Merge branch 'topic/tasklet-convert' into for-linus

Pull tasklet API conversions.

Signed-off-by: Takashi Iwai <tiwai@suse.de>

Merge branch 'master' into for-next

Sync with Linus' branch in order to be able to apply fixups
of more recent patches.

Merge tag 'v5.9-rc2' into regulator-5.9

Linux 5.9-rc2

Merge tag 'v5.9-rc2' into asoc-5.9

Linux 5.9-rc2

Merge tag 'v5.9-rc2' into drm-misc-fixes

Backmerge requested by Tomi for a fix to omap inconsistent
locking state issue, and because we need at least v5.9-rc2 now.

Signed-off-by: Maarten Lankhorst

Merge tag 'v5.9-rc2' into drm-misc-fixes

Backmerge requested by Tomi for a fix to omap inconsistent
locking state issue, and because we need at least v5.9-rc2 now.

Signed-off-by: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>

show more ...

Merge v5.9-rc1 into drm-misc-next

Sam needs 5.9-rc1 to have dev_err_probe in to merge some patches.

Signed-off-by: Maxime Ripard <maxime@cerno.tech>

Merge tag 'for-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem updates from James Morris:
"A couple of minor documentation updates only for thi

Merge tag 'for-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem updates from James Morris:
"A couple of minor documentation updates only for this release"

* tag 'for-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
LSM: drop duplicated words in header file comments
Replace HTTP links with HTTPS ones: security

show more ...

Merge branch 'next' into for-linus

Prepare input updates for 5.9 merge window.

Replace HTTP links with HTTPS ones: security

Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.

Deterministic algorithm:
For

Replace HTTP links with HTTPS ones: security

Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.

Deterministic algorithm:
For each file:
If not .svg:
For each line:
If doesn't contain `\bxmlns\b`:
For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
If both the HTTP and HTTPS versions
return 200 OK and serve the same content:
Replace HTTP with HTTPS.

Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>
Acked-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>

show more ...

Merge tag 'integrity-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity

Pull integrity updates from Mimi Zohar:
"The nicest change is the IMA policy rule checking. The oth

Merge tag 'integrity-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity

Pull integrity updates from Mimi Zohar:
"The nicest change is the IMA policy rule checking. The other changes
include allowing the kexec boot cmdline line measure policy rules to
be defined in terms of the inode associated with the kexec kernel
image, making the IMA_APPRAISE_BOOTPARAM, which governs the IMA
appraise mode (log, fix, enforce), a runtime decision based on the
secure boot mode of the system, and including errno in the audit log"

* tag 'integrity-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
integrity: remove redundant initialization of variable ret
ima: move APPRAISE_BOOTPARAM dependency on ARCH_POLICY to runtime
ima: AppArmor satisfies the audit rule requirements
ima: Rename internal filter rule functions
ima: Support additional conditionals in the KEXEC_CMDLINE hook function
ima: Use the common function to detect LSM conditionals in a rule
ima: Move comprehensive rule validation checks out of the token parser
ima: Use correct type for the args_p member of ima_rule_entry.lsm elements
ima: Shallow copy the args_p member of ima_rule_entry.lsm elements
ima: Fail rule parsing when appraise_flag=blacklist is unsupportable
ima: Fail rule parsing when the KEY_CHECK hook is combined with an invalid cond
ima: Fail rule parsing when the KEXEC_CMDLINE hook is combined with an invalid cond
ima: Fail rule parsing when buffer hook functions have an invalid action
ima: Free the entire rule if it fails to parse
ima: Free the entire rule when deleting a list of rules
ima: Have the LSM free its audit rule
IMA: Add audit log for failure conditions
integrity: Add errno field in audit message

show more ...

Merge branch 'elan-i2c' into next

Bring in update to Elan touchpad driver to support newer touchpads with
higher resolution.

ima: move APPRAISE_BOOTPARAM dependency on ARCH_POLICY to runtime

The IMA_APPRAISE_BOOTPARAM config allows enabling different "ima_appraise="
modes - log, fix, enforce - at run time, but not when IM

ima: move APPRAISE_BOOTPARAM dependency on ARCH_POLICY to runtime

The IMA_APPRAISE_BOOTPARAM config allows enabling different "ima_appraise="
modes - log, fix, enforce - at run time, but not when IMA architecture
specific policies are enabled.  This prevents properly labeling the
filesystem on systems where secure boot is supported, but not enabled on the
platform.  Only when secure boot is actually enabled should these IMA
appraise modes be disabled.

This patch removes the compile time dependency and makes it a runtime
decision, based on the secure boot state of that platform.

Test results as follows:

-> x86-64 with secure boot enabled

[ 0.015637] Kernel command line: <...> ima_policy=appraise_tcb ima_appraise=fix
[ 0.015668] ima: Secure boot enabled: ignoring ima_appraise=fix boot parameter option

-> powerpc with secure boot disabled

[ 0.000000] Kernel command line: <...> ima_policy=appraise_tcb ima_appraise=fix
[ 0.000000] Secure boot mode disabled

-> Running the system without secure boot and with both options set:

CONFIG_IMA_APPRAISE_BOOTPARAM=y
CONFIG_IMA_ARCH_POLICY=y

Audit prompts "missing-hash" but still allow execution and, consequently,
filesystem labeling:

type=INTEGRITY_DATA msg=audit(07/09/2020 12:30:27.778:1691) : pid=4976
uid=root auid=root ses=2
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op=appraise_data
cause=missing-hash comm=bash name=/usr/bin/evmctl dev="dm-0" ino=493150
res=no

Cc: stable@vger.kernel.org
Fixes: d958083a8f64 ("x86/ima: define arch_get_ima_policy() for x86")
Signed-off-by: Bruno Meneguele <bmeneg@redhat.com>
Cc: stable@vger.kernel.org # 5.0
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

show more ...

ima: AppArmor satisfies the audit rule requirements

AppArmor meets all the requirements for IMA in terms of audit rules
since commit e79c26d04043 ("apparmor: Add support for audit rule
filtering").

ima: AppArmor satisfies the audit rule requirements

AppArmor meets all the requirements for IMA in terms of audit rules
since commit e79c26d04043 ("apparmor: Add support for audit rule
filtering"). Update IMA's Kconfig section for CONFIG_IMA_LSM_RULES to
reflect this.

Fixes: e79c26d04043 ("apparmor: Add support for audit rule filtering")
Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

show more ...

Merge branch 'next' into for-linus

Prepare input updates for 5.8 merge window.

Merge branches 'for-5.7/upstream-fixes', 'for-5.8/apple', 'for-5.8/asus', 'for-5.8/core', 'for-5.8/intel-ish', 'for-5.8/logitech', 'for-5.8/mcp2221' and 'for-5.8/multitouch' into for-linus

Merge branch 'for-5.8' into for-linus

Merge branch 'timers/drivers/timer-ti' into timers/drivers/next

Merge tag 'v5.6' into next

Sync up with mainline to get device tree and other changes.

Merge branch 'for-mingo' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu into core/rcu

Pull RCU updates from Paul McKenney:

1. Miscellaneous fixes.
2. kfree_rcu() updates.

Merge branch 'for-mingo' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu into core/rcu

Pull RCU updates from Paul McKenney:

1. Miscellaneous fixes.
2. kfree_rcu() updates.
3. Remove scheduler locking restriction
4. RCU-tasks update, including addition of RCU Tasks Trace for
BPF use and RCU Tasks Rude. (This branch is on top of #3 due
to overlap of changed code.)
5. RCU CPU stall warning updates.
6. Torture-test updates.

show more ...

Merge tag 'efi-next' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi into efi/core

Pull EFI changes for v5.8 from Ard Biesheuvel:

"- preliminary changes for RISC-V
- add support for setti

Merge tag 'efi-next' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi into efi/core

Pull EFI changes for v5.8 from Ard Biesheuvel:

"- preliminary changes for RISC-V
- add support for setting the resolution on the EFI framebuffer
- simplify kernel image loading for arm64
- Move .bss into .data via the linker script instead of relying on symbol
annotations.
- Get rid of __pure getters to access global variables
- Clean up the config table matching arrays"

Signed-off-by: Ingo Molnar <mingo@kernel.org>

show more ...

Merge branch 'topic/nhlt' into for-next

Merge NHLT init cleanup.

Signed-off-by: Takashi Iwai <tiwai@suse.de>

Merge tag 'tegra-for-5.7-asoc' of git://git.kernel.org/pub/scm/linux/kernel/git/tegra/linux into asoc-5.7

ASoC: tegra: Fixes for v5.7-rc3

This contains a couple of fixes that are needed to properly

Merge tag 'tegra-for-5.7-asoc' of git://git.kernel.org/pub/scm/linux/kernel/git/tegra/linux into asoc-5.7

ASoC: tegra: Fixes for v5.7-rc3

This contains a couple of fixes that are needed to properly reconfigure
the audio clocks on older Tegra devices.

show more ...

Merge branch 'fixes-v5.7' into fixes

Merge drm/drm-next into drm-misc-next

Backmerging required to pull topic/phy-compliance.

Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>

Merge drm/drm-next into drm-intel-next-queued

Backmerging in order to pull "topic/phy-compliance".

Signed-off-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>