From: Al Viro <viro@zeniv.linux.org.uk>
To: Paul Moore <paul@paul-moore.com>
Cc: linux-fsdevel@vger.kernel.org, torvalds@linux-foundation.org,
brauner@kernel.org, jack@suse.cz, raven@themaw.net,
miklos@szeredi.hu, a.hindborg@kernel.org, linux-mm@kvack.org,
linux-efi@vger.kernel.org, ocfs2-devel@lists.linux.dev,
kees@kernel.org, rostedt@goodmis.org, gregkh@linuxfoundation.org,
linux-usb@vger.kernel.org, casey@schaufler-ca.com,
linuxppc-dev@lists.ozlabs.org, borntraeger@linux.ibm.com
Subject: Re: [PATCH 31/39] convert selinuxfs
Date: Mon, 22 Sep 2025 04:52:18 +0100 [thread overview]
Message-ID: <20250922035218.GP39973@ZenIV> (raw)
In-Reply-To: <CAHC9VhTy2j+hkT24hM1J2GH+12wp63DArRo6BGTvTwGX2k4CnA@mail.gmail.com>
On Sun, Sep 21, 2025 at 10:50:02PM -0400, Paul Moore wrote:
> Looks good to me, ACK below. For me personally, it's a bit late to
> take non-bugfix stuff for the upcoming merge window so I would defer
> this for a few weeks, but if you want to take it now that's your call.
> Also your call if you would prefer this to go in with the rest of the
> patchset you've working on, or if you want me to take it via the
> SELinux tree. Let me know.
Seeing that it's already a 41-commit patchset (rpc_pipe conversion pulled
in, now +1 from this split) with several more in the pipeline (securityfs
conversion, for starters) and it's -rc7...
I think I'll post v2 in the middle of the week, but aim for the next
cycle. Rebase to -rc1 as soon as it comes, post v3 for review and testing,
then shove it into -next.
Especially since #work.nfsctl is in -next, so hopefully by -rc1 there won't
be any need to put merges in the middle of the series, with conversion of
nfsctl included into the series, bringing with it removal of kill_litter_super()
and (hopefully) "give configfs and apparmorfs private copies of simple_unlink()
and simple_rmdir() doing dput() instead of d_make_discardable(), then make
d_make_discardable() complain about being called on non-persistent dentries".
Speaking of additional patches into that series: AFAICS there's no reason
for selinuxfs to allocate dentry before the inode. Doing it the other way
round simplifies the things quite a bit, IMO. Something like this (as followup
to the previous patch):
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 482a2cac9640..7bee2d8bdec5 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -1197,6 +1197,25 @@ static struct inode *sel_make_inode(struct super_block *sb, umode_t mode)
return ret;
}
+static struct dentry *sel_attach(struct dentry *parent, const char *name,
+ struct inode *inode)
+{
+ struct dentry *dentry = d_alloc_name(parent, name);
+ if (unlikely(!dentry)) {
+ iput(inode);
+ return ERR_PTR(-ENOMEM);
+ }
+ d_add(dentry, inode);
+ return dentry;
+}
+
+static int sel_attach_file(struct dentry *parent, const char *name,
+ struct inode *inode)
+{
+ struct dentry *dentry = sel_attach(parent, name, inode);
+ return PTR_ERR_OR_ZERO(dentry);
+}
+
static ssize_t sel_read_bool(struct file *filep, char __user *buf,
size_t count, loff_t *ppos)
{
@@ -1364,8 +1383,7 @@ static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_
*bool_num = num;
*bool_pending_names = names;
- for (i = 0; i < num; i++) {
- struct dentry *dentry;
+ for (i = 0; !ret && i < num; i++) {
struct inode *inode;
struct inode_security_struct *isec;
ssize_t len;
@@ -1376,15 +1394,9 @@ static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_
ret = -ENAMETOOLONG;
break;
}
- dentry = d_alloc_name(bool_dir, names[i]);
- if (!dentry) {
- ret = -ENOMEM;
- break;
- }
inode = sel_make_inode(bool_dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR);
