This is an automated email from the git hooks/post-receive script.
tcwg-buildslave pushed a change to branch linaro-local/ci/tcwg_kernel/gnu-master-arm-mainline-allnoconfig in repository toolchain/ci/linux.
from 568d850e3c60 Merge tag 'riscv/for-v5.4-rc1-b' of git://git.kernel.org/p [...] adds c87a37ebd40b 9p: avoid attaching writeback_fid on mmap with type PRIVATE adds 0ce772fe79b6 9p: Transport error uninitialized adds 962a991c5de1 9p/cache.c: Fix memory leak in v9fs_cache_session_get_cookie adds aafee43b7286 9p/vfs_super.c: Remove unused parameter data in v9fs_fill_super adds 9977b1a71488 Merge tag '9p-for-5.4' of git://github.com/martinetd/linux adds c4bb667eaf52 fuse: reserve values for mapping protocol adds 2d1d25d0a224 virtio-fs: add Documentation/filesystems/virtiofs.rst adds a62a8ef9d97d virtio-fs: add virtiofs filesystem adds 8f744bdee4fe Merge tag 'virtio-fs-5.4' of git://git.kernel.org/pub/scm/ [...] adds 64a38e840ce5 SUNRPC: Track writers of the 'channel' file to improve cac [...] adds 4f375483559c Merge nfsd bugfixes adds 10fa8acf0fa6 nfsd: Remove unnecessary NULL checks adds d6dfe43ec606 svcrdma: Remove svc_rdma_wq adds 4866073e6ddf svcrdma: Use llist for managing cache of recv_ctxts adds f69d6d8eef78 sunrpc: add a new cache_detail operation for when a cache [...] adds 18f6622ebbde locks: create a new notifier chain for lease attempts adds b72679ee89a0 notify: export symbols for use by the knfsd file cache adds 7239a40ca8bf vfs: Export flush_delayed_fput for use by knfsd. adds 65294c1f2c5e nfsd: add a new struct file caching facility to nfsd adds b493523926f9 nfsd: hook up nfsd_write to the new nfsd_file cache adds 48cd7b51258c nfsd: hook up nfsd_read to the nfsd_file cache adds 5920afa3c85f nfsd: hook nfsd_commit up to the nfsd_file cache adds fd4f83fd7dfb nfsd: convert nfs4_file->fi_fds array to use nfsd_files adds eb82dd393744 nfsd: convert fi_deleg_file and ls_file fields to nfsd_file adds 5c4583b2b78e nfsd: hook up nfs4_preprocess_stateid_op to the nfsd_file cache adds 6b556ca2872b nfsd: have nfsd_test_lock use the nfsd_file cache adds 501cb1849f86 nfsd: rip out the raparms cache adds 7775ec57f4c7 nfsd: close cached files prior to a REMOVE or RENAME that [...] adds b96811cd0246 nfsd: Fix up some unused variable warnings adds ed9927533a64 nfsd: Fix the documentation for svcxdr_tmpalloc() adds bb13f35b96f4 nfsd: remove duplicated include from filecache.c adds 9d60d93198c6 Deprecate nfsd fault injection adds 2b86e3aaf993 nfsd: eliminate an unnecessary acl size limit adds 5e113224c17e nfsd: nfsd_file cache entries should be per net namespace adds 27c438f53e79 nfsd: Support the server resetting the boot verifier adds 055b24a8f230 nfsd: Don't garbage collect files that might contain write errors adds bbf2f098838a nfsd: Reset the boot verifier on all write I/O errors adds 11a60d159259 nfsd: add a "GetVersion" upcall for nfsdcld adds 6ee95d1c8991 nfsd: add support for upcall version 2 adds 7f49fd5d7acd nfsd: handle drc over-allocation gracefully. adds 2030ca560c5f nfsd: degraded slot-count more gracefully as allocation ne [...] adds 65643f4c8217 nfsd: Make nfsd_reset_boot_verifier_locked static adds 83a63072c815 nfsd: fix nfs read eof detection adds e41f9efb85d3 sunrpc: clean up indentation issue adds 298fb76a5583 Merge tag 'nfsd-5.4' of git://linux-nfs.org/~bfields/linux adds b36f281f4a31 ima: initialize the "template" field with the default template adds c8424e776b09 MODSIGN: Export module signature