diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2023-04-24 11:11:59 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2023-04-24 11:11:59 -0700 |
| commit | 72eaa0967b594cb9886c2f277a69ac1ea935b1a8 (patch) | |
| tree | 293a7044db9c117418cabbec7027ab098397af50 /include | |
| parent | a5624566431de76b17862383d9ae254d9606cba9 (diff) | |
| parent | 4ce1f694eb5d8ca607fed8542d32a33b4f1217a5 (diff) | |
Merge tag 'selinux-pr-20230420' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux updates from Paul Moore:
- Stop passing the 'selinux_state' pointers as function arguments
As discussed during the end of the last development cycle, passing a
selinux_state pointer through the SELinux code has a noticeable
impact on performance, and with the current code it is not strictly
necessary.
This simplifies things by referring directly to the single
selinux_state global variable which should help improve SELinux
performance.
- Uninline the unlikely portions of avc_has_perm_noaudit()
This change was also based on a discussion from the last development
cycle, and is heavily based on an initial proof of concept patch from
you. The core issue was that avc_has_perm_noaudit() was not able to
be inlined, as intended, due to its size. We solved this issue by
extracting the less frequently hit portions of avc_has_perm_noaudit()
into a separate function, reducing the size of avc_has_perm_noaudit()
to the point where the compiler began inlining the function. We also
took the opportunity to clean up some ugly RCU locking in the code
that became uglier with the change.
- Remove the runtime disable functionality
After several years of work by the userspace and distro folks, we are
finally in a place where we feel comfortable removing the runtime
disable functionality which we initially deprecated at the start of
2020.
There is plenty of information in the kernel's deprecation (now
removal) notice, but the main motivation was to be able to safely
mark the LSM hook structures as '__ro_after_init'.
LWN also wrote a good summary of the deprecation this morning which
offers a more detailed history:
https://lwn.net/SubscriberLink/927463/dcfa0d4ed2872f03
- Remove the checkreqprot functionality
The original checkreqprot deprecation notice stated that the removal
would happen no sooner than June 2021, which means this falls hard
into the "better late than never" bucket.
The Kconfig and deprecation notice has more detail on this setting,
but the basic idea is that we want to ensure that the SELinux policy
allows for the memory protections actually applied by the kernel, and
not those requested by the process.
While we haven't found anyone running a supported distro that is
affected by this deprecation/removal, anyone who is affected would
only need to update their policy to reflect the reality of their
applications' mapping protections.
- Minor Makefile improvements
Some minor Makefile improvements to correct some dependency issues
likely only ever seen by SELinux developers. I expect we will have at
least one more tweak to the Makefile during the next merge window,
but it didn't quite make the cutoff this time around.
* tag 'selinux-pr-20230420' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: ensure av_permissions.h is built when needed
selinux: fix Makefile dependencies of flask.h
selinux: stop returning node from avc_insert()
selinux: clean up dead code after removing runtime disable
selinux: update the file list in MAINTAINERS
selinux: remove the runtime disable functionality
selinux: remove the 'checkreqprot' functionality
selinux: stop passing selinux_state pointers and their offspring
selinux: uninline unlikely parts of avc_has_perm_noaudit()
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/lsm_hooks.h | 30 |
1 files changed, 0 insertions, 30 deletions
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 6e156d2acffc..60cdc83bf8af 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1740,36 +1740,6 @@ extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[]; __used __section(".early_lsm_info.init") \ __aligned(sizeof(unsigned long)) -#ifdef CONFIG_SECURITY_SELINUX_DISABLE -/* - * Assuring the safety of deleting a security module is up to - * the security module involved. This may entail ordering the - * module's hook list in a particular way, refusing to disable - * the module once a policy is loaded or any number of other - * actions better imagined than described. - * - * The name of the configuration option reflects the only module - * that currently uses the mechanism. Any developer who thinks - * disabling their module is a good idea needs to be at least as - * careful as the SELinux team. - */ -static inline void security_delete_hooks(struct security_hook_list *hooks, - int count) -{ - int i; - - for (i = 0; i < count; i++) - hlist_del_rcu(&hooks[i].list); -} -#endif /* CONFIG_SECURITY_SELINUX_DISABLE */ - -/* Currently required to handle SELinux runtime hook disable. */ -#ifdef CONFIG_SECURITY_WRITABLE_HOOKS -#define __lsm_ro_after_init -#else -#define __lsm_ro_after_init __ro_after_init -#endif /* CONFIG_SECURITY_WRITABLE_HOOKS */ - extern int lsm_inode_alloc(struct inode *inode); #endif /* ! __LINUX_LSM_HOOKS_H */ |