mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-22 07:53:11 -05:00
f96a974170
-----BEGIN PGP SIGNATURE----- iQJIBAABCAAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAmeQFBoUHHBhdWxAcGF1 bC1tb29yZS5jb20ACgkQ6iDy2pc3iXPvcA//XCdwMz0bGtWKv58nuyP8vkQx08n6 //olz/O8te3uWK5O3kRiarzFLwH8qsHQ6A7GYalwwix34hatR4ndJE0Y/guVRWa1 +aBmJxJ7Jm/q3fvpAEfqiSgreuE6kBoztlDOWEq+hUQGu4qfnQGm2EnvbvfFrAmN VheOfIQSU2KCL/Scc3FGnF6uru4WrqN0JJ9RbvrEpfdQgmcyTGLnQsZLljutWSIq kDWkteIr7cj3O9J45zpxZsTftvYSgVn/y1iKeXbHI4DBA1eheK12vsHB9AADKI1J GwHxOrnLpZtv+ICUKqcfFTmWTl+NmfJJurAT5KXKdBjL3xM5MoJlBvK1A5qE9CMo LaHVG/TZR2MmBaoM3EN+gvWhDgWlvT02Q/0cYaafTlVLMez3HtfctxN6OnCvTXTB Y8dqYClhhlBm/mHQwYfMoeKw4MftUpzEqBd1Nj7Qe8dbP0f/62Ca3K2B3D6Rf8QV pj3ryMlSWYV9mdTerruLNQexTGoN7l66jPwzdWpTbFeL3WmNtfCako8OZGbXgPIu Iahm3P+jnSVx8ZQro2c9zwdKXI5xiI335pCBbDZ8aX+JAsfj0OofHsFx5Q5diber M7tAEhxDqRisbpz7Ei+/LOAEGg2Z619XKg8ks4z6Y4P5PF7zEgeWTkZJk2iLbxXe 6LLOjmF7LLw+G4M= =fgyr -----END PGP SIGNATURE----- Merge tag 'lsm-pr-20250121' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm Pull lsm updates from Paul Moore: - Improved handling of LSM "secctx" strings through lsm_context struct The LSM secctx string interface is from an older time when only one LSM was supported, migrate over to the lsm_context struct to better support the different LSMs we now have and make it easier to support new LSMs in the future. These changes explain the Rust, VFS, and networking changes in the diffstat. - Only build lsm_audit.c if CONFIG_SECURITY and CONFIG_AUDIT are enabled Small tweak to be a bit smarter about when we build the LSM's common audit helpers. - Check for absurdly large policies from userspace in SafeSetID SafeSetID policies rules are fairly small, basically just "UID:UID", it easy to impose a limit of KMALLOC_MAX_SIZE on policy writes which helps quiet a number of syzbot related issues. While work is being done to address the syzbot issues through other mechanisms, this is a trivial and relatively safe fix that we can do now. - Various minor improvements and cleanups A collection of improvements to the kernel selftests, constification of some function parameters, removing redundant assignments, and local variable renames to improve readability. * tag 'lsm-pr-20250121' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm: lockdown: initialize local array before use to quiet static analysis safesetid: check size of policy writes net: corrections for security_secid_to_secctx returns lsm: rename variable to avoid shadowing lsm: constify function parameters security: remove redundant assignment to return variable lsm: Only build lsm_audit.c if CONFIG_SECURITY and CONFIG_AUDIT are set selftests: refactor the lsm `flags_overset_lsm_set_self_attr` test binder: initialize lsm_context structure rust: replace lsm context+len with lsm_context lsm: secctx provider check on release lsm: lsm_context in security_dentry_init_security lsm: use lsm_context in security_inode_getsecctx lsm: replace context+len with lsm_context lsm: ensure the correct LSM context releaser |
||
|---|---|---|
| .. | ||
| 9p | ||
| bluetooth | ||
| caif | ||
| iucv | ||
| libeth | ||
| mana | ||
| netfilter | ||
| netns | ||
| nfc | ||
| page_pool | ||
| phonet | ||
| sctp | ||
| tc_act | ||
| 6lowpan.h | ||
| act_api.h | ||
| addrconf.h | ||
| af_ieee802154.h | ||
| af_rxrpc.h | ||
| af_unix.h | ||
| af_vsock.h | ||
| ah.h | ||
| amt.h | ||
| arp.h | ||
| atmclip.h | ||
| ax25.h | ||
| ax88796.h | ||
| bareudp.h | ||
| bond_3ad.h | ||
| bond_alb.h | ||
| bond_options.h | ||
| bonding.h | ||
