Re: [PATCH v4 04/42] selinux: dynamically allocate selinux namespace

[PATCH v4 00/42] SELinux namespace support · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 01/42] selinux: restore passing of selinux_state · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 03/42] selinux: support multiple selinuxfs instances · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 02/42] selinux: introduce current_selinux_state · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 04/42] selinux: dynamically allocate selinux namespace · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
Re: [PATCH v4 04/42] selinux: dynamically allocate selinux namespace · Simon Horman <horms@kernel.org> · 2025-06-13
Re: [PATCH v4 04/42] selinux: dynamically allocate selinux namespace · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-13
[PATCH v4 05/42] netstate,selinux: create the selinux netlink socket per network namespace · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 06/42] selinux: limit selinux netlink notifications to init namespace · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 07/42] selinux: support per-task/cred selinux namespace · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 08/42] selinux: introduce cred_selinux_state() and use it · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 09/42] selinux: init inode from nearest initialized namespace · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 10/42] selinux: add a selinuxfs interface to unshare selinux namespace · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 12/42] selinux: exempt creation of init SELinux namespace from limits · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 13/42] selinux: refactor selinux_state_create() · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 14/42] selinux: allow userspace to detect non-init SELinux namespace · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 15/42] selinuxfs: restrict write operations to the same selinux namespace · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 16/42] selinux: introduce a global SID table · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 18/42] selinux: introduce a Kconfig option for SELinux namespaces · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 19/42] selinux: eliminate global SID table if !CONFIG_SECURITY_SELINUX_NS · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 20/42] selinux: maintain a small cache in the global SID table · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 22/42] selinux: introduce cred_task_has_perm() · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 21/42] selinux: update hook functions to use correct selinux namespace · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 23/42] selinux: introduce cred_has_extended_perms() · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 11/42] selinux: add limits for SELinux namespaces · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 26/42] selinux: introduce cred_ssid_has_perm() and cred_other_has_perm() · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 25/42] selinux: introduce cred_has_perm() · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 27/42] selinux: introduce task_obj_perm() · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
Re: [PATCH v4 27/42] selinux: introduce task_obj_perm() · Simon Horman <horms@kernel.org> · 2025-06-13
Re: [PATCH v4 27/42] selinux: introduce task_obj_perm() · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-13
Re: [PATCH v4 27/42] selinux: introduce task_obj_perm() · Simon Horman <horms@kernel.org> · 2025-06-16
Re: [PATCH v4 27/42] selinux: introduce task_obj_perm() · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-16
[PATCH v4 28/42] selinux: update bprm hooks for selinux namespaces · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 29/42] selinux: add kerneldoc to new permission checking functions · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 30/42] selinux: convert selinux_file_send_sigiotask() to namespace-aware helper · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 31/42] selinux: rename cred_has_perm*() to cred_tsid_has_perm*() · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 32/42] selinux: update cred_tsid_has_perm_noaudit() to return the combined avd · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 33/42] selinux: convert additional checks to cred_ssid_has_perm() · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 17/42] selinux: wrap security server interfaces to use the global SID table · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 34/42] selinux: introduce selinux_state_has_perm() · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 35/42] selinux: annotate selinuxfs permission checks · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 36/42] selinux: annotate process transition permission checks · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 37/42] selinux: convert xfrm and netlabel permission checks · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 38/42] selinux: switch selinux_lsm_setattr() checks to current namespace · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 39/42] selinux: make open_perms namespace-aware · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 24/42] selinux: introduce cred_self_has_perm() · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 40/42] selinux: split cred_ssid_has_perm() into two cases · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 41/42] selinux: convert nlmsg_sock_has_extended_perms() to namespace-aware · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10
[PATCH v4 42/42] selinux: disallow writes to /sys/fs/selinux/user in non-init namespaces · Stephen Smalley <stephen.smalley.work@gmail.com> · 2025-06-10

From: Simon Horman <horms@kernel.org>
Date: 2025-06-13 14:14:50
Also in: selinux

On Tue, Jun 10, 2025 at 01:21:35PM -0400, Stephen Smalley wrote:

Move from static allocation of a single selinux namespace to
dynamic allocation.  Include necessary support for lifecycle management
of the selinux namespace, modeled after the user namespace support.

Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>

...

quoted hunk ↗ jump to hunk

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 112edf9b2106..c67965cbfcba 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c

@@ -2202,7 +2202,7 @@ static void security_load_policycaps(struct selinux_state *state,
 static int security_preserve_bools(struct selinux_policy *oldpolicy,
 				struct selinux_policy *newpolicy);
 
-static void selinux_policy_free(struct selinux_policy *policy)
+void selinux_policy_free(struct selinux_policy __rcu *policy)

Hi Stephen,

It looks like this __rcu annotation is insufficient, and further updates
are needed. I didn't look further, but Sparse says:

  .../services.c:2212:27: warning: incorrect type in argument 1 (different address spaces)
  .../services.c:2212:27:    expected struct policydb *p
  .../services.c:2212:27:    got struct policydb [noderef] __rcu *
  .../services.c:2214:15: warning: incorrect type in argument 1 (different address spaces)
  .../services.c:2214:15:    expected void const *objp
  .../services.c:2214:15:    got struct selinux_policy [noderef] __rcu *policy
  .../services.c:2232:39: warning: incorrect type in argument 1 (different address spaces)
  .../services.c:2232:39:    expected struct selinux_policy [noderef] __rcu *policy
  .../services.c:2232:39:    got struct selinux_policy *policy
  .../services.c:2297:29: warning: incorrect type in argument 1 (different address spaces)
  .../services.c:2297:29:    expected struct selinux_policy [noderef] __rcu *policy
  .../services.c:2297:29:    got struct selinux_policy *[assigned] oldpolicy
  .../services.c:2210:24: warning: dereference of noderef expression
  .../services.c:2211:15: warning: dereference of noderef expression
  .../services.c:2213:15: warning: dereference of noderef expression

 {
 	if (!policy)
 		return;

...

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help