Merge tag 'blob-stacking-security-next' of https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux into next-general

LSM: Module stacking for SARA and Landlock

The combined series of LSM refacto

Merge tag 'blob-stacking-security-next' of https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux into next-general

LSM: Module stacking for SARA and Landlock

The combined series of LSM refactoring and addition of blob-sharing for
SARA and Landlock.

From Casey:

v5: Include Kees Cook's rework of the lsm command
line interface.
v4: Finer granularity in the patches and other
cleanups suggested by Kees Cook.
Removed dead code created by the removal of SELinux
credential blob poisoning.
v3: Add ipc blob for SARA and task blob for Landlock.
Removing the SELinux cred blob pointer poisoning
results selinux_is_enabled() being unused, so it and
all it's overhead has been removed.
Broke up the cred infrastructure patch.
v2: Reduce the patchset to what is required to support
the proposed SARA and LandLock security modules

The SARA security module is intended to be used
in conjunction with other security modules. It requires
state to be maintained for the credential, which
in turn requires a mechanism for sharing the credential
security blob. It also uses the ipc security blob. The
module also requires mechanism for user space manipulation
of the credential information, hence an additional
subdirectory in /proc/.../attr.

The LandLock security module provides user configurable
policy in the secmark mechanism. It requires data in
the credential, file, inode and task security blobs. For
this to be used along side the existing "major" security
modules mechanism for sharing these blobs are provided.

A side effect of providing sharing of the crendential
security blob is that the TOMOYO module can be used at
the same time as the other "major" modules.

The mechanism for configuring which security modules are
enabled has to change when stacking in enabled. Any
module that uses just the security blobs that are shared
can be selected. Additionally, one other "major" module
can be selected.

The security module stacking issues around networking and
IPC are not addressed here as they are beyond what is
required for TOMOYO, SARA and LandLock.

show more ...

apparmor: Remove SECURITY_APPARMOR_BOOTPARAM_VALUE

In preparation for removing CONFIG_DEFAULT_SECURITY, this removes the
soon-to-be redundant SECURITY_APPARMOR_BOOTPARAM_VALUE. Since explicit
orderi

apparmor: Remove SECURITY_APPARMOR_BOOTPARAM_VALUE

In preparation for removing CONFIG_DEFAULT_SECURITY, this removes the
soon-to-be redundant SECURITY_APPARMOR_BOOTPARAM_VALUE. Since explicit
ordering via CONFIG_LSM or "lsm=" will define whether an LSM is enabled or
not, this CONFIG will become effectively ignored, so remove it. However,
in order to stay backward-compatible with "security=apparmor", the enable
variable defaults to true.

Signed-off-by: Kees Cook <keescook@chromium.org>

show more ...

Merge branch 'next' into for-linus

Prepare input updates for 4.12 merge window.

Merge branches 'for-4.11/upstream-fixes', 'for-4.12/accutouch', 'for-4.12/cp2112', 'for-4.12/hid-core-null-state-handling', 'for-4.12/hiddev', 'for-4.12/i2c-hid', 'for-4.12/innomedia', 'for-4.12/logi

Merge branches 'for-4.11/upstream-fixes', 'for-4.12/accutouch', 'for-4.12/cp2112', 'for-4.12/hid-core-null-state-handling', 'for-4.12/hiddev', 'for-4.12/i2c-hid', 'for-4.12/innomedia', 'for-4.12/logitech-hidpp-battery-power-supply', 'for-4.12/multitouch', 'for-4.12/nti', 'for-4.12/upstream' and 'for-4.12/wacom' into for-linus

show more ...

Merge tag 'v4.11-rc1' into regulator-arizona

Linux 4.11-rc1

Merge branch 'fix/rcar' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into asoc-rcar

Merge tag 'v4.11-rc5' into next

Sync up with mainline to bring in changes to input subsystem merged
through other trees.

Merge tag 'doc-4.11-images' of git://git.lwn.net/linux into drm-misc-next

Pointer for Markus's image conversion work.

We need this so we can merge all the pretty drm graphs for 4.12.

Signed-off-by

Merge tag 'doc-4.11-images' of git://git.lwn.net/linux into drm-misc-next

Pointer for Markus's image conversion work.

We need this so we can merge all the pretty drm graphs for 4.12.

Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>

show more ...

