[PATCH 4.19 v3 0/6] Backport handling -ESTALE policy update failure to 4.19

Guozihua (Scott) guozihua at huawei.com
Wed Mar 1 01:26:36 UTC 2023


On 2023/3/1 3:45, Mimi Zohar wrote:
> On Tue, 2023-02-28 at 11:25 -0500, Paul Moore wrote:
>> On Tue, Feb 28, 2023 at 3:09 AM GUO Zihua <guozihua at huawei.com> wrote:
>>>
>>> This series backports patches in order to resolve the issue discussed here:
>>> https://lore.kernel.org/selinux/389334fe-6e12-96b2-6ce9-9f0e8fcb85bf@huawei.com/
>>>
>>> This required backporting the non-blocking LSM policy update mechanism
>>> prerequisite patches. As well as bugfixes that follows:
>>>
>>> c66f67414c1f ("IB/core: Don't register each MAD agent for LSM notifier")
>>> 42df744c4166 ("LSM: switch to blocking policy update notifiers")
>>> b16942455193 ("ima: use the lsm policy update notifier")
>>> 483ec26eed42 ("ima: ima/lsm policy rule loading logic bug fixes")
>>> e144d6b26541 ("ima: Evaluate error in init_ima()")
>>> c7423dbdbc9e ("ima: Handle -ESTALE returned by ima_filter_rule_match()")
>>>
>>> c66f67414c1f ("IB/core: Don't register each MAD agent for LSM notifier")
>>> is merged as the prerequisite of 42df744c4166 ("LSM: switch to blocking
>>> policy update notifiers"). e144d6b26541 ("ima: Evaluate error in
>>> init_ima()"), 483ec26eed42 ("ima: ima/lsm policy rule loading logic bug
>>> fixes") and 9ff8a616dfab ("ima: Have the LSM free its audit rule") are
>>> merged as a follow up bugfix for b16942455193 ("ima: use the lsm policy
>>> update notifier").
> 
> Scott, there's no need to duplicate the list of commits like this. 
> Having an unordered list would have been fine.
> 
>>>
>>> I've tested the patches against said issue and can confirm that the
>>> issue is fixed.
>>>
>>> Link to the original maillist discussion:
>>> https://lore.kernel.org/all/389334fe-6e12-96b2-6ce9-9f0e8fcb85bf@huawei.com/
>>>
>>> Change log:
>>>   v2: Fixed build issue and backport bugfix commits for backported
>>> patches.
>>
>> Is there a quick summary of the changes in v3 of this patchset?
> 
> v3:  Backport commit 483ec26eed42b ("ima: ima/lsm policy rule loading
> logic bug fixes")  as well.
> 
Oh Shoot! Totally forgot about it. Sorry.

The change is as Mimi said, backporting an additional IMA bugfix commit.
-- 
Best
GUO Zihua



More information about the Linux-security-module-archive mailing list