[PATCH v3 35/50] convert selinuxfs

[PATCH v3 00/50] tree-in-dcache stuff · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 24/50] convert ibmasmfs · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 13/50] convert hugetlbfs · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 25/50] ibmasmfs: get rid of ibmasmfs_dir_ops · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 14/50] convert mqueue · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 02/50] tracefs: fix a leak in eventfs_create_events_dir() · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 05/50] introduce a flag for explicitly marking persistently pinned dentries · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 08/50] convert ramfs and tmpfs · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 21/50] debugfs: remove duplicate checks in callers of start_creating() · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 17/50] convert fuse_ctl · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
Re: [PATCH v3 17/50] convert fuse_ctl · Miklos Szeredi <miklos@szeredi.hu> · 2025-11-11
[PATCH v3 19/50] convert tracefs · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 01/50] fuse_ctl_add_conn(): fix nlink breakage in case of early failure · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
Re: [PATCH v3 01/50] fuse_ctl_add_conn(): fix nlink breakage in case of early failure · Miklos Szeredi <miklos@szeredi.hu> · 2025-11-11
[PATCH v3 12/50] convert smackfs · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 04/50] new helper: simple_done_creating() · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 22/50] convert efivarfs · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 09/50] procfs: make /self and /thread_self dentries persistent · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 10/50] configfs, securityfs: kill_litter_super() not needed · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 16/50] convert dlmfs · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 18/50] convert pstore · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 15/50] convert bpf · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 28/50] binderfs_binder_ctl_create(): kill a bogus check · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 30/50] autofs_{rmdir,unlink}: dentry->d_fsdata->dentry == dentry there · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 27/50] binderfs: use simple_start_creating() · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 23/50] convert spufs · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 06/50] primitives for maintaining persisitency · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 03/50] new helper: simple_remove_by_name() · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
Re: [PATCH v3 03/50] new helper: simple_remove_by_name() · Miklos Szeredi <miklos@szeredi.hu> · 2025-11-11
[PATCH v3 11/50] convert xenfs · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 20/50] convert debugfs · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 26/50] convert devpts · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 07/50] convert simple_{link,unlink,rmdir,rename,fill_super}() to new primitives · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 32/50] convert binfmt_misc · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 29/50] convert binderfs · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 31/50] convert autofs · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 33/50] selinuxfs: don't stash the dentry of /policy_capabilities · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 34/50] selinuxfs: new helper for attaching files to tree · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
Re: [PATCH v3 34/50] selinuxfs: new helper for attaching files to tree · bot+bpf-ci@kernel.org · 2025-11-11
Re: [PATCH v3 34/50] selinuxfs: new helper for attaching files to tree · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
Re: [PATCH v3 34/50] selinuxfs: new helper for attaching files to tree · Chris Mason <hidden> · 2025-11-12
[PATCH v3 35/50] convert selinuxfs · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 39/50] convert gadgetfs · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 36/50] functionfs: switch to simple_remove_by_name() · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
Re: [PATCH v3 36/50] functionfs: switch to simple_remove_by_name() · bot+bpf-ci@kernel.org · 2025-11-11
Re: [PATCH v3 36/50] functionfs: switch to simple_remove_by_name() · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
Re: [PATCH v3 36/50] functionfs: switch to simple_remove_by_name() · Christian Brauner <brauner@kernel.org> · 2025-11-11
Re: [PATCH v3 36/50] functionfs: switch to simple_remove_by_name() · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
Re: [PATCH v3 36/50] functionfs: switch to simple_remove_by_name() · Chris Mason <hidden> · 2025-11-11
Re: [PATCH v3 36/50] functionfs: switch to simple_remove_by_name() · Chris Mason <hidden> · 2025-11-12
[functionfs] mainline UAF (was Re: [PATCH v3 36/50] functionfs: switch to simple_remove_by_name()) · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-13
Re: [functionfs] mainline UAF (was Re: [PATCH v3 36/50] functionfs: switch to simple_remove_by_name()) · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2025-11-13
Re: [functionfs] mainline UAF (was Re: [PATCH v3 36/50] functionfs: switch to simple_remove_by_name()) · Chris Mason <hidden> · 2025-11-14
Re: [functionfs] mainline UAF (was Re: [PATCH v3 36/50] functionfs: switch to simple_remove_by_name()) · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-14
Re: [functionfs] mainline UAF (was Re: [PATCH v3 36/50] functionfs: switch to simple_remove_by_name()) · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-14
Re: [functionfs] mainline UAF (was Re: [PATCH v3 36/50] functionfs: switch to simple_remove_by_name()) · Christian Brauner <brauner@kernel.org> · 2025-11-14
Re: [functionfs] mainline UAF (was Re: [PATCH v3 36/50] functionfs: switch to simple_remove_by_name()) · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2025-11-15
Re: [functionfs] mainline UAF (was Re: [PATCH v3 36/50] functionfs: switch to simple_remove_by_name()) · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-16
Re: [functionfs] mainline UAF (was Re: [PATCH v3 36/50] functionfs: switch to simple_remove_by_name()) · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-17
[PATCH 1/4] functionfs: don't abuse ffs_data_closed() on fs shutdown · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-17
[PATCH 2/4] functionfs: don't bother with ffs->ref in ffs_data_{opened,closed}() · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-17
[PATCH 3/4] functionfs: need to cancel ->reset_work in ->kill_sb() · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-17
[PATCH 4/4] functionfs: fix the open/removal races · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-17
Re: [functionfs] mainline UAF (was Re: [PATCH v3 36/50] functionfs: switch to simple_remove_by_name()) · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2025-11-18
[PATCH v3 37/50] convert functionfs · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 38/50] gadgetfs: switch to simple_remove_by_name() · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 40/50] hypfs: don't pin dentries twice · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 41/50] hypfs: switch hypfs_create_str() to returning int · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 43/50] convert hypfs · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 42/50] hypfs: swich hypfs_create_u64() to returning int · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 44/50] convert rpc_pipefs · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 45/50] convert nfsctl · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 46/50] convert rust_binderfs · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 47/50] get rid of kill_litter_super() · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 48/50] convert securityfs · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 49/50] kill securityfs_recursive_remove() · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11
[PATCH v3 50/50] d_make_discardable(): warn if given a non-persistent dentry · Al Viro <viro@zeniv.linux.org.uk> · 2025-11-11

