PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 326/530] PCI: kirin: Dont discard .remove() callback Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 327/530] PCI: exynos: " Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 328/530] PCI: Lengthen reset delay for VideoPropulsion Torrent QN16e card Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 329/530] wifi: wilc1000: use vmm_table as array in wilc struct Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 330/530] svcrdma: Drop connection after an RDMA Read error Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 331/530] rcu/tree: Defer setting of jiffies during stall reset Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 332/530] arm64: dts: qcom: ipq6018: Fix hwlock index for SMEM Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 333/530] dt-bindings: timer: renesas,rz-mtu3: Fix overflow/underflow interrupt names Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 334/530] PM: hibernate: Use __get_safe_page() rather than touching the list Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 335/530] PM: hibernate: Clean up sync_read handling in snapshot_write_next() Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 336/530] rcu: kmemleak: Ignore kmemleak false positives when RCU-freeing objects Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 337/530] btrfs: dont arbitrarily slow down delalloc if were committing Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 338/530] thermal: intel: powerclamp: fix mismatch in get function for max_idle Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 339/530] arm64: dts: qcom: ipq5332: Fix hwlock index for SMEM Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 340/530] arm64: dts: qcom: ipq8074: " Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 341/530] firmware: qcom_scm: use 64-bit calling convention only when client is 64-bit Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 342/530] ACPI: FPDT: properly handle invalid FPDT subtables Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 343/530] arm64: dts: qcom: ipq9574: Fix hwlock index for SMEM Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 344/530] arm64: dts: qcom: ipq6018: Fix tcsr_mutex register size Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 345/530] leds: trigger: netdev: Move size check in set_device_name Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 346/530] mfd: qcom-spmi-pmic: Fix reference leaks in revid helper Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 347/530] mfd: qcom-spmi-pmic: Fix revid implementation Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 348/530] ima: annotate iint mutex to avoid lockdep false positive warnings Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 349/530] ima: detect changes to the backing overlay file Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 350/530] netfilter: nf_tables: remove catchall element in GC sync path Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 351/530] netfilter: nf_tables: split async and sync catchall in two functions Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 352/530] ASoC: soc-dai: add flag to mute and unmute stream during trigger Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 353/530] ASoC: codecs: wsa883x: make use of new mute_unmute_on_trigger flag Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 354/530] selftests/resctrl: Fix uninitialized .sa_flags Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 355/530] selftests/resctrl: Remove duplicate feature check from CMT test Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 356/530] selftests/resctrl: Move _GNU_SOURCE define into Makefile Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 357/530] selftests/resctrl: Refactor feature check to use resource and feature name Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 358/530] selftests/resctrl: Fix feature checks Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 359/530] selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 360/530] hid: lenovo: Resend all settings on reset_resume for compact keyboards Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 361/530] ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 362/530] jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 363/530] quota: explicitly forbid quota files from being encrypted Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 364/530] kernel/reboot: emergency_restart: Set correct system_state Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 365/530] scripts/gdb/vmalloc: disable on no-MMU Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 366/530] fs: use nth_page() in place of direct struct page manipulation Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 367/530] mips: " Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 368/530] i2c: core: Run atomic i2c xfer when !preemptible Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 369/530] selftests/clone3: Fix broken test under !CONFIG_TIME_NS Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 370/530] tracing: Have the user copy of synthetic event address use correct context Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 371/530] driver core: Release all resources during unbind before updating device links Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 372/530] mcb: fix error handling for different scenarios when parsing Greg Kroah-Hartman
