[GIT PULL] SELinux fixes for v6.1 (#1)

[GIT PULL] SELinux fixes for v6.1 (#1)

[Paul Moore]

Hi Linus,

A small SELinux fix for v6.1 to fix a GFP_KERNEL allocation while a
spinlock is held.  The patch, while still fairly small, is a bit
larger than one might expect from a simple s/GFP_KERNEL/GFP_ATOMIC/
conversion because we added support for the function to be called with
different gfp flags depending on the context, preserving GFP_KERNEL
for those cases that can safely sleep.

Please merge for v6.1-rcX.
-Paul

--
The following changes since commit 9abf2313adc1ca1b6180c508c25f22f9395cc780:

 Linux 6.1-rc1 (2022-10-16 15:36:24 -0700)

are available in the Git repository at:

 git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
   tags/selinux-pr-20221020

for you to fetch changes up to abe3c631447dcd1ba7af972fe6f054bee6f136fa:

 selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()
   (2022-10-19 09:55:53 -0400)

----------------------------------------------------------------
selinux/stable-6.1 PR 20221020

----------------------------------------------------------------
GONG, Ruiqi (1):
     selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()

security/selinux/ss/services.c | 5 +++--
security/selinux/ss/sidtab.c   | 4 ++--
security/selinux/ss/sidtab.h   | 2 +-
3 files changed, 6 insertions(+), 5 deletions(-)

-- 
paul-moore.com

Re: [GIT PULL] SELinux fixes for v6.1 (#1)

[Linus Torvalds]

On Thu, Oct 20, 2022 at 8:20 AM Paul Moore <paul@paul-moore.com> wrote:
>
>         The patch, while still fairly small, is a bit
> larger than one might expect from a simple s/GFP_KERNEL/GFP_ATOMIC/
> conversion because we added support for the function to be called with
> different gfp flags depending on the context, preserving GFP_KERNEL
> for those cases that can safely sleep.

Hmm.

So I've pulled this, but that patch actually makes it obvious that
there is only one single possible function for "convert->func", namely
that "convert_context()" function.

So why is that an indirect function call in the first place? That just
makes for slower (particularly in this age of indirect call
speculation costs), and bigger code, and only makes it harder to see
what is going on.

In the call-site, it looks like "Oh, this will call some
conversion-specific callback function".

In reality, there is no context-specific callback, there is only ever
convert_context().

Inefficient and misleading code. Not a great combination.

              Linus

Re: [GIT PULL] SELinux fixes for v6.1 (#1)

[pr-tracker-bot]

The pull request you sent on Thu, 20 Oct 2022 11:20:07 -0400:

> git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git tags/selinux-pr-20221020

has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/0de0b76837c2e958ad0e8fa9abd9846843fbf3f8

Thank you!

-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html

Re: [GIT PULL] SELinux fixes for v6.1 (#1)

[Paul Moore]

On Fri, Oct 21, 2022 at 5:42 PM Linus Torvalds
<torvalds@linux-foundation.org> wrote:
> On Thu, Oct 20, 2022 at 8:20 AM Paul Moore <paul@paul-moore.com> wrote:
> >
> >         The patch, while still fairly small, is a bit
> > larger than one might expect from a simple s/GFP_KERNEL/GFP_ATOMIC/
> > conversion because we added support for the function to be called with
> > different gfp flags depending on the context, preserving GFP_KERNEL
> > for those cases that can safely sleep.
>
> Hmm.
>
> So I've pulled this, but that patch actually makes it obvious that
> there is only one single possible function for "convert->func", namely
> that "convert_context()" function.

Sorry for the delay, network access has been limited the past few
weeks so I needed to prioritize things like getting fixes out over non
critical responses.

Anyway, yes, you're right, it's something we should look into
resolving and I plan to do that in the coming week or two.

-- 
paul-moore.com