definitions adds 2a7bf671186e PKCS#7: Refactor verify_pkcs7_signature() adds e201af16d1ec PKCS#7: Introduce pkcs7_get_digest() adds cf38fed1e183 integrity: Select CONFIG_KEYS instead of depending on it adds 9044d627fd18 ima: Add modsig appraise_type option for module-style appe [...] adds a5fbeb615ca4 ima: Factor xattr_verify() out of ima_appraise_measurement() adds 39b07096364a ima: Implement support for module-style appended signatures adds 15588227e086 ima: Collect modsig adds 3878d505aa71 ima: Define ima-modsig template adds e5092255bb39 ima: Store the measurement again when appraising a modsig adds f5e1040196db ima: always return negative code for error adds 4ece3125f21b ima: fix freeing ongoing ahash_request adds 70433f67ec3a MODSIGN: make new include file self contained adds 556d971bdae6 ima: Fix use after free in ima_read_modsig() adds cbc0425d3dd3 sefltest/ima: support appended signatures (modsig) adds fa5b57175364 ima: use struct_size() in kzalloc() adds 2a7f0e53daf2 ima: ima_api: Use struct_size() in kzalloc() adds f1f2f614d535 Merge branch 'next-integrity' of git://git.kernel.org/pub/ [...] adds e6b1db98cf4d security: Support early LSMs adds 9e47d31d6a57 security: Add a "locked down" LSM hook adds 000d388ed3bb security: Add a static lockdown policy LSM adds 49fcf732bdae lockdown: Enforce module signatures if the kernel is locked down adds 9b9d8dda1ed7 lockdown: Restrict /dev/{mem,kmem,port} when the kernel is [...] adds 7d31f4602f8d kexec_load: Disable at runtime if the kernel is locked down adds fef5dad98760 lockdown: Copy secure_boot flag in boot params across kexe [...] adds 99d5cadfde2b kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXE [...] adds 155bdd30af17 kexec_file: Restrict at runtime if the kernel is locked down adds 38bd94b8a1bd hibernate: Disable when the kernel is locked down adds eb627e17727e PCI: Lock down BAR access when the kernel is locked down adds 96c4f67293e4 x86: Lock down IO port access when the kernel is locked down adds 95f5e95f41df x86/msr: Restrict MSR access when the kernel is locked down adds f474e1486b78 ACPI: Limit access to custom_method when the kernel is loc [...] adds 41fa1ee9c6d6 acpi: Ignore acpi_rsdp kernel param when the kernel has be [...] adds 6ea0e815fc5e acpi: Disable ACPI table override if the kernel is locked down adds 3f19cad3fa0d lockdown: Prohibit PCMCIA CIS storage when the kernel is l [...] adds 794edf30ee6c lockdown: Lock down TIOCSSERIAL adds 20657f66ef52 lockdown: Lock down module params that specify hardware pa [...] adds 906357f77a07 x86/mmiotrace: Lock down the testmmiotrace module adds 02e935bf5b34 lockdown: Lock down /proc/kcore adds a94549dd87f5 lockdown: Lock down tracing and perf kprobes when in confi [...] adds 9d1f8be5cf42 bpf: Restrict bpf when kernel lockdown is in confidentiality mode adds b0c8fdc7fdb7 lockdown: Lock down perf when in confidentiality mode adds 29d3c1c8dfe7 kexec: Allow kexec_file() with appropriate IMA policy when [...] adds 5496197f9b08 debugfs: Restrict debugfs when the kernel is locked down adds ccbd54ff54e8 tracefs: Restrict tracefs when the kernel is locked down adds 1957a85b0032 efi: Restrict efivar_ssdt_load when the kernel is locked down adds b602614a8107 lockdown: Print current->comm in restriction messages adds f8a9bc623a6d security: constify some arrays in lockdown LSM adds 45893a0abee6 kexec: Fix file verification on S390 adds aefcf2f4b581 Merge branch 'next-lockdown' of git://git.kernel.org/pub/s [...]