2023-11-24 17:48 ` [PATCH 6.6 373/530] powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 374/530] dmaengine: stm32-mdma: correct desc prep when channel running Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 375/530] s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 376/530] s390/mm: add missing arch_set_page_dat() call to gmap allocations Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 377/530] s390/cmma: fix initial kernel address space page table walk Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 378/530] s390/cmma: fix detection of DAT pages Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 379/530] s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 380/530] mm/cma: use nth_page() in place of direct struct page manipulation Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 381/530] mm/hugetlb: " Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 382/530] mm/memory_hotplug: use pfn math " Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 383/530] mm: make PR_MDWE_REFUSE_EXEC_GAIN an unsigned long Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 384/530] mtd: cfi_cmdset_0001: Byte swap OTP info Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 385/530] cxl/region: Do not try to cleanup after cxl_region_setup_targets() fails Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 386/530] i3c: master: cdns: Fix reading status register Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 387/530] i3c: master: svc: fix race condition in ibi work thread Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 388/530] i3c: master: svc: fix wrong data return when IBI happen during start frame Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 389/530] i3c: master: svc: fix ibi may not return mandatory data byte Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 390/530] i3c: master: svc: fix check wrong status register in irq handler Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 391/530] i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 392/530] i3c: master: svc: fix random hot join failure since timeout error Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 393/530] cxl/region: Fix x1 root-decoder granularity calculations Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 394/530] cxl/port: Fix delete_endpoint() vs parent unregistration race Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 395/530] apparmor: Fix kernel-doc warnings in apparmor/audit.c Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 396/530] apparmor: Fix kernel-doc warnings in apparmor/lib.c Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 397/530] apparmor: Fix kernel-doc warnings in apparmor/resource.c Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 398/530] apparmor: Fix kernel-doc warnings in apparmor/policy.c Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 399/530] apparmor: combine common_audit_data and apparmor_audit_data Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 400/530] apparmor: rename audit_data->label to audit_data->subj_label Greg Kroah-Hartman
2023-11-24 17:49 ` Greg Kroah-Hartman [this message]
2023-11-24 17:49 ` [PATCH 6.6 402/530] apparmor: Fix regression in mount mediation Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 403/530] Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 404/530] Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 405/530] drm/amd/display: enable dsc_clk even if dsc_pg disabled Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 406/530] torture: Make torture_hrtimeout_ns() take an hrtimer mode parameter Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 407/530] rcutorture: Fix stuttering races and other issues Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 408/530] selftests/resctrl: Remove bw_report and bm_type from main() Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 409/530] selftests/resctrl: Simplify span lifetime Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 410/530] selftests/resctrl: Make benchmark command const and build it with pointers Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 411/530] selftests/resctrl: Extend signal handler coverage to unmount on receiving signal Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 412/530] parisc: Prevent booting 64-bit kernels on PA1.x machines Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 413/530] parisc/pgtable: Do not drop upper 5 address bits of physical address Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 414/530] parisc/power: Fix power soft-off when running on qemu Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 415/530] parisc: fix mmap_base calculation when stack grows upwards Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 416/530] xhci: Enable RPM on controllers that support low-power states Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 417/530] smb3: fix creating FIFOs when mounting with "sfu" mount option Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 418/530] smb3: fix touch -h of symlink Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 419/530] smb3: allow dumping session and tcon id to improve stats analysis and debugging Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 420/530] smb3: fix caching of ctime on setxattr Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 421/530] smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 422/530] smb: client: fix use-after-free in smb2_query_info_compound() Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 423/530] smb: client: fix potential deadlock when releasing mids Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 424/530] smb: client: fix mount when dns_resolver key is not available Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 425/530] cifs: reconnect helper should set reconnect for the right channel Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 426/530] cifs: force interface update before a fresh session setup Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 427/530] cifs: do not reset chan_max if multichannel is not supported at mount Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 428/530] cifs: do not pass cifs_sb when trying to add channels Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 429/530] cifs: Fix encryption of cleared, but unset rq_iter data buffers Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 430/530] xfs: recovery should not clear di_flushiter unconditionally Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 431/530] btrfs: zoned: wait for data BG to be finished on direct IO allocation Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 432/530] ALSA: info: Fix potential deadlock at disconnection Greg Kroah-Hartman
