All of lore.kernel.org
 help / color / mirror / Atom feed
From: GUO Zihua <guozihua@huawei.com>
To: <zohar@linux.ibm.com>, <paul@paul-moore.com>
Cc: <linux-security-module@vger.kernel.org>,
	<linux-rdma@vger.kernel.org>, <dledford@redhat.com>,
	<jgg@ziepe.ca>
Subject: [PATCH 4.19 v3 0/6] Backport handling -ESTALE policy update failure to 4.19
Date: Tue, 28 Feb 2023 16:06:24 +0800	[thread overview]
Message-ID: <20230228080630.52370-1-guozihua@huawei.com> (raw)

This series backports patches in order to resolve the issue discussed here:
https://lore.kernel.org/selinux/389334fe-6e12-96b2-6ce9-9f0e8fcb85bf@huawei.com/

This required backporting the non-blocking LSM policy update mechanism
prerequisite patches. As well as bugfixes that follows:

c66f67414c1f ("IB/core: Don't register each MAD agent for LSM notifier")
42df744c4166 ("LSM: switch to blocking policy update notifiers")
b16942455193 ("ima: use the lsm policy update notifier")
483ec26eed42 ("ima: ima/lsm policy rule loading logic bug fixes")
e144d6b26541 ("ima: Evaluate error in init_ima()")
c7423dbdbc9e ("ima: Handle -ESTALE returned by ima_filter_rule_match()")

c66f67414c1f ("IB/core: Don't register each MAD agent for LSM notifier")
is merged as the prerequisite of 42df744c4166 ("LSM: switch to blocking
policy update notifiers"). e144d6b26541 ("ima: Evaluate error in
init_ima()"), 483ec26eed42 ("ima: ima/lsm policy rule loading logic bug
fixes") and 9ff8a616dfab ("ima: Have the LSM free its audit rule") are
merged as a follow up bugfix for b16942455193 ("ima: use the lsm policy
update notifier").

I've tested the patches against said issue and can confirm that the
issue is fixed.

Link to the original maillist discussion:
https://lore.kernel.org/all/389334fe-6e12-96b2-6ce9-9f0e8fcb85bf@huawei.com/

Change log:
  v2: Fixed build issue and backport bugfix commits for backported
patches.

Daniel Jurgens (1):
  IB/core: Don't register each MAD agent for LSM notifier

GUO Zihua (1):
  ima: Handle -ESTALE returned by ima_filter_rule_match()

Janne Karhunen (3):
  LSM: switch to blocking policy update notifiers
  ima: use the lsm policy update notifier
  ima: ima/lsm policy rule loading logic bug fixes

Roberto Sassu (1):
  ima: Evaluate error in init_ima()

 drivers/infiniband/core/core_priv.h |   5 +
 drivers/infiniband/core/device.c    |   5 +-
 drivers/infiniband/core/security.c  |  51 +++++----
 include/linux/security.h            |  12 +-
 include/rdma/ib_mad.h               |   3 +-
 security/integrity/ima/ima.h        |   2 +
 security/integrity/ima/ima_main.c   |  11 ++
 security/integrity/ima/ima_policy.c | 172 ++++++++++++++++++++++------
 security/security.c                 |  23 ++--
 security/selinux/hooks.c            |   2 +-
 security/selinux/selinuxfs.c        |   2 +-
 11 files changed, 208 insertions(+), 80 deletions(-)

-- 
2.17.1


             reply	other threads:[~2023-02-28  8:09 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-28  8:06 GUO Zihua [this message]
2023-02-28  8:06 ` [PATCH 4.19 v3 1/6] IB/core: Don't register each MAD agent for LSM notifier GUO Zihua
2023-02-28  8:06 ` [PATCH 4.19 v3 2/6] LSM: switch to blocking policy update notifiers GUO Zihua
2023-02-28  8:06 ` [PATCH 4.19 v3 3/6] ima: use the lsm policy update notifier GUO Zihua
2023-02-28  8:06 ` [PATCH 4.19 v3 4/6] ima: ima/lsm policy rule loading logic bug fixes GUO Zihua
2023-02-28  8:06 ` [PATCH 4.19 v3 5/6] ima: Evaluate error in init_ima() GUO Zihua
2023-02-28  8:06 ` [PATCH 4.19 v3 6/6] ima: Handle -ESTALE returned by ima_filter_rule_match() GUO Zihua
2023-04-17 11:39   ` Guozihua (Scott)
2023-02-28 16:25 ` [PATCH 4.19 v3 0/6] Backport handling -ESTALE policy update failure to 4.19 Paul Moore
2023-02-28 19:45   ` Mimi Zohar
2023-03-01  1:26     ` Guozihua (Scott)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230228080630.52370-1-guozihua@huawei.com \
    --to=guozihua@huawei.com \
    --cc=dledford@redhat.com \
    --cc=jgg@ziepe.ca \
    --cc=linux-rdma@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=paul@paul-moore.com \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.