[git pull][6.17] vfs.git 5/9: securityfs

[Al Viro <viro@zeniv.linux.org.uk>]

The following changes since commit 19272b37aa4f83ca52bdf9c16d5d81bdd1354494:

  Linux 6.16-rc1 (2025-06-08 13:44:43 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git tags/pull-securityfs

for you to fetch changes up to f42b8d78dee77107245ec5beee3eb01915bcae7f:

  tpm: don't bother with removal of files in directory we'll be removing (2025-06-17 18:11:01 -0400)

----------------------------------------------------------------
securityfs cleanups and fixes:

* one extra reference is enough to pin a dentry down; no need
for two.  Switch to regular scheme, similar to shmem, debugfs,
etc. - that fixes securityfs_recursive_remove() dentry leak,
among other things.

* we need to have the filesystem pinned to prevent the contents
disappearing; what we do not need is pinning it for each file.
Doing that only for files and directories in the root is enough.

* the previous two changes allow to get rid of the racy kludges
in efi_secret_unlink(), where we can use simple_unlink() instead
of securityfs_remove().  Which does not require unlocking and
relocking the parent, with all deadlocks that invites.

* Make securityfs_remove() take the entire subtree out, turning
securityfs_recursive_remove() into its alias.  Makes a lot more
sense for callers and fixes a mount leak, while we are at it.

* Making securityfs_remove() remove the entire subtree allows for
much simpler life in most of the users - efi_secret, ima_fs,
evm, ipe, tmp get cleaner.  I hadn't touched apparmor use of
securityfs, but I suspect that it would be useful there as well.

----------------------------------------------------------------
Al Viro (10):
      securityfs: don't pin dentries twice, once is enough...
      securityfs: pin filesystem only for objects directly in root
      fix locking in efi_secret_unlink()
      make securityfs_remove() remove the entire subtree
      efi_secret: clean securityfs use up
      ima_fs: don't bother with removal of files in directory we'll be removing
      ima_fs: get rid of lookup-by-dentry stuff
      evm_secfs: clear securityfs interactions
      ipe: don't bother with removal of files in directory we'll be removing
      tpm: don't bother with removal of files in directory we'll be removing

 drivers/char/tpm/eventlog/common.c        |  46 +++-------
 drivers/virt/coco/efi_secret/efi_secret.c |  47 ++--------
 include/linux/security.h                  |   3 +-
 include/linux/tpm.h                       |   2 +-
 security/inode.c                          |  62 +++++---------
 security/integrity/evm/evm_secfs.c        |  15 ++--
 security/integrity/ima/ima_fs.c           | 137 +++++++-----------------------
 security/ipe/fs.c                         |  32 +++----
 security/ipe/policy_fs.c                  |   4 +-
 9 files changed, 97 insertions(+), 251 deletions(-)