[PATCH 0/3] hornet: post-TOCTOU-fix cleanup and observability

[Blaise Boscaccy]

This is a small follow-up series tying up loose ends from
commit cf5d6b993a43 ("hornet: fix TOCTOU in signed program
verification").

Patch 1 adds a pr_notice() when hornet_check_prog_maps()
rejects a load due to a map hash mismatch. The denial path
was previously silent; this makes policy denials observable
in the kernel log without changing enforcement behavior.

Patch 2 removes LSM_INT_VERDICT_UNEXPECTED from the
lsm_integrity_verdict enum and from IPE's bpf_signature
property. The TOCTOU fix collapsed the "unexpected map hash"
case into the existing BADSIG path, so UNEXPECTED is no
longer produced by any LSM. Removing the orphan enum value
and its IPE plumbing (audit string, property enum entry,
policy parser token, evaluator case, documentation) keeps
the verdict surface consistent with what providers actually
emit.

Patch 3 updates the signing-workflow documentation in
Documentation/admin-guide/LSM/Hornet.rst. gen_sig no longer
takes per-map indices after the TOCTOU fix, so the example
invocation is corrected to drop the ":0" suffix on --add.

No functional change to enforcement; observability +
cleanup only.

Blaise Boscaccy (3):
  hornet: log map hash check failures in prog map validation
  security, ipe: Remove LSM_INT_VERDICT_UNEXPECTED support
  hornet: update signing workflow documentation

 Documentation/admin-guide/LSM/Hornet.rst | 5 +----
 Documentation/admin-guide/LSM/ipe.rst    | 6 +-----
 Documentation/security/ipe.rst           | 3 +--
 include/linux/security.h                 | 1 -
 security/hornet/hornet_lsm.c             | 1 +
 security/ipe/audit.c                     | 1 -
 security/ipe/eval.c                      | 2 --
 security/ipe/policy.h                    | 1 -
 security/ipe/policy_parser.c             | 2 --
 9 files changed, 4 insertions(+), 18 deletions(-)

--
2.53.0