Linus, Three audit patches for Linux v7.2, the quick summary is below, but I did want to note that you will see a forced push due to a last-minute correction to the git metadata that I noticed while writing up this pull request; there was no change to the code and the tag is signed as usual.
- Fix a recursive deadlock when duplicating executable file rules Avoid multiple lookups and attempted I_MUTEX_PARENT locks when moving watched files by passing the already resolved inodes through the audit code. - Fix removal of executable watch rules after the file is deleted Prior to this fix we were unable to remove an executable file watch where the file had been previously deleted due to a negative dentry check in the code that performs the lookup on the file watches. - Convert our basic "unsigned" type usage to "unsigned int". Paul -- The following changes since commit 254f49634ee16a731174d2ae34bc50bd5f45e731: Linux 7.1-rc1 (2026-04-26 14:19:00 -0700) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git tags/audit-pr-20260615 for you to fetch changes up to 81905b5acbe77284734438df3fbec1158e6429a3: audit: fix recursive locking deadlock in audit_dupe_exe() (2026-05-27 19:15:34 -0400) ---------------------------------------------------------------- audit/stable-7.2 PR 20260615 ---------------------------------------------------------------- Ricardo Robaina (3): audit: use 'unsigned int' instead of 'unsigned' audit: fix removal of dangling executable rules audit: fix recursive locking deadlock in audit_dupe_exe() include/linux/audit.h | 4 ++-- include/linux/audit_arch.h | 12 ++++++------ kernel/audit.c | 2 +- kernel/audit.h | 19 +++++++++++++------ kernel/audit_fsnotify.c | 34 ++++++++++++++++++++++------------ kernel/audit_tree.c | 2 +- kernel/audit_watch.c | 25 +++++++++++++++++-------- kernel/auditfilter.c | 17 +++++++++-------- kernel/auditsc.c | 2 +- lib/compat_audit.c | 12 ++++++------ 10 files changed, 78 insertions(+), 51 deletions(-) -- paul-moore.com
