Unnamed repository; edit this file 'description' to name the repository. https://git.kobert.dev/pm24.git/atom?h=rust-6.14 2022-08-01T18:26:09Z 2022-08-01T18:26:09Z GONG, Ruiqi gongruiqi1@huawei.com 2022-06-06T08:17:14Z urn:sha1:63c3b5d2ca96b4a2a88ae01bea94021e874ce8fe Simplify the code by using kstrndup instead of kzalloc and strncpy in smk_parse_smack(), which meanwhile remove strncpy as [1] suggests. [1]: https://github.com/KSPP/linux/issues/90 Signed-off-by: GONG, Ruiqi <gongruiqi1@huawei.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 2021-07-20T16:17:36Z Tianjia Zhang tianjia.zhang@linux.alibaba.com 2021-07-15T09:17:24Z urn:sha1:6d14f5c7028eea70760df284057fe198ce7778dd In the smk_access_entry() function, if no matching rule is found in the rust_list, a negative error code will be used to perform bit operations with the MAY_ enumeration value. This is semantically wrong. This patch fixes this issue. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 2021-06-08T17:23:08Z ChenXiaoSong chenxiaosong2@huawei.com 2021-06-07T03:52:01Z urn:sha1:fe6bde732be8c4711a878b11491d9a2749b03909 Fix gcc W=1 warning: security/smack/smack_access.c:342: warning: Function parameter or member 'ad' not described in 'smack_log' security/smack/smack_access.c:403: warning: Function parameter or member 'skp' not described in 'smk_insert_entry' security/smack/smack_access.c:487: warning: Function parameter or member 'level' not described in 'smk_netlbl_mls' security/smack/smack_access.c:487: warning: Function parameter or member 'len' not described in 'smk_netlbl_mls' Signed-off-by: ChenXiaoSong <chenxiaosong2@huawei.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 2021-05-18T17:36:48Z Jens Axboe axboe@kernel.dk 2021-03-26T00:42:50Z urn:sha1:0169d8f33ab7a58675a94c18122dba58d8f6a1b8 This reverts commit 942cb357ae7d9249088e3687ee6a00ed2745a0c7. The io_uring PF_IO_WORKER threads no longer have PF_KTHREAD set, so no need to special case them for credential checks. Cc: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 2020-12-22T23:34:24Z Casey Schaufler casey@schaufler-ca.com 2020-12-22T23:34:24Z urn:sha1:942cb357ae7d9249088e3687ee6a00ed2745a0c7 Smack assumes that kernel threads are privileged for smackfs operations. This was necessary because the credential of the kernel thread was not related to a user operation. With io_uring the credential does reflect a user's rights and can be used. Suggested-by: Jens Axboe <axboe@kernel.dk> Acked-by: Jens Axboe <axboe@kernel.dk> Acked-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 2020-09-11T22:31:31Z Casey Schaufler casey@schaufler-ca.com 2020-08-12T00:39:43Z urn:sha1:322dd63c7f98315b5794653bc582d109841219ae Utilize the Netlabel cache mechanism for incoming packet matching. Refactor the initialization of secattr structures, as it was being done in two places. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 2019-09-04T16:37:07Z Eric Biggers ebiggers@google.com 2019-08-22T05:54:41Z urn:sha1:e5bfad3d7acc5702f32aafeb388362994f4d7bd0 inode_smack::smk_lock is taken during smack_d_instantiate(), which is called during a filesystem transaction when creating a file on ext4. Therefore to avoid a deadlock, all code that takes this lock must use GFP_NOFS, to prevent memory reclaim from waiting for the filesystem transaction to complete. Reported-by: syzbot+0eefc1e06a77d327a056@syzkaller.appspotmail.com Cc: stable@vger.kernel.org Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 2019-06-05T15:37:10Z Thomas Gleixner tglx@linutronix.de 2019-05-31T08:09:32Z urn:sha1:a10e763b87134a9a4ca3a38b5c4b533e75ec63a3 Based on 1 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation version 2 extracted by the scancode license scanner the SPDX license identifier GPL-2.0-only has been chosen to replace the boilerplate/reference in 135 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190531081036.435762997@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-01-10T22:16:06Z Micah Morton mortonm@chromium.org 2019-01-08T00:10:53Z urn:sha1:c1a85a00ea66cb6f0bd0f14e47c28c2b0999799f This patch provides a general mechanism for passing flags to the security_capable LSM hook. It replaces the specific 'audit' flag that is used to tell security_capable whether it should log an audit message for the given capability check. The reason for generalizing this flag passing is so we can add an additional flag that signifies whether security_capable is being called by a setid syscall (which is needed by the proposed SafeSetID LSM). Signed-off-by: Micah Morton <mortonm@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.morris@microsoft.com> 2019-01-08T21:18:44Z Casey Schaufler casey@schaufler-ca.com 2018-11-10T00:12:56Z urn:sha1:b17103a8b8ae9c9ecc5e1e6501b1478ee2dc6fe4 Don't use the cred->security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> [kees: adjusted for ordered init series] Signed-off-by: Kees Cook <keescook@chromium.org>