if (!inode) {
- dput(dentry);
ret = -ENOMEM;
break;
}
@@ -1402,7 +1414,8 @@ static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_
isec->initialized = LABEL_INITIALIZED;
inode->i_fop = &sel_bool_ops;
inode->i_ino = i|SEL_BOOL_INO_OFFSET;
- d_add(dentry, inode);
+
+ ret = sel_attach_file(bool_dir, names[i], inode);
}
out:
free_page((unsigned long)page);
@@ -1587,6 +1600,7 @@ static int sel_make_avc_files(struct dentry *dir)
struct super_block *sb = dir->d_sb;
struct selinux_fs_info *fsi = sb->s_fs_info;
unsigned int i;
+ int err = 0;
static const struct tree_descr files[] = {
{ "cache_threshold",
&sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR },
@@ -1596,26 +1610,20 @@ static int sel_make_avc_files(struct dentry *dir)
#endif
};
- for (i = 0; i < ARRAY_SIZE(files); i++) {
+ for (i = 0; !err && i < ARRAY_SIZE(files); i++) {
struct inode *inode;
- struct dentry *dentry;
-
- dentry = d_alloc_name(dir, files[i].name);
- if (!dentry)
- return -ENOMEM;
inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode);
- if (!inode) {
- dput(dentry);
+ if (!inode)
return -ENOMEM;
- }
inode->i_fop = files[i].ops;
inode->i_ino = ++fsi->last_ino;
- d_add(dentry, inode);
+
+ err = sel_attach_file(dir, files[i].name, inode);
}
- return 0;
+ return err;
}
static int sel_make_ss_files(struct dentry *dir)
@@ -1623,30 +1631,25 @@ static int sel_make_ss_files(struct dentry *dir)
struct super_block *sb = dir->d_sb;
struct selinux_fs_info *fsi = sb->s_fs_info;
unsigned int i;
+ int err = 0;
static const struct tree_descr files[] = {
{ "sidtab_hash_stats", &sel_sidtab_hash_stats_ops, S_IRUGO },
};
- for (i = 0; i < ARRAY_SIZE(files); i++) {
+ for (i = 0; !err && i < ARRAY_SIZE(files); i++) {
struct inode *inode;
- struct dentry *dentry;
-
- dentry = d_alloc_name(dir, files[i].name);
- if (!dentry)
- return -ENOMEM;
inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode);
- if (!inode) {
- dput(dentry);
+ if (!inode)
return -ENOMEM;
- }
inode->i_fop = files[i].ops;
inode->i_ino = ++fsi->last_ino;
- d_add(dentry, inode);
+
+ err = sel_attach_file(dir, files[i].name, inode);
}
- return 0;
+ return err;
}
static ssize_t sel_read_initcon(struct file *file, char __user *buf,
@@ -1674,30 +1677,25 @@ static const struct file_operations sel_initcon_ops = {
static int sel_make_initcon_files(struct dentry *dir)
{
unsigned int i;
+ int err = 0;
- for (i = 1; i <= SECINITSID_NUM; i++) {
- struct inode *inode;
- struct dentry *dentry;
+ for (i = 1; !err && i <= SECINITSID_NUM; i++) {
const char *s = security_get_initial_sid_context(i);
+ struct inode *inode;
if (!s)
continue;
- dentry = d_alloc_name(dir, s);
- if (!dentry)
- return -ENOMEM;
inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
- if (!inode) {
- dput(dentry);
+ if (!inode)
return -ENOMEM;
- }
inode->i_fop = &sel_initcon_ops;
inode->i_ino = i|SEL_INITCON_INO_OFFSET;
- d_add(dentry, inode);
+ err = sel_attach_file(dir, s, inode);
}
- return 0;
+ return err;
}
static inline unsigned long sel_class_to_ino(u16 class)
@@ -1779,29 +1777,21 @@ static int sel_make_perm_files(struct selinux_policy *newpolicy,
if (rc)
return rc;
- for (i = 0; i < nperms; i++) {
+ for (i = 0; !rc && i < nperms; i++) {
struct inode *inode;
- struct dentry *dentry;
- rc = -ENOMEM;
- dentry = d_alloc_name(dir, perms[i]);
- if (!dentry)
- goto out;
-
- rc = -ENOMEM;
inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
if (!inode) {
- dput(dentry);
- goto out;
+ rc = -ENOMEM;
+ break;
}
inode->i_fop = &sel_perm_ops;
/* i+1 since perm values are 1-indexed */
inode->i_ino = sel_perm_to_ino(classvalue, i + 1);
- d_add(dentry, inode);
+
