Thread (101 messages) 101 messages, 14 authors, 2025-11-25

Re: [PATCH v2 35/50] convert selinuxfs

From: Stephen Smalley <stephen.smalley.work@gmail.com>
Date: 2025-10-29 15:07:11
Also in: bpf, linux-efi, linux-fsdevel, linux-mm, linuxppc-dev, ocfs2-devel, selinux 

On Tue, Oct 28, 2025 at 2:00 PM Al Viro [off-list ref] wrote:
Tree has invariant part + two subtrees that get replaced upon each
policy load.  Invariant parts stay for the lifetime of filesystem,
these two subdirs - from policy load to policy load (serialized
on lock_rename(root, ...)).

All object creations are via d_alloc_name()+d_add() inside selinuxfs,
all removals are via simple_recursive_removal().

Turn those d_add() into d_make_persistent()+dput() and that's mostly it.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
I took this series for a spin and didn't see any problems with the
selinux-testsuite.
Also re-based my WIP selinux namespaces patch series [1] on top, which
introduces multiple selinuxfs instances (one per selinux namespace),
and didn't see any problems.

Reviewed-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Tested-by: Stephen Smalley <stephen.smalley.work@gmail.com>

[1] https://lore.kernel.org/selinux/20250814132637.1659-1-stephen.smalley.work@gmail.com/ (local)
quoted hunk ↗ jump to hunk
---
 security/selinux/selinuxfs.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index f088776dbbd3..eae565358db4 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -1205,7 +1205,8 @@ static struct dentry *sel_attach(struct dentry *parent, const char *name,
                iput(inode);
                return ERR_PTR(-ENOMEM);
        }
-       d_add(dentry, inode);
+       d_make_persistent(dentry, inode);
+       dput(dentry);
        return dentry;
 }

@@ -1934,10 +1935,11 @@ static struct dentry *sel_make_swapover_dir(struct super_block *sb,
        /* directory inodes start off with i_nlink == 2 (for "." entry) */
        inc_nlink(inode);
        inode_lock(sb->s_root->d_inode);
-       d_add(dentry, inode);
+       d_make_persistent(dentry, inode);
        inc_nlink(sb->s_root->d_inode);
        inode_unlock(sb->s_root->d_inode);
-       return dentry;
+       dput(dentry);
+       return dentry;  // borrowed
 }

 #define NULL_FILE_NAME "null"
@@ -2080,7 +2082,7 @@ static int sel_init_fs_context(struct fs_context *fc)
 static void sel_kill_sb(struct super_block *sb)
 {
        selinux_fs_info_free(sb);
-       kill_litter_super(sb);
+       kill_anon_super(sb);
 }

 static struct file_system_type sel_fs_type = {
--
2.47.3
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help