<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-rng/security/landlock, branch master</title>
<subtitle>Development tree for the kernel CSPRNG</subtitle>
<id>https://git.zx2c4.com/linux-rng/atom/security/landlock?h=master</id>
<link rel='self' href='https://git.zx2c4.com/linux-rng/atom/security/landlock?h=master'/>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/'/>
<updated>2025-12-01T17:02:34Z</updated>
<entry>
<title>Merge tag 'vfs-6.19-rc1.inode' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs</title>
<updated>2025-12-01T17:02:34Z</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2025-12-01T17:02:34Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=9368f0f9419cde028a6e58331065900ff089bc36'/>
<id>urn:sha1:9368f0f9419cde028a6e58331065900ff089bc36</id>
<content type='text'>
Pull vfs inode updates from Christian Brauner:
 "Features:

   - Hide inode-&gt;i_state behind accessors. Open-coded accesses prevent
     asserting they are done correctly. One obvious aspect is locking,
     but significantly more can be checked. For example it can be
     detected when the code is clearing flags which are already missing,
     or is setting flags when it is illegal (e.g., I_FREEING when
     -&gt;i_count &gt; 0)

   - Provide accessors for -&gt;i_state, converts all filesystems using
     coccinelle and manual conversions (btrfs, ceph, smb, f2fs, gfs2,
     overlayfs, nilfs2, xfs), and makes plain -&gt;i_state access fail to
     compile

   - Rework I_NEW handling to operate without fences, simplifying the
     code after the accessor infrastructure is in place

  Cleanups:

   - Move wait_on_inode() from writeback.h to fs.h

   - Spell out fenced -&gt;i_state accesses with explicit smp_wmb/smp_rmb
     for clarity

   - Cosmetic fixes to LRU handling

   - Push list presence check into inode_io_list_del()

   - Touch up predicts in __d_lookup_rcu()

   - ocfs2: retire ocfs2_drop_inode() and I_WILL_FREE usage

   - Assert on -&gt;i_count in iput_final()

   - Assert -&gt;i_lock held in __iget()

  Fixes:

   - Add missing fences to I_NEW handling"

* tag 'vfs-6.19-rc1.inode' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs: (22 commits)
  dcache: touch up predicts in __d_lookup_rcu()
  fs: push list presence check into inode_io_list_del()
  fs: cosmetic fixes to lru handling
  fs: rework I_NEW handling to operate without fences
  fs: make plain -&gt;i_state access fail to compile
  xfs: use the new -&gt;i_state accessors
  nilfs2: use the new -&gt;i_state accessors
  overlayfs: use the new -&gt;i_state accessors
  gfs2: use the new -&gt;i_state accessors
  f2fs: use the new -&gt;i_state accessors
  smb: use the new -&gt;i_state accessors
  ceph: use the new -&gt;i_state accessors
  btrfs: use the new -&gt;i_state accessors
  Manual conversion to use -&gt;i_state accessors of all places not covered by coccinelle
  Coccinelle-based conversion to use -&gt;i_state accessors
  fs: provide accessors for -&gt;i_state
  fs: spell out fenced -&gt;i_state accesses with explicit smp_wmb/smp_rmb
  fs: move wait_on_inode() from writeback.h to fs.h
  fs: add missing fences to I_NEW handling
  ocfs2: retire ocfs2_drop_inode() and I_WILL_FREE usage
  ...
</content>
</entry>
<entry>
<title>landlock: fix splats from iput() after it started calling might_sleep()</title>
<updated>2025-11-12T09:47:42Z</updated>
<author>
<name>Mateusz Guzik</name>
<email>mjguzik@gmail.com</email>
</author>
<published>2025-11-05T21:20:25Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=56325e8c68c0724d626f665773a5005dcf44e329'/>
<id>urn:sha1:56325e8c68c0724d626f665773a5005dcf44e329</id>
<content type='text'>
At this point it is guaranteed this is not the last reference.

However, a recent addition of might_sleep() at top of iput() started
generating false-positives as it was executing for all values.

Remedy the problem by using the newly introduced iput_not_last().

Reported-by: syzbot+12479ae15958fc3f54ec@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/68d32659.a70a0220.4f78.0012.GAE@google.com/
Fixes: 2ef435a872ab ("fs: add might_sleep() annotation to iput() and more")
Signed-off-by: Mateusz Guzik &lt;mjguzik@gmail.com&gt;
Link: https://patch.msgid.link/20251105212025.807549-2-mjguzik@gmail.com
Reviewed-by: Mickaël Salaün &lt;mic@digikod.net&gt;
Signed-off-by: Christian Brauner &lt;brauner@kernel.org&gt;
</content>
</entry>
<entry>
<title>Coccinelle-based conversion to use -&gt;i_state accessors</title>
<updated>2025-10-20T18:22:26Z</updated>
<author>
<name>Mateusz Guzik</name>
<email>mjguzik@gmail.com</email>
</author>
<published>2025-10-09T07:59:18Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=b4dbfd8653b34b0ab6c024ceda32af488c9b5602'/>
<id>urn:sha1:b4dbfd8653b34b0ab6c024ceda32af488c9b5602</id>
<content type='text'>
All places were patched by coccinelle with the default expecting that
-&gt;i_lock is held, afterwards entries got fixed up by hand to use
unlocked variants as needed.

