Message ID | CAHC9VhSmJHDRroUJifUuDNF+KvVPVtW17CuMzb_RrUKBBkTabA@mail.gmail.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp2605326wrr; Mon, 12 Dec 2022 19:16:08 -0800 (PST) X-Google-Smtp-Source: AA0mqf5iGPaalL0bkHSeo7Hh6DAjqT1LKBjWDYFVXKNjXbilYenFjFMKQGmXpPNaFVTn1N26ZvE1 X-Received: by 2002:a05:6402:4496:b0:46d:529c:255e with SMTP id er22-20020a056402449600b0046d529c255emr17654840edb.22.1670901368851; Mon, 12 Dec 2022 19:16:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670901368; cv=none; d=google.com; s=arc-20160816; b=b1IQUTKcfUIDzdjhRhMPFZxXilOp8aRZCd0Qy8AZck4QEMIZ//aDvtb8bI3fB5tP2m 8VHROdZHrO270rgPHCGzZnW7IVa7Txc57kaOv791Tl3ZIbmbd/Uhjfy92qK5+60iSUaV kSr0dvTx+HnAUZU76YoiCRrZPp2mqWUtrMRu81Y7Ql48xjtzGdSIiwjVwJiTgWSlyqvG COS8Q/XMOyddIAnx7hNtum7gmbX9p5Ebqg2fPdbW7GdRutyhmVm254+9L7TUVJX9s2by f3dN27jIGeY0RW/45dejzJmFWPx2KPoG89iQjcb5zYWf8CX8VQe/O0R9XWRr8UbnS2Nv 1BFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:mime-version :dkim-signature; bh=+11UAkspQI3Jl+0ZwasHXEveHAO0fduT9eEWrtO/NFw=; b=HpI6CTdxrjDq07lJ5esm1Ucb0cyhDEpgpZTAKBkt/OgDGqgrJ2SNpkxHwd8xzKTxwN SMNox4y8MTACHKPO9Z8JyrzHb+ajDl6OUkedJ6KHFfpoluavSLgYQwKdySjiFTuGQDxK tNuRv8I8uCVVm83kNywNq0hbz3QWr1Tzx+8a/FTR0Pm9ngrkQwdNpT1ijbGco6ahJxWC WLsoRb4Isc9nkQW6bFDQHwmvDeneZZT+jrI86WqjnYe9Cp+9RSHkvjkWAEG+/2QMW6je 0nPxiLLEuKu2figSFfi2ufvzUUH7t3bv2TR6/1m7IlN3/qMXH9Np6DEHp29GZmR5yu7e LXkA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=vAmV6Ve9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j17-20020a05640211d100b00462848f0cdbsi11496299edw.299.2022.12.12.19.15.45; Mon, 12 Dec 2022 19:16:08 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=vAmV6Ve9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234457AbiLMDGH (ORCPT <rfc822;jeantsuru.cumc.mandola@gmail.com> + 99 others); Mon, 12 Dec 2022 22:06:07 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60248 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234410AbiLMDFz (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Mon, 12 Dec 2022 22:05:55 -0500 Received: from mail-pl1-x629.google.com (mail-pl1-x629.google.com [IPv6:2607:f8b0:4864:20::629]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6CA1C1DDF4 for <linux-kernel@vger.kernel.org>; Mon, 12 Dec 2022 19:05:44 -0800 (PST) Received: by mail-pl1-x629.google.com with SMTP id d15so4573295pls.6 for <linux-kernel@vger.kernel.org>; Mon, 12 Dec 2022 19:05:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=+11UAkspQI3Jl+0ZwasHXEveHAO0fduT9eEWrtO/NFw=; b=vAmV6Ve9T1g68nyf2BTmmpfK3ZAGVjLDM0mB03JCVfPJ+0zm5oDlT2x1lMWBmWvEun JWccJWMmHWfCBtbI4jaNV6v5hZDiD/Nru7tBCwZYniVVgfjvbfIgqz6NiaXNRUWCEscJ tIoB+qjES458S02apGDAi4zOFeC+lmlicxeU/8GekT6FthKNDxvGD7yxGvrd0xRrkMbA iMUjUYosY6NT0XivSapHmBKx8zDGq7a8gw5Q2MlX7LBEiHObn7KM6aa1Tw7/pMUqKnl2 6zr+2AN4bupICc0bCNyd0yqN6ynMNsz2QNxvoA3K/Cs5Sya66ZPRtBP6GvBNXmoWUbfs 6+7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=+11UAkspQI3Jl+0ZwasHXEveHAO0fduT9eEWrtO/NFw=; b=YYN5zu45SaSBIiPuKHk3dU1qd7v+Xs42qBEvds89hgQN+kBS7Pj5w3O4AO0XYBhdl6 y9zgYRPnCa0EGeoU9i8dXPmiNpRzaojOmTgkTyyQEkZEFpbK6limPQPCKcmZ2nEPdHL1 vwdC3DHi0T00BgHZwkefBQaUhz21SFBh6649K94/R3EluY3hLkKtLa33WeLYjhj3Amh8 WLufqRGVpY2GNBCWr0Eak0svAgYPBL8OKG4Ofzo4W/6h9/fLrrOvpbPb8a+5aQ7tc8jm mUicZ5B6z+u6gCgkNGE/iXw1OfY0hFfBM+vOgwCaI8W+XSxQJI+Ht5ljCUVGfvW3zD3A UfkA== X-Gm-Message-State: ANoB5pniCjp2FHlIGSZpwZ9tv7AW1cQk25lBJCPll5x4irivRnGXkD0A 5IYbtMPtRI2PCuGyFcify/OwoynIc6yNgo71ShHx X-Received: by 2002:a17:90a:fa8c:b0:221:5597:5de7 with SMTP id cu12-20020a17090afa8c00b0022155975de7mr136592pjb.147.1670900743486; Mon, 12 Dec 2022 19:05:43 -0800 (PST) MIME-Version: 1.0 From: Paul Moore <paul@paul-moore.com> Date: Mon, 12 Dec 2022 22:05:32 -0500 Message-ID: <CAHC9VhSmJHDRroUJifUuDNF+KvVPVtW17CuMzb_RrUKBBkTabA@mail.gmail.com> Subject: [GIT PULL] SELinux patches for v6.2 To: Linus Torvalds <torvalds@linux-foundation.org> Cc: selinux@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1752067073305641139?= X-GMAIL-MSGID: =?utf-8?q?1752067073305641139?= |
Series |
[GIT,PULL] SELinux patches for v6.2
|
|
Pull-request
https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git tags/selinux-pr-20221212Message
Paul Moore
Dec. 13, 2022, 3:05 a.m. UTC