Merge remote-tracking branch 'airlied/drm-next' into drm-intel-next-queued

Backmerge drm-next to get at all the good stuff in drm-misc. We need
that because:

- drm_connector_list_iter conversion fo

Merge remote-tracking branch 'airlied/drm-next' into drm-intel-next-queued

Backmerge drm-next to get at all the good stuff in drm-misc. We need
that because:

- drm_connector_list_iter conversion for i915 needs the core patches.
- Maarten's patches to use the new atomic state iterators also need
the core patches.
- We need the new link status property to complete the DP retraining
work, merging through 2 branches wasn't a good idea and we had to
partially backtrack.
- Chris needs reservation_object_trylock and we want to roll out
kref_read everywhere.

Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>

show more ...

Merge tag 'v4.11-rc1' into docs-next

Linux 4.11-rc1

Merge tag 'v4.11-rc1' into omap-for-v4.11/fixes

Linux 4.11-rc1

Merge tag 'v4.11-rc1' into patchwork

Linux 4.11-rc1

* tag 'v4.11-rc1': (10730 commits)
Linux 4.11-rc1
strparser: destroy workqueue on module exit
Documentation/sphinx: fix primary_domain conf

Merge tag 'v4.11-rc1' into patchwork

Linux 4.11-rc1

* tag 'v4.11-rc1': (10730 commits)
Linux 4.11-rc1
strparser: destroy workqueue on module exit
Documentation/sphinx: fix primary_domain configuration
docs: Fix htmldocs build failure
doc/ko_KR/memory-barriers: Update control-dependencies section
pcieaer doc: update the link
Documentation: Update path to sysrq.txt
sfc: fix IPID endianness in TSOv2
sfc: avoid max() in array size
rds: remove unnecessary returned value check
rxrpc: Fix potential NULL-pointer exception
nfp: correct DMA direction in XDP DMA sync
nfp: don't tell FW about the reserved buffer space
net: ethernet: bgmac: mac address change bug
net: ethernet: bgmac: init sequence bug
xen-netback: don't vfree() queues under spinlock
xen-netback: keep a local pointer for vif in backend_disconnect()
netfilter: nf_tables: don't call nfnetlink_set_err() if nfnetlink_send() fails
netfilter: nft_set_rbtree: incorrect assumption on lower interval lookups
netfilter: nf_conntrack_sip: fix wrong memory initialisation
...

show more ...

Merge branch 'linus' into WIP.x86/boot, to fix up conflicts and to pick up updates

Conflicts:
arch/x86/xen/setup.c

Signed-off-by: Ingo Molnar <mingo@kernel.org>

Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security layer updates from James Morris:
"Highlights:

- major AppArmor update: policy namespace

Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security layer updates from James Morris:
"Highlights:

- major AppArmor update: policy namespaces & lots of fixes

- add /sys/kernel/security/lsm node for easy detection of loaded LSMs

- SELinux cgroupfs labeling support

- SELinux context mounts on tmpfs, ramfs, devpts within user
namespaces

- improved TPM 2.0 support"

* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (117 commits)
tpm: declare tpm2_get_pcr_allocation() as static
tpm: Fix expected number of response bytes of TPM1.2 PCR Extend
tpm xen: drop unneeded chip variable
tpm: fix misspelled "facilitate" in module parameter description
tpm_tis: fix the error handling of init_tis()
KEYS: Use memzero_explicit() for secret data
KEYS: Fix an error code in request_master_key()
sign-file: fix build error in sign-file.c with libressl
selinux: allow changing labels for cgroupfs
selinux: fix off-by-one in setprocattr
tpm: silence an array overflow warning
tpm: fix the type of owned field in cap_t
tpm: add securityfs support for TPM 2.0 firmware event log
tpm: enhance read_log_of() to support Physical TPM event log
tpm: enhance TPM 2.0 PCR extend to support multiple banks
tpm: implement TPM 2.0 capability to get active PCR banks
tpm: fix RC value check in tpm2_seal_trusted
tpm_tis: fix iTPM probe via probe_itpm() function
tpm: Begin the process to deprecate user_read_timer
tpm: remove tpm_read_index and tpm_write_index from tpm.h
...

show more ...

apparmor: add debug assert AA_BUG and Kconfig to control debug info

Signed-off-by: John Johansen <john.johansen@canonical.com>

Merge branch 'next' into for-linus

Prepare input updates for 4.10 merge window.

