linux-next: manual merge of the selinux tree with Linus' tree
Commit Message
Hi all,
Today's linux-next merge of the selinux tree got conflicts in:
security/selinux/ss/services.c
security/selinux/ss/sidtab.c
security/selinux/ss/sidtab.h
between commit:
abe3c631447d ("selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()")
from Linus' tree and commit:
048be156491f ("selinux: remove the sidtab context conversion indirect calls")
from the selinux tree.
I fixed it up (see below) and applied the following merge fix patch
as well and can carry the fix as necessary. This is now fixed as far as
linux-next is concerned, but any non trivial conflicts should be mentioned
to your upstream maintainer when your tree is submitted for merging.
You may also want to consider cooperating with the maintainer of the
conflicting tree to minimise any particularly complex conflicts.
From: Stephen Rothwell <sfr@canb.auug.org.au>
Date: Thu, 10 Nov 2022 12:38:01 +1100
Subject: [PATCH] selinux: fix up for "selinux: enable use of both GFP_KERNEL
and GFP_ATOMIC in convert_context()"
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
---
security/selinux/ss/services.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
+++ b/security/selinux/ss/sidtab.c
@@@ -324,8 -327,8 +327,9 @@@ int sidtab_context_to_sid(struct sidta
goto out_unlock;
}
- rc = convert->func(context, &dst_convert->context,
- convert->args, GFP_ATOMIC);
+ rc = services_convert_context(convert->args,
- context, &dst_convert->context);
++ context, &dst_convert->context,
++ GFP_ATOMIC);
if (rc) {
context_destroy(&dst->context);
goto out_unlock;
@@@ -402,9 -405,9 +406,10 @@@ static int sidtab_convert_tree(union si
}
i = 0;
while (i < SIDTAB_LEAF_ENTRIES && *pos < count) {
- rc = convert->func(&esrc->ptr_leaf->entries[i].context,
- &edst->ptr_leaf->entries[i].context,
- convert->args, GFP_KERNEL);
+ rc = services_convert_context(convert->args,
+ &esrc->ptr_leaf->entries[i].context,
- &edst->ptr_leaf->entries[i].context);
++ &edst->ptr_leaf->entries[i].context,
++ GFP_KERNEL);
if (rc)
return rc;
(*pos)++;
Comments
On Wed, Nov 9, 2022 at 8:44 PM Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> Hi all,
>
> Today's linux-next merge of the selinux tree got conflicts in:
>
> security/selinux/ss/services.c
> security/selinux/ss/sidtab.c
> security/selinux/ss/sidtab.h
>
> between commit:
>
> abe3c631447d ("selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()")
>
> from Linus' tree and commit:
>
> 048be156491f ("selinux: remove the sidtab context conversion indirect calls")
>
> from the selinux tree.
>
> I fixed it up (see below) and applied the following merge fix patch
> as well and can carry the fix as necessary. This is now fixed as far as
> linux-next is concerned, but any non trivial conflicts should be mentioned
> to your upstream maintainer when your tree is submitted for merging.
> You may also want to consider cooperating with the maintainer of the
> conflicting tree to minimise any particularly complex conflicts.
I had to make a similar patch for my own testing. Thanks Stephen.
Out of curiosity, is there an established procedure for notifying
linux-next about such conflicts? I'm happy to let Stephen find it on
his own and handle the merge for linux-next, but it seems like there
is some duplicated work here ...
@@ -41,6 +41,7 @@ void services_compute_xperms_decision(struct extended_perms_decision *xpermd,
struct avtab_node *node);
int services_convert_context(struct convert_context_args *args,
- struct context *oldc, struct context *newc);
+ struct context *oldc, struct context *newc,
+ gfp_t gfp_flags);
#endif /* _SS_SERVICES_H_ */
--
2.35.1
--
Cheers,
Stephen Rothwell
@@@ -2014,18 -2008,20 +2008,21 @@@ static inline int convert_context_handl
return 0;
}
- /*
- * Convert the values in the security context
- * structure `oldc' from the values specified
- * in the policy `p->oldp' to the values specified
- * in the policy `p->newp', storing the new context
- * in `newc'. Verify that the context is valid
- * under the new policy.
+ /**
+ * services_convert_context - Convert a security context across policies.
+ * @args: populated convert_context_args struct
+ * @oldc: original context
+ * @newc: converted context
+ *
+ * Convert the values in the security context structure @oldc from the values
+ * specified in the policy @args->oldp to the values specified in the policy
+ * @args->newp, storing the new context in @newc, and verifying that the
+ * context is valid under the new policy.
*/
- static int convert_context(struct context *oldc, struct context *newc, void *p,
- gfp_t gfp_flags)
+ int services_convert_context(struct convert_context_args *args,
- struct context *oldc, struct context *newc)
++ struct context *oldc, struct context *newc,
++ gfp_t gfp_flags)
{
- struct convert_context_args *args;
struct ocontext *oc;
struct role_datum *role;
struct type_datum *typdatum;
@@@ -2034,10 -2030,8 +2031,8 @@@
u32 len;
int rc;
- args = p;
-
if (oldc->str) {
- s = kstrdup(oldc->str, GFP_KERNEL);
+ s = kstrdup(oldc->str, gfp_flags);
if (!s)
return -ENOMEM;