diff options
author | Stephen Smalley <stephen.smalley.work@gmail.com> | 2023-03-09 13:30:37 -0500 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2023-03-14 15:22:45 -0400 |
commit | e67b79850fcc4eb5816d69d34fd82aeda350aca7 (patch) | |
tree | ac2ab206d913dd36a95347b59bc739551651cafc /security/selinux/status.c | |
parent | f62ca0b6e31d82e0622a8e31ce5562e80edf6c3c (diff) | |
download | linux-e67b79850fcc4eb5816d69d34fd82aeda350aca7.tar.gz linux-e67b79850fcc4eb5816d69d34fd82aeda350aca7.tar.bz2 linux-e67b79850fcc4eb5816d69d34fd82aeda350aca7.zip |
selinux: stop passing selinux_state pointers and their offspring
Linus observed that the pervasive passing of selinux_state pointers
introduced by me in commit aa8e712cee93 ("selinux: wrap global selinux
state") adds overhead and complexity without providing any
benefit. The original idea was to pave the way for SELinux namespaces
but those have not yet been implemented and there isn't currently
a concrete plan to do so. Remove the passing of the selinux_state
pointers, reverting to direct use of the single global selinux_state,
and likewise remove passing of child pointers like the selinux_avc.
The selinux_policy pointer remains as it is needed for atomic switching
of policies.
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/oe-kbuild-all/202303101057.mZ3Gv5fK-lkp@intel.com/
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux/status.c')
-rw-r--r-- | security/selinux/status.c | 44 |
1 files changed, 21 insertions, 23 deletions
diff --git a/security/selinux/status.c b/security/selinux/status.c index 4bc8f809934c..19ef929a075c 100644 --- a/security/selinux/status.c +++ b/security/selinux/status.c @@ -39,21 +39,21 @@ * It returns a reference to selinux_status_page. If the status page is * not allocated yet, it also tries to allocate it at the first time. */ -struct page *selinux_kernel_status_page(struct selinux_state *state) +struct page *selinux_kernel_status_page(void) { struct selinux_kernel_status *status; struct page *result = NULL; - mutex_lock(&state->status_lock); - if (!state->status_page) { - state->status_page = alloc_page(GFP_KERNEL|__GFP_ZERO); + mutex_lock(&selinux_state.status_lock); + if (!selinux_state.status_page) { + selinux_state.status_page = alloc_page(GFP_KERNEL|__GFP_ZERO); - if (state->status_page) { - status = page_address(state->status_page); + if (selinux_state.status_page) { + status = page_address(selinux_state.status_page); status->version = SELINUX_KERNEL_STATUS_VERSION; status->sequence = 0; - status->enforcing = enforcing_enabled(state); + status->enforcing = enforcing_enabled(); /* * NOTE: the next policyload event shall set * a positive value on the status->policyload, @@ -62,11 +62,11 @@ struct page *selinux_kernel_status_page(struct selinux_state *state) */ status->policyload = 0; status->deny_unknown = - !security_get_allow_unknown(state); + !security_get_allow_unknown(); } } - result = state->status_page; - mutex_unlock(&state->status_lock); + result = selinux_state.status_page; + mutex_unlock(&selinux_state.status_lock); return result; } @@ -76,14 +76,13 @@ struct page *selinux_kernel_status_page(struct selinux_state *state) * * It updates status of the current enforcing/permissive mode. */ -void selinux_status_update_setenforce(struct selinux_state *state, - int enforcing) +void selinux_status_update_setenforce(int enforcing) { struct selinux_kernel_status *status; - mutex_lock(&state->status_lock); - if (state->status_page) { - status = page_address(state->status_page); + mutex_lock(&selinux_state.status_lock); + if (selinux_state.status_page) { + status = page_address(selinux_state.status_page); status->sequence++; smp_wmb(); @@ -93,7 +92,7 @@ void selinux_status_update_setenforce(struct selinux_state *state, smp_wmb(); status->sequence++; } - mutex_unlock(&state->status_lock); + mutex_unlock(&selinux_state.status_lock); } /* @@ -102,23 +101,22 @@ void selinux_status_update_setenforce(struct selinux_state *state, * It updates status of the times of policy reloaded, and current * setting of deny_unknown. */ -void selinux_status_update_policyload(struct selinux_state *state, - int seqno) +void selinux_status_update_policyload(int seqno) { struct selinux_kernel_status *status; - mutex_lock(&state->status_lock); - if (state->status_page) { - status = page_address(state->status_page); + mutex_lock(&selinux_state.status_lock); + if (selinux_state.status_page) { + status = page_address(selinux_state.status_page); status->sequence++; smp_wmb(); status->policyload = seqno; - status->deny_unknown = !security_get_allow_unknown(state); + status->deny_unknown = !security_get_allow_unknown(); smp_wmb(); status->sequence++; } - mutex_unlock(&state->status_lock); + mutex_unlock(&selinux_state.status_lock); } |