|
Revision tags: v6.12-rc2, v6.12-rc1 |
|
| #
52c996d3 |
| 27-Sep-2024 |
Arnaldo Carvalho de Melo <acme@redhat.com> |
Merge remote-tracking branch 'torvalds/master' into perf-tools
To pick up changes in other trees that may affect perf, such as libbpf
and in general the header files that perf has copies of, so that
Merge remote-tracking branch 'torvalds/master' into perf-tools
To pick up changes in other trees that may affect perf, such as libbpf
and in general the header files that perf has copies of, so that we can
do the sync with the kernel sources.
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
show more ...
|
| #
c8d430db |
| 06-Oct-2024 |
Paolo Bonzini <pbonzini@redhat.com> |
Merge tag 'kvmarm-fixes-6.12-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD
KVM/arm64 fixes for 6.12, take #1
- Fix pKVM error path on init, making sure we do not chang
Merge tag 'kvmarm-fixes-6.12-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD
KVM/arm64 fixes for 6.12, take #1
- Fix pKVM error path on init, making sure we do not change critical
system registers as we're about to fail
- Make sure that the host's vector length is at capped by a value
common to all CPUs
- Fix kvm_has_feat*() handling of "negative" features, as the current
code is pretty broken
- Promote Joey to the status of official reviewer, while James steps
down -- hopefully only temporarly
show more ...
|
| #
0c436dfe |
| 02-Oct-2024 |
Takashi Iwai <tiwai@suse.de> |
Merge tag 'asoc-fix-v6.12-rc1' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: Fixes for v6.12
A bunch of fixes here that came in during the merge window and t
Merge tag 'asoc-fix-v6.12-rc1' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: Fixes for v6.12
A bunch of fixes here that came in during the merge window and the first
week of release, plus some new quirks and device IDs. There's nothing
major here, it's a bit bigger than it might've been due to there being
no fixes sent during the merge window due to your vacation.
show more ...
|
| #
2cd86f02 |
| 01-Oct-2024 |
Maarten Lankhorst <maarten.lankhorst@linux.intel.com> |
Merge remote-tracking branch 'drm/drm-fixes' into drm-misc-fixes
Required for a panthor fix that broke when
FOP_UNSIGNED_OFFSET was added in place of FMODE_UNSIGNED_OFFSET.
Signed-off-by: Maarten L
Merge remote-tracking branch 'drm/drm-fixes' into drm-misc-fixes
Required for a panthor fix that broke when
FOP_UNSIGNED_OFFSET was added in place of FMODE_UNSIGNED_OFFSET.
Signed-off-by: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
show more ...
|
| #
3a39d672 |
| 27-Sep-2024 |
Paolo Abeni <pabeni@redhat.com> |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Cross-merge networking fixes after downstream PR.
No conflicts and no adjacent changes.
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
|
| #
e1b061b4 |
| 24-Sep-2024 |
Linus Torvalds <torvalds@linux-foundation.org> |
Merge tag 'landlock-6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux
Pull landlock updates from Mickaël Salaün:
"We can now scope a Landlock domain thanks to a new "scoped" fiel
Merge tag 'landlock-6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux
Pull landlock updates from Mickaël Salaün:
"We can now scope a Landlock domain thanks to a new "scoped" field that
can deny interactions with resources outside of this domain.
The LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET flag denies connections to an
abstract UNIX socket created outside of the current scoped domain, and
the LANDLOCK_SCOPE_SIGNAL flag denies sending a signal to processes
outside of the current scoped domain.
These restrictions also apply to nested domains according to their
scope. The related changes will also be useful to support other kind
of IPC isolations"
* tag 'landlock-6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux:
landlock: Document LANDLOCK_SCOPE_SIGNAL
samples/landlock: Add support for signal scoping
selftests/landlock: Test signal created by out-of-bound message
selftests/landlock: Test signal scoping for threads
selftests/landlock: Test signal scoping
landlock: Add signal scoping
landlock: Document LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET
samples/landlock: Add support for abstract UNIX socket scoping
selftests/landlock: Test inherited restriction of abstract UNIX socket
selftests/landlock: Test connected and unconnected datagram UNIX socket
selftests/landlock: Test UNIX sockets with any address formats
selftests/landlock: Test abstract UNIX socket scoping
selftests/landlock: Test handling of unknown scope
landlock: Add abstract UNIX socket scoping
show more ...
|
|
Revision tags: v6.11, v6.11-rc7 |
|
| #
644a7285 |
| 05-Sep-2024 |
Tahera Fahimi <fahimitahera@gmail.com> |
selftests/landlock: Test inherited restriction of abstract UNIX socket
A socket can be shared between multiple processes, so it can connect and
send data to them. Provide a test scenario where a san
selftests/landlock: Test inherited restriction of abstract UNIX socket
A socket can be shared between multiple processes, so it can connect and
send data to them. Provide a test scenario where a sandboxed process
inherits a socket's file descriptor. The process cannot connect or send
data to the inherited socket since the process is scoped.
