linux/fs/nfs
Linus Torvalds cdab10bf32 selinux/stable-5.16 PR 20211101
-----BEGIN PGP SIGNATURE-----
 
 iQJIBAABCAAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAmGANbAUHHBhdWxAcGF1
 bC1tb29yZS5jb20ACgkQ6iDy2pc3iXNaMBAAg+9gZr0F7xiafu8JFZqZfx/AQdJ2
 G2cn3le+/tXGZmF8m/+82lOaR6LeQLatgSDJNSkXWkKr0nRwseQJDbtRfvYJdn0t
 Ax05/Fmz6OGxQ2wgRYgaFiSrKpE5p3NhDtiLFVdkCJaQNe/8DZOc7NhBl6EjZf3x
 ubhl2hUiJ4AmiXGwcYhr4uKgP4nhW8OM1/OkskVi+bBMmLA8KTY9kslmIDP5E3BW
 29W4qhqeLNQupY5dGMEMVcyxY9ZUWpO39q4uOaQVZrUGE7xABkj/jhnxT5gFTSlI
 pu8VhsYXm9KuRVveIsv0L5SZfadwoM9YAl7ki1wD3W5rHqOAte3rBTm6VmNlQwfU
 MqxP65Jiyxudxet5Be3/dCRH/+MDQuwBxivgmZXbeVxor2SeznVb0GDaEUC5FSHu
 CJIgWtQzsPJMxgAEGXN4F3QGP0htTTJni56GUPOsrf4TIBW02TT+oLTLFRIokQQL
 INNOfwVSRXElnCsvxsHR4oB+JZ9pJyBaAmeupcQ6jmcKiWlbLj4s+W0U0pM5h91v
 hmMpz7KMxrX6gVL4gB2Jj4aN3r5YRbq26NBu6D+wdwwBTeTTocaHSpAqkv4buClf
 uNk3cG8Hkp8TTg9cM8jYgpxMyzKH/AI/Uw3VhEa1xCiq2Ck3DgfnZvnvcRRaZevU
 FPgmwgqePJXGi60=
 =sb8J
 -----END PGP SIGNATURE-----

Merge tag 'selinux-pr-20211101' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull selinux updates from Paul Moore:

 - Add LSM/SELinux/Smack controls and auditing for io-uring.

   As usual, the individual commit descriptions have more detail, but we
   were basically missing two things which we're adding here:

      + establishment of a proper audit context so that auditing of
        io-uring ops works similarly to how it does for syscalls (with
        some io-uring additions because io-uring ops are *not* syscalls)

      + additional LSM hooks to enable access control points for some of
        the more unusual io-uring features, e.g. credential overrides.

   The additional audit callouts and LSM hooks were done in conjunction
   with the io-uring folks, based on conversations and RFC patches
   earlier in the year.

 - Fixup the binder credential handling so that the proper credentials
   are used in the LSM hooks; the commit description and the code
   comment which is removed in these patches are helpful to understand
   the background and why this is the proper fix.

 - Enable SELinux genfscon policy support for securityfs, allowing
   improved SELinux filesystem labeling for other subsystems which make
   use of securityfs, e.g. IMA.