| bpf_sk_storage.h | ||
| busy_poll.h | ||
| calipso.h | ||
| cfg80211-wext.h | ||
| cfg80211.h | ||
| cfg802154.h | ||
| checksum.h | ||
| cipso_ipv4.h | ||
| cls_cgroup.h | ||
| codel.h | ||
| codel_impl.h | ||
| codel_qdisc.h | ||
| compat.h | ||
| datalink.h | ||
| dcbevent.h | ||
| dcbnl.h | ||
| devlink.h | ||
| dropreason-core.h | ||
| dropreason.h | ||
| dsa.h | ||
| dsa_stubs.h | ||
| dscp.h | ||
| dsfield.h | ||
| dst.h | ||
| dst_cache.h | ||
| dst_metadata.h | ||
| dst_ops.h | ||
| eee.h | ||
| erspan.h | ||
| esp.h | ||
| espintcp.h | ||
| ethoc.h | ||
| failover.h | ||
| fib_notifier.h | ||
| fib_rules.h | ||
| firewire.h | ||
| flow.h | ||
| flow_dissector.h | ||
| flow_offload.h | ||
| fou.h | ||
| fq.h | ||
| fq_impl.h | ||
| garp.h | ||
| gen_stats.h | ||
| genetlink.h | ||
| geneve.h | ||
| gre.h | ||
| gro.h | ||
| gro_cells.h | ||
| gso.h | ||
| gtp.h | ||
| gue.h | ||
| handshake.h | ||
| hotdata.h | ||
| hwbm.h | ||
| icmp.h | ||
| ieee8021q.h | ||
| ieee80211_radiotap.h | ||
| ieee802154_netdev.h | ||
| if_inet6.h | ||
| ife.h | ||
| inet6_connection_sock.h | ||
| inet6_hashtables.h | ||
| inet_common.h | ||
| inet_connection_sock.h | ||
| inet_dscp.h | ||
| inet_ecn.h | ||
| inet_frag.h | ||
| inet_hashtables.h | ||
| inet_sock.h | ||
| inet_timewait_sock.h | ||
| inetpeer.h | ||
| ioam6.h | ||
| ip.h | ||
| ip6_checksum.h | ||
| ip6_fib.h | ||
| ip6_route.h | ||
| ip6_tunnel.h | ||
| ip_fib.h | ||
| ip_tunnels.h | ||
| ip_vs.h | ||
| ipcomp.h | ||
| ipconfig.h | ||
| ipv6.h | ||
| ipv6_frag.h | ||
| ipv6_stubs.h | ||
| iw_handler.h | ||
| kcm.h | ||
| l3mdev.h | ||
| lag.h | ||
| lapb.h | ||
| llc.h | ||
| llc_c_ac.h | ||
| llc_c_ev.h | ||
| llc_c_st.h | ||
| llc_conn.h | ||
| llc_if.h | ||
| llc_pdu.h | ||
| llc_s_ac.h | ||
| llc_s_ev.h | ||
| llc_s_st.h | ||
| llc_sap.h | ||
| lwtunnel.h | ||
| mac80211.h | ||
| mac802154.h | ||
| macsec.h | ||
| mctp.h | ||
| mctpdevice.h | ||
| mip6.h | ||
| mld.h | ||
| mpls.h | ||
| mpls_iptunnel.h | ||
| mptcp.h | ||
| mrp.h | ||
| ncsi.h | ||
| ndisc.h | ||
| neighbour.h | ||
| neighbour_tables.h | ||
| net_debug.h | ||
| net_failover.h | ||
| net_namespace.h | ||
| net_ratelimit.h | ||
| net_shaper.h | ||
| net_trackers.h | ||
| netdev_queues.h | ||
| netdev_rx_queue.h | ||
| netevent.h | ||
| netkit.h | ||
| netlabel.h | ||
| netlink.h | ||
| netmem.h | ||
| netprio_cgroup.h | ||
| netrom.h | ||
| nexthop.h | ||
| nl802154.h | ||
| nsh.h | ||
| p8022.h | ||
| pfcp.h | ||
| pie.h | ||
| ping.h | ||
| pkt_cls.h | ||
| pkt_sched.h | ||
| pptp.h | ||
| proto_memory.h | ||
| protocol.h | ||
| psample.h | ||
| psnap.h | ||
| raw.h | ||
| rawv6.h | ||
| red.h | ||
| regulatory.h | ||
| request_sock.h | ||
| rose.h | ||
| route.h | ||
| rpl.h | ||
| rps.h | ||
| rsi_91x.h | ||
| rstreason.h | ||
| rtnetlink.h | ||
| rtnh.h | ||
| sch_generic.h | ||
| scm.h | ||
| secure_seq.h | ||
| seg6.h | ||
| seg6_hmac.h | ||
| seg6_local.h | ||
| selftests.h | ||
| slhc_vj.h | ||
| smc.h | ||
| snmp.h | ||
| sock.h | ||
| sock_reuseport.h | ||
| Space.h | ||
| stp.h | ||
| strparser.h | ||
| switchdev.h | ||
| tc_wrapper.h | ||
| tcp.h | ||
| tcp_ao.h | ||
| tcp_states.h | ||
| tcx.h | ||
| timewait_sock.h | ||
| tipc.h | ||
| tls.h | ||
| tls_prot.h | ||
| tls_toe.h | ||
| transp_v6.h | ||
| tso.h | ||
| tun_proto.h | ||
| udp.h | ||
| udp_tunnel.h | ||
| udplite.h | ||
| vsock_addr.h | ||
| vxlan.h | ||
| wext.h | ||
| x25.h | ||
| x25device.h | ||
| xdp.h | ||
| xdp_priv.h | ||
| xdp_sock.h | ||
| xdp_sock_drv.h | ||
| xfrm.h | ||
| xsk_buff_pool.h | ||