+ rc = sel_attach_file(dir, perms[i], inode);
}
- rc = 0;
-out:
for (i = 0; i < nperms; i++)
kfree(perms[i]);
kfree(perms);
@@ -1816,20 +1806,18 @@ static int sel_make_class_dir_entries(struct selinux_policy *newpolicy,
struct selinux_fs_info *fsi = sb->s_fs_info;
struct dentry *dentry = NULL;
struct inode *inode = NULL;
-
- dentry = d_alloc_name(dir, "index");
- if (!dentry)
- return -ENOMEM;
+ int err;
inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
- if (!inode) {
- dput(dentry);
+ if (!inode)
return -ENOMEM;
- }
inode->i_fop = &sel_class_ops;
inode->i_ino = sel_class_to_ino(index);
- d_add(dentry, inode);
+
+ err = sel_attach_file(dir, "index", inode);
+ if (err)
+ return err;
dentry = sel_make_dir(dir, "perms", &fsi->last_class_ino);
if (IS_ERR(dentry))
@@ -1881,58 +1869,47 @@ static int sel_make_policycap(struct dentry *dir)
{
struct super_block *sb = dir->d_sb;
unsigned int iter;
- struct dentry *dentry = NULL;
struct inode *inode = NULL;
+ int err = 0;
+
+ for (iter = 0; !err && iter <= POLICYDB_CAP_MAX; iter++) {
+ const char *name;
- for (iter = 0; iter <= POLICYDB_CAP_MAX; iter++) {
if (iter < ARRAY_SIZE(selinux_policycap_names))
- dentry = d_alloc_name(dir,
- selinux_policycap_names[iter]);
+ name = selinux_policycap_names[iter];
else
- dentry = d_alloc_name(dir, "unknown");
-
- if (dentry == NULL)
- return -ENOMEM;
+ name = "unknown";
inode = sel_make_inode(sb, S_IFREG | 0444);
- if (inode == NULL) {
- dput(dentry);
+ if (!inode)
return -ENOMEM;
- }
inode->i_fop = &sel_policycap_ops;
inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET;
- d_add(dentry, inode);
+ err = sel_attach_file(dir, name, inode);
}
- return 0;
+ return err;
}
static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
unsigned long *ino)
{
- struct dentry *dentry = d_alloc_name(dir, name);
struct inode *inode;
- if (!dentry)
- return ERR_PTR(-ENOMEM);
-
inode = sel_make_inode(dir->d_sb, S_IFDIR | S_IRUGO | S_IXUGO);
- if (!inode) {
- dput(dentry);
+ if (!inode)
return ERR_PTR(-ENOMEM);
- }
inode->i_op = &simple_dir_inode_operations;
inode->i_fop = &simple_dir_operations;
inode->i_ino = ++(*ino);
/* directory inodes start off with i_nlink == 2 (for "." entry) */
inc_nlink(inode);
- d_add(dentry, inode);
/* bump link count on parent directory, too */
inc_nlink(d_inode(dir));
- return dentry;
+ return sel_attach(dir, name, inode);
}
static int reject_all(struct mnt_idmap *idmap, struct inode *inode, int mask)
@@ -2020,17 +1997,10 @@ static int sel_fill_super(struct super_block *sb, struct fs_context *fc)
goto err;
}
- ret = -ENOMEM;
- dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME);
- if (!dentry)
- goto err;
-
ret = -ENOMEM;
inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO);
- if (!inode) {
- dput(dentry);
+ if (!inode)
goto err;
- }
inode->i_ino = ++fsi->last_ino;
isec = selinux_inode(inode);
@@ -2039,7 +2009,9 @@ static int sel_fill_super(struct super_block *sb, struct fs_context *fc)
isec->initialized = LABEL_INITIALIZED;
init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3));
- d_add(dentry, inode);
+ ret = sel_attach_file(sb->s_root, NULL_FILE_NAME, inode);
+ if (ret)
+ goto err;
dentry = sel_make_dir(sb->s_root, "avc", &fsi->last_ino);
if (IS_ERR(dentry)) {
next prev parent reply other threads:[~2025-09-22 3:52 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-20 7:41 [PATCHES][RFC] the meat of tree-in-dcache series Al Viro
2025-09-20 7:47 ` [PATCH 01/39] new helper: simple_remove_by_name() Al Viro
2025-09-20 7:47 ` [PATCH 02/39] new helper: simple_done_creating() Al Viro
2025-09-20 7:47 ` [PATCH 03/39] introduce a flag for explicitly marking persistently pinned dentries Al Viro