From: Al Viro <viro@zeniv.linux.org.uk>
Date: 2025-11-11 06:55:29
Also in: bpf, linux-efi, linux-fsdevel, linux-mm, linux-usb, ocfs2-devel, selinux
Subsystem: selinux security module, the rest · Maintainers: Paul Moore, Stephen Smalley, Linus Torvalds

Tree has invariant part + two subtrees that get replaced upon each
policy load.  Invariant parts stay for the lifetime of filesystem,
these two subdirs - from policy load to policy load (serialized
on lock_rename(root, ...)).

All object creations are via d_alloc_name()+d_add() inside selinuxfs,
all removals are via simple_recursive_removal().

Turn those d_add() into d_make_persistent()+dput() and that's mostly it.

Acked-by: Paul Moore <paul@paul-moore.com>
Reviewed-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Tested-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 security/selinux/selinuxfs.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index f088776dbbd3..eae565358db4 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c

@@ -1205,7 +1205,8 @@ static struct dentry *sel_attach(struct dentry *parent, const char *name,
 		iput(inode);
 		return ERR_PTR(-ENOMEM);
 	}
-	d_add(dentry, inode);
+	d_make_persistent(dentry, inode);
+	dput(dentry);
 	return dentry;
 }

@@ -1934,10 +1935,11 @@ static struct dentry *sel_make_swapover_dir(struct super_block *sb,
 	/* directory inodes start off with i_nlink == 2 (for "." entry) */
 	inc_nlink(inode);
 	inode_lock(sb->s_root->d_inode);
-	d_add(dentry, inode);
+	d_make_persistent(dentry, inode);
 	inc_nlink(sb->s_root->d_inode);
 	inode_unlock(sb->s_root->d_inode);
-	return dentry;
+	dput(dentry);
+	return dentry;	// borrowed
 }
 
 #define NULL_FILE_NAME "null"

@@ -2080,7 +2082,7 @@ static int sel_init_fs_context(struct fs_context *fc)
 static void sel_kill_sb(struct super_block *sb)
 {
 	selinux_fs_info_free(sb);
-	kill_litter_super(sb);
+	kill_anon_super(sb);
 }
 
 static struct file_system_type sel_fs_type = {

-- 
2.47.3

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help