2023-11-24 17:49 ` [PATCH 6.6 433/530] ALSA: hda/realtek: Enable Mute LED on HP 255 G8 Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 434/530] ALSA: hda/realtek - Add Dell ALC295 to pin fall back table Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 435/530] ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 436/530] ALSA: hda/realtek: Enable Mute LED on HP 255 G10 Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 437/530] ALSA: hda/realtek: Add quirks for HP Laptops Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 438/530] Revert ncsi: Propagate carrier gain/loss events to the NCSI controller Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 439/530] Revert "i2c: pxa: move to generic GPIO recovery" Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 440/530] lsm: fix default return value for vm_enough_memory Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 441/530] lsm: fix default return value for inode_getsecctx Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 442/530] sbsa_gwdt: Calculate timeout with 64-bit math Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 443/530] i2c: designware: Disable TX_EMPTY irq while waiting for block length byte Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 444/530] s390/ap: fix AP bus crash on early config change callback invocation Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 445/530] net: ethtool: Fix documentation of ethtool_sprintf() Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 446/530] net: dsa: lan9303: consequently nested-lock physical MDIO Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 447/530] net: phylink: initialize carrier state at creation Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 448/530] gfs2: dont withdraw if init_threads() got interrupted Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 449/530] i2c: i801: fix potential race in i801_block_transaction_byte_by_byte Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 450/530] f2fs: do not return EFSCORRUPTED, but try to run online repair Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 451/530] f2fs: set the default compress_level on ioctl Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 452/530] f2fs: avoid format-overflow warning Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 453/530] f2fs: split initial and dynamic conditions for extent_cache Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 454/530] media: lirc: drop trailing space from scancode transmit Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 455/530] media: sharp: fix sharp encoding Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 456/530] media: venus: hfi_parser: Add check to keep the number of codecs within range Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 457/530] media: venus: hfi: fix the check to handle session buffer requirement Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 458/530] media: venus: hfi: add checks to handle capabilities from firmware Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 459/530] media: ccs: Correctly initialise try compose rectangle Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 460/530] drm/mediatek/dp: fix memory leak on ->get_edid callback audio detection Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 461/530] drm/mediatek/dp: fix memory leak on ->get_edid callback error path Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 462/530] dm-bufio: fix no-sleep mode Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 463/530] dm-verity: dont use blocking calls from tasklets Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 464/530] nfsd: fix file memleak on client_opens_release Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 465/530] NFSD: Update nfsd_cache_append() to use xdr_stream Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 466/530] LoongArch: Mark __percpu functions as always inline Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 467/530] tracing: fprobe-event: Fix to check tracepoint event and return Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 468/530] swiotlb: do not free decrypted pages if dynamic Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 469/530] swiotlb: fix out-of-bounds TLB allocations with CONFIG_SWIOTLB_DYNAMIC Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 470/530] riscv: Using TOOLCHAIN_HAS_ZIHINTPAUSE marco replace zihintpause Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 471/530] riscv: put interrupt entries into .irqentry.text Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 472/530] riscv: mm: Update the comment of CONFIG_PAGE_OFFSET Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 473/530] riscv: correct pt_level name via pgtable_l5/4_enabled Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 474/530] riscv: kprobes: allow writing to x0 Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 475/530] mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 476/530] mm: fix for negative counter: nr_file_hugepages Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 477/530] mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 478/530] mptcp: deal with large GSO size Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 479/530] mptcp: add validity check for sending RM_ADDR Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 480/530] mptcp: fix setsockopt(IP_TOS) subflow locking Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 481/530] selftests: mptcp: fix fastclose with csum failure Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 482/530] r8169: fix network lost after resume on DASH systems Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 483/530] r8169: add handling DASH when DASH is