[GIT PULL] apparmor updates for 5.5

From: John Johansen <john.johansen@canonical.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: LKLM <linux-kernel@vger.kernel.org>,
	"open list:SECURITY SUBSYSTEM" 
	<linux-security-module@vger.kernel.org>
Subject: [GIT PULL] apparmor updates for 5.5
Date: Tue, 3 Dec 2019 12:33:43 -0800	[thread overview]
Message-ID: <ab8e6cbb-c46d-41bd-0a0d-43530ee37386@canonical.com> (raw)

Hi Linus,

Sorry I didn't manage to get these out before last weeks vacation.

Can you please pull the following changes for apparmor

Thanks!

- John

The following changes since commit 582549e3fbe137eb6ce9be591aca25c2222a36b4:

   Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma (2019-04-10 09:39:04 -1000)

are available in the Git repository at:

   git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor tags/apparmor-pr-2019-12-03

for you to fetch changes up to 341c1fda5e17156619fb71acfc7082b2669b4b72:

   apparmor: make it so work buffers can be allocated from atomic context (2019-11-22 16:41:08 -0800)

----------------------------------------------------------------
+ Features
   - increase left match history buffer size to provide inproved conflict
     resolution in overlapping execution rules.
   - switch buffer allocation to use a memory pool and GFP_KERNEL
     where possible.
   - add compression of policy blobs to reduce memory usage.
+ Cleanups
   - fix spelling mistake "immutible" -> "immutable"
+ Bug fixes
   - fix unsigned len comparison in update_for_len macro
   - fix sparse warning for type-casting of current->real_cred

----------------------------------------------------------------
Bharath Vedartham (1):
       apparmor: Force type-casting of current->real_cred

Chris Coulson (1):
       apparmor: Initial implementation of raw policy blob compression

Colin Ian King (2):
       apparmor: fix spelling mistake "immutible" -> "immutable"
       apparmor: fix unsigned len comparison with less than zero

John Johansen (7):
       apparmor: fix blob compression build failure on ppc
       apparmor: fix missing ZLIB defines
       apparmor: fix blob compression when ns is forced on a policy load
       apparmor: increase left match history buffer size
       apparmor: fix wrong buffer allocation in aa_new_mount
       apparmor: reduce rcu_read_lock scope for aa_file_perm mediation
       apparmor: make it so work buffers can be allocated from atomic context

Sebastian Andrzej Siewior (2):
       apparmor: Use a memory pool instead per-CPU caches
       apparmor: Switch to GFP_KERNEL where possible

  security/apparmor/Kconfig                 |   2 +
  security/apparmor/apparmorfs.c            | 130 +++++++++++++++++++-
  security/apparmor/domain.c                |  46 +++----
  security/apparmor/file.c                  |  45 ++++---
  security/apparmor/include/apparmor.h      |   1 +
  security/apparmor/include/file.h          |   2 +-
  security/apparmor/include/match.h         |   3 +-
  security/apparmor/include/path.h          |  50 +-------
  security/apparmor/include/policy_unpack.h |   8 +-
  security/apparmor/label.c                 |  12 +-
  security/apparmor/lsm.c                   | 198 ++++++++++++++++++++++++------
  security/apparmor/match.c                 |   6 +-
  security/apparmor/mount.c                 |  67 +++++++---
  security/apparmor/policy.c                |   5 +-
  security/apparmor/policy_unpack.c         | 116 ++++++++++++++++-
  15 files changed, 526 insertions(+), 165 deletions(-)