Merge tag 'v4.9-rc3' into xtensa-for-next

Linux 4.9-rc3

Merge branch 'topic/error' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator into regulator-fixed

Merge branch 'drm-tda998x-mali' into drm-tda998x-devel

Merge tag 'v4.8' into next

Sync up with mainline to bring in I2C host notify changes and other
updates.

Merge tag 'irqchip-4.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/maz/arm-platforms into irq/core

Merge the first drop of irqchip updates for 4.9 from Marc Zyngier:

- ACPI IORT core code
-

Merge tag 'irqchip-4.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/maz/arm-platforms into irq/core

Merge the first drop of irqchip updates for 4.9 from Marc Zyngier:

- ACPI IORT core code
- IORT support for the GICv3 ITS
- A few of GIC cleanups

show more ...

Merge remote-tracking branch 'airlied/drm-next' into drm-intel-next-queued

Backmerge because too many conflicts, and also we need to get at the
latest struct fence patches from Gustavo. Requested by

Merge remote-tracking branch 'airlied/drm-next' into drm-intel-next-queued

Backmerge because too many conflicts, and also we need to get at the
latest struct fence patches from Gustavo. Requested by Chris Wilson.

Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>

show more ...

Merge branch 'linus' into locking/urgent, to pick up fixes

Signed-off-by: Ingo Molnar <mingo@kernel.org>

Merge tag 'v4.8-rc1' into patchwork

Linux 4.8-rc1

* tag 'v4.8-rc1': (6093 commits)
Linux 4.8-rc1
block: rename bio bi_rw to bi_opf
target: iblock_execute_sync_cache() should use bio_set_op_at

Merge tag 'v4.8-rc1' into patchwork

Linux 4.8-rc1

* tag 'v4.8-rc1': (6093 commits)
Linux 4.8-rc1
block: rename bio bi_rw to bi_opf
target: iblock_execute_sync_cache() should use bio_set_op_attrs()
mm: make __swap_writepage() use bio_set_op_attrs()
block/mm: make bdev_ops->rw_page() take a bool for read/write
fs: return EPERM on immutable inode
ramoops: use persistent_ram_free() instead of kfree() for freeing prz
ramoops: use DT reserved-memory bindings
NTB: ntb_hw_intel: use local variable pdev
NTB: ntb_hw_intel: show BAR size in debugfs info
ntb_test: Add a selftest script for the NTB subsystem
ntb_perf: clear link_is_up flag when the link goes down.
ntb_pingpong: Add a debugfs file to get the ping count
ntb_tool: Add link status and files to debugfs
ntb_tool: Postpone memory window initialization for the user
ntb_perf: Wait for link before running test
ntb_perf: Return results by reading the run file
ntb_perf: Improve thread handling to increase robustness
ntb_perf: Schedule based on time not on performance
ntb_transport: Check the number of spads the hardware supports
...

show more ...

Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem updates from James Morris:
"Highlights:

- TPM core and driver updates/fixes

Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem updates from James Morris:
"Highlights:

- TPM core and driver updates/fixes
- IPv6 security labeling (CALIPSO)
- Lots of Apparmor fixes
- Seccomp: remove 2-phase API, close hole where ptrace can change
syscall #"

* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (156 commits)
apparmor: fix SECURITY_APPARMOR_HASH_DEFAULT parameter handling
tpm: Add TPM 2.0 support to the Nuvoton i2c driver (NPCT6xx family)
tpm: Factor out common startup code
tpm: use devm_add_action_or_reset
tpm2_i2c_nuvoton: add irq validity check
tpm: read burstcount from TPM_STS in one 32-bit transaction
tpm: fix byte-order for the value read by tpm2_get_tpm_pt
tpm_tis_core: convert max timeouts from msec to jiffies
apparmor: fix arg_size computation for when setprocattr is null terminated
apparmor: fix oops, validate buffer size in apparmor_setprocattr()
apparmor: do not expose kernel stack
apparmor: fix module parameters can be changed after policy is locked
apparmor: fix oops in profile_unpack() when policy_db is not present
apparmor: don't check for vmalloc_addr if kvzalloc() failed
apparmor: add missing id bounds check on dfa verification
apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task
apparmor: use list_next_entry instead of list_entry_next
apparmor: fix refcount race when finding a child profile
apparmor: fix ref count leak when profile sha1 hash is read
apparmor: check that xindex is in trans_table bounds
...

show more ...