* tag 'selinux-pr-20211101' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  security: Return xattr name from security_dentry_init_security()
  selinux: fix a sock regression in selinux_ip_postroute_compat()
  binder: use cred instead of task for getsecid
  binder: use cred instead of task for selinux checks
  binder: use euid from cred instead of using task
  LSM: Avoid warnings about potentially unused hook variables
  selinux: fix all of the W=1 build warnings
  selinux: make better use of the nf_hook_state passed to the NF hooks
  selinux: fix race condition when computing ocontext SIDs
  selinux: remove unneeded ipv6 hook wrappers
  selinux: remove the SELinux lockdown implementation
  selinux: enable genfscon labeling for securityfs
  Smack: Brutalist io_uring support
  selinux: add support for the io_uring access controls
  lsm,io_uring: add LSM hooks to io_uring
  io_uring: convert io_uring to the secure anon inode interface
  fs: add anon_inode_getfile_secure() similar to anon_inode_getfd_secure()
  audit: add filtering for io_uring records
  audit,io_uring,io-wq: add some basic audit support to io_uring
  audit: prepare audit_context for use in calling contexts beyond syscalls
2021-11-01 21:06:18 -07:00
..
blocklayout nfs/blocklayout: use bdev_nr_bytes instead of open coding it 2021-10-18 14:43:23 -06:00
filelayout NFS: fix an incorrect limit in filelayout_decode_layout() 2021-05-20 12:17:08 -04:00
flexfilelayout pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() 2021-04-14 09:36:29 -04:00
cache_lib.c
cache_lib.h
callback_proc.c NFSv4.x: Don't return NFS4ERR_NOMATCHING_LAYOUT if we're unmounting 2021-04-16 08:50:21 -04:00
callback_xdr.c NFS: Clean up the synopsis of callback process_op() 2021-08-10 14:18:35 -04:00
callback.c SUNRPC: Set rq_auth_stat in the pg_authenticate() callout 2021-08-10 14:18:35 -04:00
callback.h
client.c SUNRPC enforce creation of no more than max_connect xprts 2021-08-27 16:37:29 -04:00
delegation.c NFSv4: Add lease breakpoints in case of a delegation recall or return 2021-06-13 19:36:28 -04:00
delegation.h NFSv4: Fix delegation return in cases where we have to retry 2021-06-13 19:36:27 -04:00
dir.c NFS client updates for Linux 5.13 2021-05-07 11:23:41 -07:00
direct.c fs: get rid of the res2 iocb->ki_complete argument 2021-10-25 10:36:24 -06:00
dns_resolve.c
dns_resolve.h
export.c nfs: don't atempt blocking locks on nfs reexports 2021-08-26 15:32:10 -04:00
file.c locks: remove LOCK_MAND flock lock support 2021-09-10 16:21:44 -04:00
fs_context.c NFSv4 introduce max_connect mount options 2021-08-27 16:37:17 -04:00
fscache-index.c
fscache.c NFS: Fix fscache read from NFS after cache error 2021-07-08 14:03:26 -04:00
fscache.h
getroot.c nfs: update has_sec_mnt_opts after cloning lsm options from parent 2021-06-28 09:34:39 -04:00
inode.c Merge branch 'leases-devel' 2021-06-29 13:13:34 -04:00
internal.h NFSv4 introduce max_connect mount options 2021-08-27 16:37:17 -04:00
io.c NFS: Fix up incorrect documentation 2021-04-05 09:04:20 -04:00
iostat.h
Kconfig nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default 2021-03-08 11:47:47 -05:00
Makefile
mount_clnt.c nfs: hornor timeo and retrans option when mounting NFSv3 2021-04-05 09:04:21 -04:00
namespace.c nfs: Remove trailing semicolon in macros 2021-05-27 09:19:33 -04:00
netns.h
nfs2super.c
nfs2xdr.c SUNRPC: Clean up the handling of page padding in rpc_prepare_reply_pages() 2020-12-02 14:05:53 -05:00
nfs3_fs.h vfs: add rcu argument to ->get_acl() callback 2021-08-18 22:08:24 +02:00
nfs3acl.c vfs: add rcu argument to ->get_acl() callback 2021-08-18 22:08:24 +02:00
nfs3client.c
nfs3proc.c NFSv3: Delete duplicate judgement in nfs3_async_handle_jukebox 2021-08-27 16:36:21 -04:00
nfs3super.c
nfs3xdr.c NFSv4: Catch and trace server filehandle encoding errors 2021-04-14 09:36:29 -04:00
nfs4_fs.h NFSv4: Add support for application leases underpinned by a delegation 2021-06-13 19:36:28 -04:00
nfs4client.c NFSv4.1 add network transport when session trunking is detected 2021-08-27 16:37:41 -04:00
nfs4file.c NFSv4.2: remove restriction of copy size for inter-server copy. 2021-08-10 14:18:35 -04:00
nfs4getroot.c
nfs4idmap.c NFS: Only reference user namespace from nfs4idmap struct instead of cred 2020-10-13 15:56:54 -04:00
nfs4idmap.h
nfs4namespace.c
nfs4proc.c security: Return xattr name from security_dentry_init_security() 2021-10-20 08:17:08 -04:00
nfs4renewd.c treewide: remove editor modelines and cruft 2021-05-07 00:26:34 -07:00
nfs4session.c
nfs4session.h NFSv4.1: use BITS_PER_LONG macro in nfs4session.h 2020-12-14 06:51:07 -05:00
nfs4state.c NFS client updates for Linux 5.13 2021-05-07 11:23:41 -07:00
nfs4super.c NFS: Adjust fs_context error logging 2021-01-10 13:32:39 -05:00
nfs4sysctl.c
nfs4trace.c
nfs4trace.h treewide: Add missing semicolons to __assign_str uses 2021-06-30 09:19:14 -04:00
nfs4xdr.c NFS client updates for Linux 5.13 2021-05-07 11:23:41 -07:00
nfs42.h
nfs42proc.c NFSv42: Don't force attribute revalidation of the copy offload source 2021-04-14 10:42:24 -04:00
nfs42xattr.c nfs: Fix a typo in the file nfs42xattr.c 2021-04-05 09:04:20 -04:00
nfs42xdr.c NFS client updates for Linux 5.11 2020-12-17 12:15:03 -08:00
nfs.h
nfsroot.c nfsroot: Default mount option should ask for built-in NFS version 2020-11-02 10:29:03 -05:00
nfstrace.c NFSv4: Catch and trace server filehandle encoding errors 2021-04-14 09:36:29 -04:00
nfstrace.h Merge branch 'work.namei' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2021-07-03 11:41:14 -07:00
pagelist.c NFSv4.1 identify and mark RPC tasks that can move between transports 2021-07-08 14:03:24 -04:00
pnfs_dev.c NFSv4/pnfs: Add tracing for the deviceid cache 2020-12-16 17:25:24 -05:00
pnfs_nfs.c NFSv4/pNFS: Return an error if _nfs4_pnfs_v3_ds_connect can't load NFSv3 2021-07-08 14:03:26 -04:00
pnfs.c NFSv4/pnfs: The layout barrier indicate a minimal value for the seqid 2021-08-09 16:57:04 -04:00
pnfs.h pNFS: We want return-on-close to complete when evicting the inode 2021-01-10 13:32:51 -05:00
proc.c NFSv4: Add support for the NFSv4.2 "change_attr_type" attribute 2021-04-13 10:04:05 -04:00
read.c NFS: Always provide aligned buffers to the RPC read layers 2021-08-30 13:21:38 -04:00
super.c NFSv4 introduce max_connect mount options 2021-08-27 16:37:17 -04:00
symlink.c
sysctl.c
sysfs.c NFSv4: Fix up RCU annotations for struct nfs_netns_client 2020-10-15 13:31:08 -04:00
sysfs.h NFSv4: Fix up RCU annotations for struct nfs_netns_client 2020-10-15 13:31:08 -04:00
unlink.c NFS: Fix open coded versions of nfs_set_cache_invalid() 2021-03-08 16:13:55 -05:00
write.c NFSv4.1 identify and mark RPC tasks that can move between transports 2021-07-08 14:03:24 -04:00