The script:
@@
expression inode, flags;
@@

- inode-&gt;i_state &amp; flags
+ inode_state_read(inode) &amp; flags

@@
expression inode, flags;
@@

- inode-&gt;i_state &amp;= ~flags
+ inode_state_clear(inode, flags)

@@
expression inode, flag1, flag2;
@@

- inode-&gt;i_state &amp;= ~flag1 &amp; ~flag2
+ inode_state_clear(inode, flag1 | flag2)

@@
expression inode, flags;
@@

- inode-&gt;i_state |= flags
+ inode_state_set(inode, flags)

@@
expression inode, flags;
@@

- inode-&gt;i_state = flags
+ inode_state_assign(inode, flags)

@@
expression inode, flags;
@@

- flags = inode-&gt;i_state
+ flags = inode_state_read(inode)

@@
expression inode, flags;
@@

- READ_ONCE(inode-&gt;i_state) &amp; flags
+ inode_state_read(inode) &amp; flags

Signed-off-by: Mateusz Guzik &lt;mjguzik@gmail.com&gt;
Signed-off-by: Christian Brauner &lt;brauner@kernel.org&gt;
</content>
</entry>
<entry>
<title>fs: add an icount_read helper</title>
<updated>2025-09-01T10:41:09Z</updated>
<author>
<name>Josef Bacik</name>
<email>josef@toxicpanda.com</email>
</author>
<published>2025-08-26T15:39:02Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=37b27bd5d6217b75d315f28b4399aad0a336f299'/>
<id>urn:sha1:37b27bd5d6217b75d315f28b4399aad0a336f299</id>
<content type='text'>
Instead of doing direct access to -&gt;i_count, add a helper to handle
this. This will make it easier to convert i_count to a refcount later.

Signed-off-by: Josef Bacik &lt;josef@toxicpanda.com&gt;
Link: https://lore.kernel.org/9bc62a84c6b9d6337781203f60837bd98fbc4a96.1756222464.git.josef@toxicpanda.com
Signed-off-by: Christian Brauner &lt;brauner@kernel.org&gt;
</content>
</entry>
<entry>
<title>Merge tag 'landlock-6.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux</title>
<updated>2025-07-29T02:21:32Z</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2025-07-29T02:21:32Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=ae388edd4a8f0226f3ef7b102c34f78220756c3d'/>
<id>urn:sha1:ae388edd4a8f0226f3ef7b102c34f78220756c3d</id>
<content type='text'>
Pull landlock update from Mickaël Salaün:
 "Fix test issues, improve build compatibility, and add new tests"

* tag 'landlock-6.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux:
  landlock: Fix cosmetic change
  samples/landlock: Fix building on musl libc
  landlock: Fix warning from KUnit tests
  selftests/landlock: Add test to check rule tied to covered mount point
  selftests/landlock: Fix build of audit_test
  selftests/landlock: Fix readlink check
</content>
</entry>
<entry>
<title>landlock: Fix cosmetic change</title>
<updated>2025-07-19T10:44:16Z</updated>
<author>
<name>Mickaël Salaün</name>
<email>mic@digikod.net</email>
</author>
<published>2025-07-19T10:42:00Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=6803b6ebb8164c1d306600f8836a39b6fceffeec'/>
<id>urn:sha1:6803b6ebb8164c1d306600f8836a39b6fceffeec</id>
<content type='text'>
This line removal should not be there and it makes it more difficult to
backport the following patch.

Cc: Günther Noack &lt;gnoack@google.com&gt;
Cc: Konstantin Meskhidze &lt;konstantin.meskhidze@huawei.com&gt;
Fixes: 7a11275c3787 ("landlock: Refactor layer helpers")
Link: https://lore.kernel.org/r/20250719104204.545188-2-mic@digikod.net
Signed-off-by: Mickaël Salaün &lt;mic@digikod.net&gt;
</content>
</entry>
<entry>
<title>landlock: Fix warning from KUnit tests</title>
<updated>2025-06-27T08:10:37Z</updated>
<author>
<name>Tingmao Wang</name>
<email>m@maowtm.org</email>
</author>
<published>2025-06-15T16:09:36Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=e0a69cf2c03e61bd8069becb97f66c173d0d1fa1'/>
<id>urn:sha1:e0a69cf2c03e61bd8069becb97f66c173d0d1fa1</id>
<content type='text'>
get_id_range() expects a positive value as first argument but
get_random_u8() can return 0.  Fix this by clamping it.

Validated by running the test in a for loop for 1000 times.

Note that MAX() is wrong as it is only supposed to be used for
constants, but max() is good here.

