This series backports patches in order to resolve the issue discussed here: https://lore.kernel.org/selinux/389334fe-6e12-96b2-6ce9-9f0e8fcb85bf@xxxxxxxxxx/ This required backporting the non-blocking LSM policy update mechanism prerequisite patches. As well as bugfixes that follows: c66f67414c1f ("IB/core: Don't register each MAD agent for LSM notifier") 42df744c4166 ("LSM: switch to blocking policy update notifiers") b16942455193 ("ima: use the lsm policy update notifier") 483ec26eed42 ("ima: ima/lsm policy rule loading logic bug fixes") e144d6b26541 ("ima: Evaluate error in init_ima()") c7423dbdbc9e ("ima: Handle -ESTALE returned by ima_filter_rule_match()") c66f67414c1f ("IB/core: Don't register each MAD agent for LSM notifier") is merged as the prerequisite of 42df744c4166 ("LSM: switch to blocking policy update notifiers"). e144d6b26541 ("ima: Evaluate error in init_ima()"), 483ec26eed42 ("ima: ima/lsm policy rule loading logic bug fixes") and 9ff8a616dfab ("ima: Have the LSM free its audit rule") are merged as a follow up bugfix for b16942455193 ("ima: use the lsm policy update notifier"). I've tested the patches against said issue and can confirm that the issue is fixed. Link to the original maillist discussion: https://lore.kernel.org/all/389334fe-6e12-96b2-6ce9-9f0e8fcb85bf@xxxxxxxxxx/ Change log: v2: Fixed build issue and backport bugfix commits for backported patches. Daniel Jurgens (1): IB/core: Don't register each MAD agent for LSM notifier GUO Zihua (1): ima: Handle -ESTALE returned by ima_filter_rule_match() Janne Karhunen (3): LSM: switch to blocking policy update notifiers ima: use the lsm policy update notifier ima: ima/lsm policy rule loading logic bug fixes Roberto Sassu (1): ima: Evaluate error in init_ima() drivers/infiniband/core/core_priv.h | 5 + drivers/infiniband/core/device.c | 5 +- drivers/infiniband/core/security.c | 51 +++++---- include/linux/security.h | 12 +- include/rdma/ib_mad.h | 3 +- security/integrity/ima/ima.h | 2 + security/integrity/ima/ima_main.c | 11 ++ security/integrity/ima/ima_policy.c | 172 ++++++++++++++++++++++------ security/security.c | 23 ++-- security/selinux/hooks.c | 2 +- security/selinux/selinuxfs.c | 2 +- 11 files changed, 208 insertions(+), 80 deletions(-) -- 2.17.1