Hi Linus, Two SELinux patches for Linux v6.2: one increases the sleep time on deprecated functionality, and one removes the indirect calls in the sidtab context conversion code. Unfortunately, this pull request does conflict with fixes that were merged during the v6.1-rcX cycle so you will either need to do some manual fixup or you can pull the tag below which has the necessary fixes and has been sanity tested today. If you're looking for something different to handle this merge, let me know. * tags/selinux-pr-20221212.merge -Paul -- The following changes since commit 9abf2313adc1ca1b6180c508c25f22f9395cc780: Linux 6.1-rc1 (2022-10-16 15:36:24 -0700) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git tags/selinux-pr-20221212 for you to fetch changes up to 048be156491ff1aeb0fe5ff0862644d38cd39015: selinux: remove the sidtab context conversion indirect calls (2022-11-09 11:00:49 -0500) ---------------------------------------------------------------- selinux/stable-6.2 PR 20221212 ---------------------------------------------------------------- Paul Moore (2): selinux: increase the deprecation sleep for checkreqprot and runtime disable selinux: remove the sidtab context conversion indirect calls security/selinux/selinuxfs.c | 4 ++-- security/selinux/ss/services.c | 51 ++++++++++++++---------------------- security/selinux/ss/services.h | 14 +++++++++--- security/selinux/ss/sidtab.c | 21 +++++++++-------- security/selinux/ss/sidtab.h | 3 +-- 5 files changed, 47 insertions(+), 46 deletions(-)
Comments
On Mon, Dec 12, 2022 at 7:05 PM Paul Moore <paul@paul-moore.com> wrote: > > Unfortunately, this pull request does > conflict with fixes that were merged during the v6.1-rcX cycle so you > will either need to do some manual fixup or you can pull the tag below > which has the necessary fixes and has been sanity tested today. I did the merge manually, but compared to your version. They were identical except that you hadn't added the documentation entry for the gfp_flags parameter. That said, I'm not super-happy with that merge - it was the trivial straightforward one, but when I looked at the code it struck me that the only thing that actually seems to *use* that gfp_flags argument is that if (oldc->str) { s = kstrdup(oldc->str, gfp_flags); if (!s) return -ENOMEM; sequence. And it strikes me that this is not the only place where selinux ends up doing that whole str = kstrdup(ctx->str, GFP_xyz); dance. It feels to me like that thing shouldn't be an allocation at all, but that selinux should use ref-counted strings instead (and just increase the refcount). It's in other places like context_cpy(), but having it be a refcounted string would also potentially help with "context_cmp()" in that the string compare could be a "is it the same ref-counted pointer" and maybe hit that case most of the time before it even needs to do an actual strcmp. Hmm? Anyway, that was just my reaction to resolving that conflict, and obviously *not* for this merge window. I'm just saying that if you agree, maybe that could be a future improvement, making the whole allocation - and the whole need for that gfp_flag - go away? Linus
The pull request you sent on Mon, 12 Dec 2022 22:05:32 -0500:
> https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git tags/selinux-pr-20221212
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/57888f7b952d3f2696f82a701f1b3d9de7e346d3
Thank you!
On Tue, Dec 13, 2022 at 12:44 PM Linus Torvalds <torvalds@linux-foundation.org> wrote: > On Mon, Dec 12, 2022 at 7:05 PM Paul Moore <paul@paul-moore.com> wrote: > > > > Unfortunately, this pull request does > > conflict with fixes that were merged during the v6.1-rcX cycle so you > > will either need to do some manual fixup or you can pull the tag below > > which has the necessary fixes and has been sanity tested today. > > I did the merge manually, but compared to your version. They were > identical except that you hadn't added the documentation entry for the > gfp_flags parameter. Ah, thanks for catching that. > That said, I'm not super-happy with that merge ... It feels to me like > that thing shouldn't be an allocation at all, but that selinux should > use ref-counted strings instead (and just increase the refcount). It is something worth looking into for the future. I'm in the middle of reworking the audit code, and one of the changes is heavy use of string refcounts to reduce the copies needed.