Test coverage for security/landlock is 92.0% of 1013 lines according to
gcc/gcov-14.
Signed-off-by: Tahera Fahimi <fahimitahera@gmail.com>
Link: https://lore.kernel.org/r/1428574deec13603b6ab2f2ed68ecbfa3b63bcb3.1725494372.git.fahimitahera@gmail.com
[mic: Remove negative ASSERT, fix potential race condition because of
closed connections, remove useless buffer, add test coverage]
Signed-off-by: Mickaël Salaün <mic@digikod.net>
show more ...
|
| #
d1cc0ef8 |
| 05-Sep-2024 |
Tahera Fahimi <fahimitahera@gmail.com> |
selftests/landlock: Test connected and unconnected datagram UNIX socket
Check the specific case where a scoped datagram socket is connected and
send(2) works, whereas sendto(2) is denied if the data
selftests/landlock: Test connected and unconnected datagram UNIX socket
Check the specific case where a scoped datagram socket is connected and
send(2) works, whereas sendto(2) is denied if the datagram socket is not
connected.
Signed-off-by: Tahera Fahimi <fahimitahera@gmail.com>
Link: https://lore.kernel.org/r/c28c9cd8feef67dd25e115c401a2389a75f9983b.1725494372.git.fahimitahera@gmail.com
[mic: Use more EXPECT and avoid negative ASSERT, use variables dedicated
per process, remove useless buffer]
Signed-off-by: Mickaël Salaün <mic@digikod.net>
show more ...
|
| #
4f9a5b50 |
| 05-Sep-2024 |
Tahera Fahimi <fahimitahera@gmail.com> |
selftests/landlock: Test UNIX sockets with any address formats
Expand abstract UNIX socket restriction tests by examining different
scenarios for UNIX sockets with pathname or unnamed address format
selftests/landlock: Test UNIX sockets with any address formats
Expand abstract UNIX socket restriction tests by examining different
scenarios for UNIX sockets with pathname or unnamed address formats
connection with scoped domain.
The various_address_sockets tests ensure that UNIX sockets bound to a
filesystem pathname and unnamed sockets created by socketpair can still
connect to a socket outside of their scoped domain, meaning that even if
the domain is scoped with LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET, the
socket can connect to a socket outside the scoped domain.
Signed-off-by: Tahera Fahimi <fahimitahera@gmail.com>
Link: https://lore.kernel.org/r/a9e8016aaa5846252623b158c8f1ce0d666944f4.1725494372.git.fahimitahera@gmail.com
[mic: Remove useless clang-format tags, fix unlink/rmdir calls, drop
capabilities, rename variables, remove useless mknod/unlink calls, clean
up fixture, test write/read on sockets, test sendto() on datagram
sockets, close sockets as soon as possible]
Co-developed-by: Mickaël Salaün <mic@digikod.net>
Signed-off-by: Mickaël Salaün <mic@digikod.net>
show more ...
|
| #
fefcf0f7 |
| 05-Sep-2024 |
Tahera Fahimi <fahimitahera@gmail.com> |
selftests/landlock: Test abstract UNIX socket scoping
Add three tests that examine different scenarios for abstract UNIX
socket:
1) scoped_domains: Base tests of the abstract socket scoping mechani
selftests/landlock: Test abstract UNIX socket scoping
Add three tests that examine different scenarios for abstract UNIX
socket:
1) scoped_domains: Base tests of the abstract socket scoping mechanism
for a landlocked process, same as the ptrace test.
2) scoped_vs_unscoped: Generates three processes with different domains
and tests if a process with a non-scoped domain can connect to other
processes.
3) outside_socket: Since the socket's creator credentials are used
for scoping sockets, this test examines the cases where the socket's
credentials are different from the process using it.
Move protocol_variant, service_fixture, and sys_gettid() from net_test.c
to common.h, and factor out code into a new set_unix_address() helper.
Signed-off-by: Tahera Fahimi <fahimitahera@gmail.com>
Link: https://lore.kernel.org/r/9321c3d3bcd9212ceb4b50693e29349f8d625e16.1725494372.git.fahimitahera@gmail.com
[mic: Fix commit message, remove useless clang-format tags, move
drop_caps() calls, move and rename variables, rename variants, use more
EXPECT, improve comments, simplify the outside_socket test]
Signed-off-by: Mickaël Salaün <mic@digikod.net>
show more ...
|