disabled Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 484/530] mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 485/530] media: qcom: camss: Fix pm_domain_on sequence in probe Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 486/530] media: qcom: camss: Fix vfe_get() error jump Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 487/530] media: qcom: camss: Fix VFE-17x vfe_disable_output() Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 488/530] media: qcom: camss: Fix VFE-480 vfe_disable_output() Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 489/530] media: qcom: camss: Fix missing vfe_lite clocks check Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 490/530] media: qcom: camss: Fix set CSI2_RX_CFG1_VC_MODE when VC is greater than 3 Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 491/530] media: qcom: camss: Fix invalid clock enable bit disjunction Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 492/530] media: qcom: camss: Fix csid-gen2 for test pattern generator Greg Kroah-Hartman
2023-11-24 17:50 ` [PATCH 6.6 493/530] Revert "HID: logitech-dj: Add support for a new lightspeed receiver iteration" Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 494/530] Revert "net: r8169: Disable multicast filter for RTL8168H and RTL8107E" Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 495/530] ext4: fix race between writepages and remount Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 496/530] ext4: no need to generate from free list in mballoc Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 497/530] ext4: make sure allocate pending entry not fail Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 498/530] ext4: apply umask if ACL support is disabled Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 499/530] ext4: correct offset of gdb backup in non meta_bg group to update_backups Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 500/530] ext4: mark buffer new if it is unwritten to avoid stale data exposure Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 501/530] ext4: correct return value of ext4_convert_meta_bg Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 502/530] ext4: correct the start block of counting reserved clusters Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 503/530] ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 504/530] ext4: add missed brelse in update_backups Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 505/530] ext4: properly sync file size update after O_SYNC direct IO Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 506/530] ext4: fix racy may inline data check in dio write Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 507/530] drm/amd/pm: Handle non-terminated overdrive commands Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 508/530] drm: bridge: it66121: ->get_edid callback must not return err pointers Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 509/530] x86/srso: Move retbleed IBPB check into existing has_microcode code block Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 510/530] drm/amd/display: Add Null check for DPP resource Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 511/530] drm/i915/mtl: Support HBR3 rate with C10 phy and eDP in MTL Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 512/530] drm/i915: Bump GLK CDCLK frequency when driving multiple pipes Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 513/530] drm/i915: Fix potential spectre vulnerability Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 514/530] drm/i915: Flush WC GGTT only on required platforms Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 515/530] drm/amd/pm: Fix error of MACO flag setting code Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 516/530] drm/amdgpu/smu13: drop compute workload workaround Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 517/530] drm/amdgpu: dont use pci_is_thunderbolt_attached() Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 518/530] drm/amdgpu: fix GRBM read timeout when do mes_self_test Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 519/530] drm/amdgpu: add a retry for IP discovery init Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 520/530] drm/amdgpu: dont use ATRM for external devices Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 521/530] drm/amdgpu: fix error handling in amdgpu_vm_init Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 522/530] drm/amdgpu: fix error handling in amdgpu_bo_list_get() Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 523/530] drm/amdgpu: lower CS errors to debug severity Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 524/530] drm/amdgpu: Fix possible null pointer dereference Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 525/530] drm/amd/display: Guard against invalid RPTR/WPTR being set Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 526/530] drm/amd/display: Fix DSC not Enabled on Direct MST Sink Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 527/530] drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer() Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 528/530] drm/amd/display: Enable fast plane updates on DCN3.2 and above Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 529/530] drm/amd/display: Clear dpcd_sink_ext_caps if not set Greg Kroah-Hartman
2023-11-24 17:51 ` [PATCH 6.6 530/530] drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox Greg Kroah-Hartman
2023-11-24 19:05 ` [PATCH 6.6 000/530] 6.6.3-rc1 review Naresh Kamboju
2023-11-25 15:31 ` Greg Kroah-Hartman
2023-11-24 21:57 ` Nam Cao
2023-11-24 22:29 ` Takeshi Ogasawara
2023-11-25 9:40 ` Ron Economos
2023-11-25 11:26 ` Pavel Machek
2023-11-25 12:34 ` Bagas Sanjaya
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231124172040.234942754@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=georgia.garcia@canonical.com \
--cc=john.johansen@canonical.com \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox