Merge drm/drm-fixes into drm-misc-fixes

Forwarding to v6.6-rc1.

Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>

Merge tag 'selinux-pr-20230829' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull selinux updates from Paul Moore:
"Thirty three SELinux patches, which is a pretty big number fo

Merge tag 'selinux-pr-20230829' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull selinux updates from Paul Moore:
"Thirty three SELinux patches, which is a pretty big number for us, but
there isn't really anything scary in here; in fact we actually manage
to remove 10 lines of code with this :)

- Promote the SELinux DEBUG_HASHES macro to CONFIG_SECURITY_SELINUX_DEBUG

The DEBUG_HASHES macro was a buried SELinux specific preprocessor
debug macro that was a problem waiting to happen. Promoting the
debug macro to a proper Kconfig setting should help both improve
the visibility of the feature as well enable improved test
coverage. We've moved some additional debug functions under the
CONFIG_SECURITY_SELINUX_DEBUG flag and we may see more work in the
future.

- Emit a pr_notice() message if virtual memory is executable by default

As this impacts the SELinux access control policy enforcement, if
the system's configuration is such that virtual memory is
executable by default we print a single line notice to the console.

- Drop avtab_search() in favor of avtab_search_node()

Both functions are nearly identical so we removed avtab_search()
and converted the callers to avtab_search_node().

- Add some SELinux network auditing helpers

The helpers not only reduce a small amount of code duplication, but
they provide an opportunity to improve UDP flood performance
slightly by delaying initialization of the audit data in some
cases.

- Convert GFP_ATOMIC allocators to GFP_KERNEL when reading SELinux policy

There were two SELinux policy load helper functions that were
allocating memory using GFP_ATOMIC, they have been converted to
GFP_KERNEL.

- Quiet a KMSAN warning in selinux_inet_conn_request()

A one-line error path (re)set patch that resolves a KMSAN warning.
It is important to note that this doesn't represent a real bug in
the current code, but it quiets KMSAN and arguably hardens the code
against future changes.

- Cleanup the policy capability accessor functions

This is a follow-up to the patch which reverted SELinux to using a
global selinux_state pointer. This patch cleans up some artifacts
of that change and turns each accessor into a one-line READ_ONCE()
call into the policy capabilities array.

- A number of patches from Christian Göttsche

Christian submitted almost two-thirds of the patches in this pull
request as he worked to harden the SELinux code against type
differences, variable overflows, etc.

- Support for separating early userspace from the kernel in policy,
with a later revert

We did have a patch that added a new userspace initial SID which
would allow SELinux to distinguish between early user processes
created before the initial policy load and the kernel itself.

Unfortunately additional post-merge testing revealed a problematic
interaction with an old SELinux userspace on an old version of
Ubuntu so we've reverted the patch until we can resolve the
compatibility issue.

- Remove some outdated comments dealing with LSM hook registration

When we removed the runtime disable functionality we forgot to
remove some old comments discussing the importance of LSM hook
registration ordering.

- Minor administrative changes

Stephen Smalley updated his email address and "debranded" SELinux
from "NSA SELinux" to simply "SELinux". We've come a long way from
the original NSA submission and I would consider SELinux a true
community project at this point so removing the NSA branding just
makes sense"

* tag 'selinux-pr-20230829' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: (33 commits)
selinux: prevent KMSAN warning in selinux_inet_conn_request()
selinux: use unsigned iterator in nlmsgtab code
selinux: avoid implicit conversions in policydb code
selinux: avoid implicit conversions in selinuxfs code
selinux: make left shifts well defined
selinux: update type for number of class permissions in services code
selinux: avoid implicit conversions in avtab code
selinux: revert SECINITSID_INIT support
selinux: use GFP_KERNEL while reading binary policy
selinux: update comment on selinux_hooks[]
selinux: avoid implicit conversions in services code
selinux: avoid implicit conversions in mls code
selinux: use identical iterator type in hashtab_duplicate()
selinux: move debug functions into debug configuration
selinux: log about VM being executable by default
selinux: fix a 0/NULL mistmatch in ad_net_init_from_iif()
selinux: introduce SECURITY_SELINUX_DEBUG configuration
selinux: introduce and use lsm_ad_net_init*() helpers
selinux: update my email address
selinux: add missing newlines in pr_err() statements
...

show more ...

Merge drm/drm-next into drm-intel-next

Catching-up with drm-next and drm-intel-gt-next.
It will unblock a code refactor around the platform
definitions (names vs acronyms).

Signed-off-by: Rodrigo V

Merge drm/drm-next into drm-intel-next

Catching-up with drm-next and drm-intel-gt-next.
It will unblock a code refactor around the platform
definitions (names vs acronyms).

Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>

show more ...

Merge drm/drm-next into drm-intel-gt-next

Need to pull in b3e4aae612ec ("drm/i915/hdcp: Modify hdcp_gsc_message msg sending mechanism") as
a dependency for https://patchwork.freedesktop.org/series/1

Merge drm/drm-next into drm-intel-gt-next

Need to pull in b3e4aae612ec ("drm/i915/hdcp: Modify hdcp_gsc_message msg sending mechanism") as
a dependency for https://patchwork.freedesktop.org/series/121735/

Signed-off-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>

show more ...

selinux: move debug functions into debug configuration

avtab_hash_eval() and hashtab_stat() are only used in policydb.c when
the configuration SECURITY_SELINUX_DEBUG is enabled.

Move the function d

selinux: move debug functions into debug configuration

avtab_hash_eval() and hashtab_stat() are only used in policydb.c when
the configuration SECURITY_SELINUX_DEBUG is enabled.

Move the function definitions under that configuration as well and
provide empty definitions in case SECURITY_SELINUX_DEBUG is disabled, to
avoid using #ifdef in the callers.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

show more ...

Merge drm/drm-next into drm-misc-next

Backmerging to get v6.5-rc2.

Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>

selinux: update my email address

Update my email address; MAINTAINERS was updated some time ago.

Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul

selinux: update my email address

Update my email address; MAINTAINERS was updated some time ago.

Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

show more ...

selinux: drop avtab_search()

avtab_search() shares the same logic with avtab_search_node(), except
that it returns, if found, a pointer to the struct avtab_node member
datum instead of the node itse

selinux: drop avtab_search()

avtab_search() shares the same logic with avtab_search_node(), except
that it returns, if found, a pointer to the struct avtab_node member
datum instead of the node itself. Since the member is an embedded
struct, and not a pointer, the returned value of avtab_search() and
avtab_search_node() will always in unison either be NULL or non-NULL.

Drop avtab_search() and replace its calls by avtab_search_node() to
deduplicate logic and adopt the only caller caring for the type of
the returned value accordingly.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

show more ...

selinux: use consistent type for AV rule specifier

The specifier for avtab keys is always supplied with a type of u16,
either as a macro to security_compute_sid() or the member specified of
the stru

selinux: use consistent type for AV rule specifier

The specifier for avtab keys is always supplied with a type of u16,
either as a macro to security_compute_sid() or the member specified of
the struct avtab_key.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

show more ...

ASoC: Merge v6.5-rc2

Get a similar baseline to my other branches, and fixes for people using
the branch.

Merge v6.5-rc1 into drm-misc-fixes

Boris needs 6.5-rc1 in drm-misc-fixes to prevent a conflict.

Signed-off-by: Maxime Ripard <mripard@kernel.org>

Merge branch 'master' into mm-hotfixes-stable

Merge tag 'selinux-pr-20230626' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull selinux updates from Paul Moore:

- Thanks to help from the MPTCP folks, it looks like we have

Merge tag 'selinux-pr-20230626' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull selinux updates from Paul Moore:

- Thanks to help from the MPTCP folks, it looks like we have finally
sorted out a proper solution to the MPTCP socket labeling issue, see
the new security_mptcp_add_subflow() LSM hook.

- Fix the labeled NFS handling such that a labeled NFS share mounted
prior to the initial SELinux policy load is properly labeled once a
policy is loaded; more information in the commit description.

- Two patches to security/selinux/Makefile, the first took the cleanups
in v6.4 a bit further and the second removed the grouped targets
support as that functionality doesn't appear to be properly supported
prior to make v4.3.

- Deprecate the "fs" object context type in SELinux policies. The fs
object context type was an old vestige that was introduced back in
v2.6.12-rc2 but never really used.

- A number of small changes that remove dead code, clean up some
awkward bits, and generally improve the quality of the code. See the
individual commit descriptions for more information.

* tag 'selinux-pr-20230626' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: avoid bool as identifier name
selinux: fix Makefile for versions of make < v4.3
selinux: make labeled NFS work when mounted before policy load
selinux: cleanup exit_sel_fs() declaration
selinux: deprecated fs ocon
selinux: make header files self-including
selinux: keep context struct members in sync
selinux: Implement mptcp_add_subflow hook
security, lsm: Introduce security_mptcp_add_subflow()
selinux: small cleanups in selinux_audit_rule_init()
selinux: declare read-only data arrays const
selinux: retain const qualifier on string literal in avtab_hash_eval()
selinux: drop return at end of void function avc_insert()
selinux: avc: drop unused function avc_disable()
selinux: adjust typos in comments
selinux: do not leave dangling pointer behind
selinux: more Makefile tweaks

show more ...

selinux: retain const qualifier on string literal in avtab_hash_eval()

The second parameter `tag` of avtab_hash_eval() is only used for
printing. In policydb_index() it is called with a string lite

selinux: retain const qualifier on string literal in avtab_hash_eval()

The second parameter `tag` of avtab_hash_eval() is only used for
printing. In policydb_index() it is called with a string literal:

avtab_hash_eval(&p->te_avtab, "rules");

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
[PM: slight formatting tweak in description]
Signed-off-by: Paul Moore <paul@paul-moore.com>

show more ...

Merge branch 'next' into for-linus

Prepare input updates for 5.17 merge window.

Merge tag 'v5.15' into next

Sync up with the mainline to get the latest APIs and DT bindings.

Merge branch 'for-5.15-printk-index' into for-linus

Merge branch 'perf/urgent' into perf/core, to pick up fixes

Signed-off-by: Ingo Molnar <mingo@kernel.org>

Merge tag 'v5.14-rc6' into locking/core, to pick up fixes

Signed-off-by: Ingo Molnar <mingo@kernel.org>

Backmerge remote-tracking branch 'drm/drm-next' into drm-misc-next

Required bump from v5.13-rc3 to v5.14-rc3, and to pick up sysfb compilation fixes.

Signed-off-by: Maarten Lankhorst <maarten.lankh

Backmerge remote-tracking branch 'drm/drm-next' into drm-misc-next

Required bump from v5.13-rc3 to v5.14-rc3, and to pick up sysfb compilation fixes.

Signed-off-by: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>

show more ...

Merge branch 'fixes-v5.14' into fixes

Merge drm/drm-next into drm-intel-gt-next

Catching up with 5.14-rc1 and also preparing for a
needed common topic branch for the "Minor revid/stepping
and workaround cleanup"

Reference: https://patc

Merge drm/drm-next into drm-intel-gt-next

Catching up with 5.14-rc1 and also preparing for a
needed common topic branch for the "Minor revid/stepping
and workaround cleanup"

Reference: https://patchwork.freedesktop.org/series/92299/
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>

show more ...

Merge drm/drm-next into drm-intel-next

Catching up with 5.14-rc1

Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>

Merge branch 'next' into for-linus

Prepare input updates for 5.14 merge window.

Merge tag 'selinux-pr-20210629' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull SELinux updates from Paul Moore:

- The slow_avc_audit() function is now non-blocking so we can

Merge tag 'selinux-pr-20210629' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull SELinux updates from Paul Moore:

- The slow_avc_audit() function is now non-blocking so we can remove
the AVC_NONBLOCKING tricks; this also includes the 'flags' variant of
avc_has_perm().

- Use kmemdup() instead of kcalloc()+copy when copying parts of the
SELinux policydb.

- The InfiniBand device name is now passed by reference when possible
in the SELinux code, removing a strncpy().

- Minor cleanups including: constification of avtab function args,
removal of useless LSM/XFRM function args, SELinux kdoc fixes, and
removal of redundant assignments.

* tag 'selinux-pr-20210629' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: kill 'flags' argument in avc_has_perm_flags() and avc_audit()
selinux: slow_avc_audit has become non-blocking
selinux: Fix kernel-doc
selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC
lsm_audit,selinux: pass IB device name by reference
selinux: Remove redundant assignment to rc
selinux: Corrected comment to match kernel-doc comment
selinux: delete selinux_xfrm_policy_lookup() useless argument
selinux: constify some avtab function arguments
selinux: simplify duplicate_policydb_cond_list() by using kmemdup()

show more ...