linux-next: manual merge of the selinux tree with Linus' tree

From: Stephen Rothwell
Date: Wed Nov 09 2022 - 20:44:47 EST

Next message: Shuah Khan: "Re: [PATCH v2 1/2] selftests: proc: Fix proc-empty-vm build error on non x86_64"
Previous message: Andre Przywara: "[RFC PATCH 2/2] pinctrl: sunxi: Add support for the Allwinner V5 pin controller"
Next in thread: Paul Moore: "Re: linux-next: manual merge of the selinux tree with Linus' tree"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,

Today's linux-next merge of the selinux tree got conflicts in:

security/selinux/ss/services.c
security/selinux/ss/sidtab.c
security/selinux/ss/sidtab.h

between commit:

abe3c631447d ("selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()")

from Linus' tree and commit:

048be156491f ("selinux: remove the sidtab context conversion indirect calls")

from the selinux tree.

I fixed it up (see below) and applied the following merge fix patch
as well and can carry the fix as necessary. This is now fixed as far as
linux-next is concerned, but any non trivial conflicts should be mentioned
to your upstream maintainer when your tree is submitted for merging.
You may also want to consider cooperating with the maintainer of the
conflicting tree to minimise any particularly complex conflicts.

From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
Date: Thu, 10 Nov 2022 12:38:01 +1100
Subject: [PATCH] selinux: fix up for "selinux: enable use of both GFP_KERNEL
and GFP_ATOMIC in convert_context()"

Signed-off-by: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
---
security/selinux/ss/services.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/security/selinux/ss/services.h b/security/selinux/ss/services.h
index 6348c95ff0e5..c4301626487f 100644
--- a/security/selinux/ss/services.h
+++ b/security/selinux/ss/services.h
@@ -41,6 +41,7 @@ void services_compute_xperms_decision(struct extended_perms_decision *xpermd,
struct avtab_node *node);

int services_convert_context(struct convert_context_args *args,
- struct context *oldc, struct context *newc);
+ struct context *oldc, struct context *newc,
+ gfp_t gfp_flags);

#endif /* _SS_SERVICES_H_ */
--
2.35.1

--
Cheers,
Stephen Rothwell

diff --cc security/selinux/ss/services.c
index 64a6a37dc36d,e63c4f942fd6..9086c4ea0255
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@@ -2014,18 -2008,20 +2008,21 @@@ static inline int convert_context_handl
return 0;
}

- /*
- * Convert the values in the security context
- * structure `oldc' from the values specified
- * in the policy `p->oldp' to the values specified
- * in the policy `p->newp', storing the new context
- * in `newc'. Verify that the context is valid
- * under the new policy.
+ /**
+ * services_convert_context - Convert a security context across policies.
+ * @args: populated convert_context_args struct
+ * @oldc: original context
+ * @newc: converted context
+ *
+ * Convert the values in the security context structure @oldc from the values
+ * specified in the policy @args->oldp to the values specified in the policy
+ * @args->newp, storing the new context in @newc, and verifying that the
+ * context is valid under the new policy.
*/
- static int convert_context(struct context *oldc, struct context *newc, void *p,
- gfp_t gfp_flags)
+ int services_convert_context(struct convert_context_args *args,
- struct context *oldc, struct context *newc)
++ struct context *oldc, struct context *newc,
++ gfp_t gfp_flags)
{
- struct convert_context_args *args;
struct ocontext *oc;
struct role_datum *role;
struct type_datum *typdatum;
@@@ -2034,10 -2030,8 +2031,8 @@@
u32 len;
int rc;

- args = p;
-
if (oldc->str) {
- s = kstrdup(oldc->str, GFP_KERNEL);
+ s = kstrdup(oldc->str, gfp_flags);
if (!s)
return -ENOMEM;

diff --cc security/selinux/ss/sidtab.c
index db5cce385bf8,1c3d2cda6b92..38d25173aebd
--- a/security/selinux/ss/sidtab.c
+++ b/security/selinux/ss/sidtab.c
@@@ -324,8 -327,8 +327,9 @@@ int sidtab_context_to_sid(struct sidta
goto out_unlock;
}

- rc = convert->func(context, &dst_convert->context,
- convert->args, GFP_ATOMIC);
+ rc = services_convert_context(convert->args,
- context, &dst_convert->context);
++ context, &dst_convert->context,
++ GFP_ATOMIC);
if (rc) {
context_destroy(&dst->context);
goto out_unlock;
@@@ -402,9 -405,9 +406,10 @@@ static int sidtab_convert_tree(union si
}
i = 0;
while (i < SIDTAB_LEAF_ENTRIES && *pos < count) {
- rc = convert->func(&esrc->ptr_leaf->entries[i].context,
- &edst->ptr_leaf->entries[i].context,
- convert->args, GFP_KERNEL);
+ rc = services_convert_context(convert->args,
+ &esrc->ptr_leaf->entries[i].context,
- &edst->ptr_leaf->entries[i].context);
++ &edst->ptr_leaf->entries[i].context,
++ GFP_KERNEL);
if (rc)
return rc;
(*pos)++;

Attachment: pgp0yUTgPqhSS.pgp
Description: OpenPGP digital signature

Next message: Shuah Khan: "Re: [PATCH v2 1/2] selftests: proc: Fix proc-empty-vm build error on non x86_64"
Previous message: Andre Przywara: "[RFC PATCH 2/2] pinctrl: sunxi: Add support for the Allwinner V5 pin controller"
Next in thread: Paul Moore: "Re: linux-next: manual merge of the selinux tree with Linus' tree"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]