| Message ID | CAHC9VhSmJHDRroUJifUuDNF+KvVPVtW17CuMzb_RrUKBBkTabA@mail.gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | [GIT,PULL] SELinux patches for v6.2 | expand |
On Mon, Dec 12, 2022 at 7:05 PM Paul Moore <paul@paul-moore.com> wrote: > > Unfortunately, this pull request does > conflict with fixes that were merged during the v6.1-rcX cycle so you > will either need to do some manual fixup or you can pull the tag below > which has the necessary fixes and has been sanity tested today. I did the merge manually, but compared to your version. They were identical except that you hadn't added the documentation entry for the gfp_flags parameter. That said, I'm not super-happy with that merge - it was the trivial straightforward one, but when I looked at the code it struck me that the only thing that actually seems to *use* that gfp_flags argument is that if (oldc->str) { s = kstrdup(oldc->str, gfp_flags); if (!s) return -ENOMEM; sequence. And it strikes me that this is not the only place where selinux ends up doing that whole str = kstrdup(ctx->str, GFP_xyz); dance. It feels to me like that thing shouldn't be an allocation at all, but that selinux should use ref-counted strings instead (and just increase the refcount). It's in other places like context_cpy(), but having it be a refcounted string would also potentially help with "context_cmp()" in that the string compare could be a "is it the same ref-counted pointer" and maybe hit that case most of the time before it even needs to do an actual strcmp. Hmm? Anyway, that was just my reaction to resolving that conflict, and obviously *not* for this merge window. I'm just saying that if you agree, maybe that could be a future improvement, making the whole allocation - and the whole need for that gfp_flag - go away? Linus
The pull request you sent on Mon, 12 Dec 2022 22:05:32 -0500:
> https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git tags/selinux-pr-20221212
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/57888f7b952d3f2696f82a701f1b3d9de7e346d3
Thank you!
On Tue, Dec 13, 2022 at 12:44 PM Linus Torvalds <torvalds@linux-foundation.org> wrote: > On Mon, Dec 12, 2022 at 7:05 PM Paul Moore <paul@paul-moore.com> wrote: > > > > Unfortunately, this pull request does > > conflict with fixes that were merged during the v6.1-rcX cycle so you > > will either need to do some manual fixup or you can pull the tag below > > which has the necessary fixes and has been sanity tested today. > > I did the merge manually, but compared to your version. They were > identical except that you hadn't added the documentation entry for the > gfp_flags parameter. Ah, thanks for catching that. > That said, I'm not super-happy with that merge ... It feels to me like > that thing shouldn't be an allocation at all, but that selinux should > use ref-counted strings instead (and just increase the refcount). It is something worth looking into for the future. I'm in the middle of reworking the audit code, and one of the changes is heavy use of string refcounts to reduce the copies needed.
Hi Linus, Two SELinux patches for Linux v6.2: one increases the sleep time on deprecated functionality, and one removes the indirect calls in the sidtab context conversion code. Unfortunately, this pull request does conflict with fixes that were merged during the v6.1-rcX cycle so you will either need to do some manual fixup or you can pull the tag below which has the necessary fixes and has been sanity tested today. If you're looking for something different to handle this merge, let me know. * tags/selinux-pr-20221212.merge -Paul -- The following changes since commit 9abf2313adc1ca1b6180c508c25f22f9395cc780: Linux 6.1-rc1 (2022-10-16 15:36:24 -0700) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git tags/selinux-pr-20221212 for you to fetch changes up to 048be156491ff1aeb0fe5ff0862644d38cd39015: selinux: remove the sidtab context conversion indirect calls (2022-11-09 11:00:49 -0500) ---------------------------------------------------------------- selinux/stable-6.2 PR 20221212 ---------------------------------------------------------------- Paul Moore (2): selinux: increase the deprecation sleep for checkreqprot and runtime disable selinux: remove the sidtab context conversion indirect calls security/selinux/selinuxfs.c | 4 ++-- security/selinux/ss/services.c | 51 ++++++++++++++---------------------- security/selinux/ss/services.h | 14 +++++++++--- security/selinux/ss/sidtab.c | 21 +++++++++-------- security/selinux/ss/sidtab.h | 3 +-- 5 files changed, 47 insertions(+), 46 deletions(-)