Commit 0798268aa4c2 for kernel

commit 0798268aa4c26ece25020b3ddeeef9a5941209c0
Merge: a552c81ff4a1 35d6f5e788da
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date:   Fri Jun 19 11:32:05 2026 -0700

    Merge tag 'integrity-v7.2' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity

    Pull IMA updates from Mimi Zohar:

     - Introduce IMA and EVM post-quantum ML-DSA signature support

       ML-DSA signature support for IMA and EVM is limited to sigv3
       signatures, which calculates and verifies a hash of a compact
       structure containing the file data/metadata hash, hash type, and hash
       algorithm. IMA and EVM still calculate the file data/metadata hashes
       respectively.

     - Introduce support for removing IMA measurement list records stored in
       kernel memory

       The IMA measurement list can grow large depending on policy, but
       removing records breaks remote attestation, unless they are safely
       preserved and made available for attestation requests. Until
       environments are prepared to preserve the measurement records, a new
       CONFIG_IMA_STAGING Kconfig option is introduced to guard against
       deletion.

       Several approaches for removing measurement list records were
       evaluated but rejected due to filesystem constraints, the
       introduction of a new critical data record, and locking concerns. Two
       methods are being upstreamed: staged deletion with confirmation, and
       staged deletion of N records without confirmation. Both methods
       minimize the period during which new measurements are blocked from
       being appended to the measurement list by staging the measurement
       list.

       A comparison of the two methods is included in the documentation.

     - Some code cleanup, and a couple of bug fixes

    * tag 'integrity-v7.2' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
      doc: security: Add documentation of exporting and deleting IMA measurements
      ima: Support staging and deleting N measurements records
      ima: Add support for flushing the hash table when staging measurements
      ima: Add support for staging measurements with prompt
      ima: Introduce ima_dump_measurement()
      ima: Use snprintf() in create_securityfs_measurement_lists
      ima: Mediate open/release method of the measurements list
      ima: Introduce _ima_measurements_start() and _ima_measurements_next()
      ima: Introduce per binary measurements list type binary_runtime_size value
      ima: Introduce per binary measurements list type ima_num_records counter
      ima: Replace static htable queue with dynamically allocated array
      ima: Remove ima_h_table structure
      evm: terminate and bound the evm_xattrs read buffer
      integrity: Add support for sigv3 verification using ML-DSA keys
      integrity: Refactor asymmetric_verify for reusability
      integrity: Check that algo parameter is within valid range
      integrity: Check for NULL returned by asymmetric_key_public_key
      ima: return error early if file xattr cannot be changed
      ima: Fix sigv3 signature handling for EVM_IMA_XATTR_DIGSIG