2025-09-20 7:47 ` [PATCH 04/39] primitives for maintaining persisitency Al Viro
2025-09-20 7:47 ` [PATCH 05/39] convert simple_{link,unlink,rmdir,rename,fill_super}() to new primitives Al Viro
2025-09-20 7:47 ` [PATCH 06/39] convert ramfs and tmpfs Al Viro
2025-09-20 7:47 ` [PATCH 07/39] procfs: make /self and /thread_self dentries persistent Al Viro
2025-09-20 7:47 ` [PATCH 08/39] configfs, securityfs: kill_litter_super() not needed Al Viro
2025-09-24 16:56 ` Joel Becker
2025-09-20 7:47 ` [PATCH 09/39] convert xenfs Al Viro
2025-09-20 7:47 ` [PATCH 10/39] convert smackfs Al Viro
2025-09-22 15:11 ` Casey Schaufler
2025-09-20 7:47 ` [PATCH 11/39] convert hugetlbfs Al Viro
2025-09-20 7:47 ` [PATCH 12/39] convert mqueue Al Viro
2025-09-20 7:47 ` [PATCH 13/39] convert bpf Al Viro
2025-09-20 7:47 ` [PATCH 14/39] convert dlmfs Al Viro
2025-09-20 7:47 ` [PATCH 15/39] convert fuse_ctl Al Viro
2025-09-20 7:47 ` [PATCH 16/39] convert pstore Al Viro
2025-09-20 7:47 ` [PATCH 17/39] convert tracefs Al Viro
2025-09-20 7:47 ` [PATCH 18/39] convert debugfs Al Viro
2025-09-23 8:10 ` Greg KH
2025-09-20 7:47 ` [PATCH 19/39] debugfs: remove duplicate checks in callers of start_creating() Al Viro
2025-09-23 8:10 ` Greg KH
2025-09-20 7:47 ` [PATCH 20/39] convert efivarfs Al Viro
2025-09-20 7:47 ` [PATCH 21/39] convert spufs Al Viro
2025-09-20 7:47 ` [PATCH 22/39] convert ibmasmfs Al Viro
2025-09-20 7:47 ` [PATCH 23/39] ibmasmfs: get rid of ibmasmfs_dir_ops Al Viro
2025-09-20 7:47 ` [PATCH 24/39] convert devpts Al Viro
2025-09-20 7:47 ` [PATCH 25/39] binderfs: use simple_start_creating() Al Viro
2025-09-20 7:47 ` [PATCH 26/39] binderfs_binder_ctl_create(): kill a bogus check Al Viro
2025-09-20 7:47 ` [PATCH 27/39] convert binderfs Al Viro
2025-09-20 7:47 ` [PATCH 28/39] autofs_{rmdir,unlink}: dentry->d_fsdata->dentry == dentry there Al Viro
2025-09-20 7:47 ` [PATCH 29/39] convert autofs Al Viro
2025-09-20 7:47 ` [PATCH 30/39] convert binfmt_misc Al Viro
2025-09-20 7:47 ` [PATCH 31/39] convert selinuxfs Al Viro
2025-09-21 20:44 ` Paul Moore
2025-09-21 21:41 ` Al Viro
2025-09-22 2:45 ` Paul Moore
2025-09-22 12:34 ` Stephen Smalley
2025-09-22 13:46 ` Al Viro
2025-09-22 21:12 ` John Johansen
2025-09-21 22:26 ` Al Viro
2025-09-22 2:50 ` Paul Moore
2025-09-22 3:52 ` Al Viro [this message]
2025-09-20 7:47 ` [PATCH 32/39] functionfs: switch to simple_remove_by_name() Al Viro
2025-09-20 7:47 ` [PATCH 33/39] convert functionfs Al Viro
2025-09-20 7:47 ` [PATCH 34/39] gadgetfs: switch to simple_remove_by_name() Al Viro
2025-09-20 7:47 ` [PATCH 35/39] convert gadgetfs Al Viro
2025-09-20 7:47 ` [PATCH 36/39] hypfs: don't pin dentries twice Al Viro
2025-09-20 7:47 ` [PATCH 37/39] hypfs: switch hypfs_create_str() to returning int Al Viro
2025-09-20 7:47 ` [PATCH 38/39] hypfs: swich hypfs_create_u64() " Al Viro
2025-09-20 7:47 ` [PATCH 39/39] convert hypfs Al Viro
2025-09-20 16:26 ` [PATCHES][RFC] the meat of tree-in-dcache series Linus Torvalds
2025-09-20 18:09 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250922035218.GP39973@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=a.hindborg@kernel.org \
--cc=borntraeger@linux.ibm.com \
--cc=brauner@kernel.org \
--cc=casey@schaufler-ca.com \
--cc=gregkh@linuxfoundation.org \
--cc=jack@suse.cz \
--cc=kees@kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-usb@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=miklos@szeredi.hu \
--cc=ocfs2-devel@lists.linux.dev \
--cc=paul@paul-moore.com \
--cc=raven@themaw.net \
--cc=rostedt@goodmis.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.