  [..]     ok 9 test_range2_rand1
  [..]     ok 10 test_range2_rand2
  [..]     ok 11 test_range2_rand15
  [..] ------------[ cut here ]------------
  [..] WARNING: CPU: 6 PID: 104 at security/landlock/id.c:99 test_range2_rand16 (security/landlock/id.c:99 (discriminator 1) security/landlock/id.c:234 (discriminator 1))
  [..] Modules linked in:
  [..] CPU: 6 UID: 0 PID: 104 Comm: kunit_try_catch Tainted: G                 N  6.16.0-rc1-dev-00001-g314a2f98b65f #1 PREEMPT(undef)
  [..] Tainted: [N]=TEST
  [..] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
  [..] RIP: 0010:test_range2_rand16 (security/landlock/id.c:99 (discriminator 1) security/landlock/id.c:234 (discriminator 1))
  [..] Code: 49 c7 c0 10 70 30 82 4c 89 ff 48 c7 c6 a0 63 1e 83 49 c7 45 a0 e0 63 1e 83 e8 3f 95 17 00 e9 1f ff ff ff 0f 0b e9 df fd ff ff &lt;0f&gt; 0b ba 01 00 00 00 e9 68 fe ff ff 49 89 45 a8 49 8d 4d a0 45 31

  [..] RSP: 0000:ffff888104eb7c78 EFLAGS: 00010246
  [..] RAX: 0000000000000000 RBX: 000000000870822c RCX: 0000000000000000
            ^^^^^^^^^^^^^^^^
  [..]
  [..] Call Trace:
  [..]
  [..] ---[ end trace 0000000000000000 ]---
  [..]     ok 12 test_range2_rand16
  [..] # landlock_id: pass:12 fail:0 skip:0 total:12
  [..] # Totals: pass:12 fail:0 skip:0 total:12
  [..] ok 1 landlock_id

Fixes: d9d2a68ed44b ("landlock: Add unique ID generator")
Signed-off-by: Tingmao Wang &lt;m@maowtm.org&gt;
Link: https://lore.kernel.org/r/73e28efc5b8cc394608b99d5bc2596ca917d7c4a.1750003733.git.m@maowtm.org
[mic: Minor cosmetic improvements]
Signed-off-by: Mickaël Salaün &lt;mic@digikod.net&gt;
</content>
</entry>
<entry>
<title>landlock: opened file never has a negative dentry</title>
<updated>2025-06-17T22:03:57Z</updated>
<author>
<name>Al Viro</name>
<email>viro@zeniv.linux.org.uk</email>
</author>
<published>2025-05-28T02:39:51Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=d1832e648d2be564e4b5e357f94d0f33156590dc'/>
<id>urn:sha1:d1832e648d2be564e4b5e357f94d0f33156590dc</id>
<content type='text'>
Reviewed-by: Christian Brauner &lt;brauner@kernel.org&gt;
Acked-by: Mickaël Salaün &lt;mic@digikod.net&gt;
Signed-off-by: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
</content>
</entry>
<entry>
<title>landlock: Improve bit operations in audit code</title>
<updated>2025-05-12T09:38:53Z</updated>
<author>
<name>Mickaël Salaün</name>
<email>mic@digikod.net</email>
</author>
<published>2025-05-12T09:37:30Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=3039ed432745f8fdf5cbb43fdc60b2e1aad624c1'/>
<id>urn:sha1:3039ed432745f8fdf5cbb43fdc60b2e1aad624c1</id>
<content type='text'>
Use the BIT() and BIT_ULL() macros in the new audit code instead of
explicit shifts to improve readability.  Use bitmask instead of modulo
operation to simplify code.

Add test_range1_rand15() and test_range2_rand15() KUnit tests to improve
get_id_range() coverage.

Signed-off-by: Günther Noack &lt;gnoack3000@gmail.com&gt;
Link: https://lore.kernel.org/r/20250512093732.1408485-1-mic@digikod.net
Signed-off-by: Mickaël Salaün &lt;mic@digikod.net&gt;
</content>
</entry>
<entry>
<title>landlock: Remove KUnit test that triggers a warning</title>
<updated>2025-05-03T06:55:42Z</updated>
<author>
<name>Mickaël Salaün</name>
<email>mic@digikod.net</email>
</author>
<published>2025-05-03T06:53:58Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=b1525d0a8d3ad98487775232c3a861f3f4d894ea'/>
<id>urn:sha1:b1525d0a8d3ad98487775232c3a861f3f4d894ea</id>
<content type='text'>
A KUnit test checking boundaries triggers a canary warning, which may be
disturbing.  Let's remove this test for now.  Hopefully, KUnit will soon
get support for suppressing warning backtraces [1].

Cc: Alessandro Carminati &lt;acarmina@redhat.com&gt;
Cc: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Cc: Günther Noack &lt;gnoack@google.com&gt;
Reported-by: Tingmao Wang &lt;m@maowtm.org&gt;
Closes: https://lore.kernel.org/r/20250327213807.12964-1-m@maowtm.org
Link: https://lore.kernel.org/r/20250425193249.78b45d2589575c15f483c3d8@linux-foundation.org [1]
Link: https://lore.kernel.org/r/20250503065359.3625407-1-mic@digikod.net
Signed-off-by: Mickaël Salaün &lt;mic@digikod.net&gt;
</content>
</entry>
</feed>