No new revisions were added by this update.
Summary of changes: Documentation/ABI/testing/ima_policy | 6 +- Documentation/admin-guide/kernel-parameters.txt | 9 + Documentation/filesystems/index.rst | 10 + Documentation/filesystems/virtiofs.rst | 60 + Documentation/security/IMA-templates.rst | 3 + MAINTAINERS | 12 + arch/arm64/Kconfig | 6 +- arch/s390/Kconfig | 4 +- arch/s390/kernel/kexec_elf.c | 4 +- arch/s390/kernel/kexec_image.c | 4 +- arch/s390/kernel/machine_kexec_file.c | 28 +- arch/x86/Kconfig | 20 +- arch/x86/boot/compressed/acpi.c | 19 +- arch/x86/include/asm/acpi.h | 9 + arch/x86/include/asm/x86_init.h | 2 + arch/x86/kernel/acpi/boot.c | 5 + arch/x86/kernel/ima_arch.c | 4 +- arch/x86/kernel/ioport.c | 7 +- arch/x86/kernel/kexec-bzimage64.c | 1 + arch/x86/kernel/msr.c | 8 + arch/x86/kernel/x86_init.c | 1 + arch/x86/mm/testmmiotrace.c | 5 + certs/system_keyring.c | 61 +- crypto/asymmetric_keys/pkcs7_verify.c | 33 + crypto/asymmetric_keys/verify_pefile.c | 4 +- drivers/acpi/custom_method.c | 6 + drivers/acpi/osl.c | 14 +- drivers/acpi/tables.c | 6 + drivers/char/mem.c | 7 +- drivers/firmware/efi/efi.c | 6 + drivers/pci/pci-sysfs.c | 16 + drivers/pci/proc.c | 14 +- drivers/pci/syscall.c | 4 +- drivers/pcmcia/cistpl.c | 5 + drivers/tty/serial/serial_core.c | 5 + fs/9p/cache.c | 2 + fs/9p/vfs_file.c | 3 + fs/9p/vfs_super.c | 4 +- fs/debugfs/file.c | 30 + fs/debugfs/inode.c | 32 +- fs/file_table.c | 1 + fs/fuse/Kconfig | 11 + fs/fuse/Makefile | 1 + fs/fuse/fuse_i.h | 9 + fs/fuse/inode.c | 4 + fs/fuse/virtio_fs.c | 1195 ++++++++++++++++++++ fs/locks.c | 62 + fs/nfsd/Kconfig | 3 +- fs/nfsd/Makefile | 3 +- fs/nfsd/acl.h | 8 - fs/nfsd/blocklayout.c | 3 +- fs/nfsd/export.c | 13 + fs/nfsd/filecache.c | 934 +++++++++++++++ fs/nfsd/filecache.h | 61 + fs/nfsd/netns.h | 4 + fs/nfsd/nfs3proc.c | 9 +- fs/nfsd/nfs3xdr.c | 13 +- fs/nfsd/nfs4callback.c | 35 +- fs/nfsd/nfs4layouts.c | 12 +- fs/nfsd/nfs4proc.c | 97 +- fs/nfsd/nfs4recover.c | 388 +++++-- fs/nfsd/nfs4state.c | 239 ++-- fs/nfsd/nfs4xdr.c | 56 +- fs/nfsd/nfsctl.c | 1 + fs/nfsd/nfsproc.c | 4 +- fs/nfsd/nfssvc.c | 48 +- fs/nfsd/state.h | 13 +- fs/nfsd/trace.h | 140 +++ fs/nfsd/vfs.c | 351 +++--- fs/nfsd/vfs.h | 37 +- fs/nfsd/xdr3.h | 2 +- fs/nfsd/xdr4.h | 19 +- fs/notify/fsnotify.h | 2 - fs/notify/group.c | 2 + fs/notify/mark.c | 6 + fs/proc/kcore.c | 6 + fs/tracefs/inode.c | 42 +- include/asm-generic/vmlinux.lds.h | 8 +- include/crypto/pkcs7.h | 4 + include/linux/acpi.h | 6 + include/linux/fs.h | 5 + include/linux/fsnotify_backend.h | 2 + include/linux/ima.h | 9 + include/linux/kexec.h | 4 +- include/linux/lsm_hooks.h | 13 + include/linux/module.h | 3 - include/linux/module_signature.h | 46 + include/linux/security.h | 59 + include/linux/sunrpc/cache.h | 7 +- include/linux/sunrpc/svc_rdma.h | 6 +- include/linux/verification.h | 10 + include/uapi/linux/fuse.h | 8 +- include/uapi/linux/nfsd/cld.h | 41 +- include/uapi/linux/virtio_fs.h | 19 + include/uapi/linux/virtio_ids.h | 1 + init/Kconfig | 11 +- init/main.c | 1 + kernel/Makefile | 1 + kernel/events/core.c | 7 + kernel/kexec.c | 8 + kernel/kexec_file.c | 68 +- kernel/module.c | 38 +- kernel/module_signature.c | 46 + kernel/module_signing.c | 56 +- kernel/params.c | 21 +- kernel/power/hibernate.c | 3 +- kernel/trace/bpf_trace.c | 10 + kernel/trace/trace_kprobe.c | 5 + net/9p/client.c | 1 + net/sunrpc/cache.c | 15 +- net/sunrpc/svc.c | 4 +- net/sunrpc/xprtrdma/svc_rdma.c | 7 - net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 24 +- net/sunrpc/xprtrdma/svc_rdma_transport.c | 6 +- scripts/Makefile | 2 +- security/Kconfig | 11 +- security/Makefile | 2 + security/integrity/Kconfig | 2 +- security/integrity/digsig.c | 43 +- security/integrity/ima/Kconfig | 15 +- security/integrity/ima/Makefile | 1 + security/integrity/ima/ima.h | 62 +- security/integrity/ima/ima_api.c | 27 +- security/integrity/ima/ima_appraise.c | 194 ++-- security/integrity/ima/ima_crypto.c | 10 +- security/integrity/ima/ima_main.c | 28 +- security/integrity/ima/ima_modsig.c | 168 +++ security/integrity/ima/ima_policy.c | 121 +- security/integrity/ima/ima_template.c | 31 +- security/integrity/ima/ima_template_lib.c | 64 +- security/integrity/ima/ima_template_lib.h | 4 + security/integrity/integrity.h | 20 + security/lockdown/Kconfig | 47 + security/lockdown/Makefile | 1 + security/lockdown/lockdown.c | 191 ++++ security/security.c | 56 +- .../selftests/kexec/test_kexec_file_load.sh | 38 +- 137 files changed, 5152 insertions(+), 882 deletions(-) create mode 100644 Documentation/filesystems/virtiofs.rst create mode 100644 fs/fuse/virtio_fs.c create mode 100644 fs/nfsd/filecache.c create mode 100644 fs/nfsd/filecache.h create mode 100644 include/linux/module_signature.h create mode 100644 include/uapi/linux/virtio_fs.h create mode 100644 kernel/module_signature.c create mode 100644 security/integrity/ima/ima_modsig.c create mode 100644 security/lockdown/Kconfig create mode 100644 security/lockdown/Makefile create mode 100644 security/lockdown/lockdown.c