Hi Linus, Thirty three SELinux patches for the Linux v6.6 merge window, which is a pretty number for us, but there isn't really anything scary in here; in fact we actually manage to remove 10 lines of code with this pull request :) - Promote the SELinux DEBUG_HASHES macro to CONFIG_SECURITY_SELINUX_DEBUG The DEBUG_HASHES macro was a buried SELinux specific preprocessor debug macro that was a problem waiting to happen. Promoting the debug macro to a proper Kconfig setting should help both improve the visibility of the feature as well enable improved test coverage. We've moved some additional debug functions under the CONFIG_SECURITY_SELINUX_DEBUG flag and we may see more work in the future. - Emit a pr_notice() message if virtual memory is executable by default As this impacts the SELinux access control policy enforcement, if the system's configuration is such that virtual memory is executable by default we print a single line notice to the console. - Drop avtab_search() in favor of avtab_search_node() Both functions are nearly identical so we removed avtab_search() and converted the callers to avtab_search_node(). - Add some SELinux network auditing helpers The helpers not only reduce a small amount of code duplication, but they provide an opportunity to improve UDP flood performance slightly by delaying initialization of the audit data in some cases. - Convert GFP_ATOMIC allocators to GFP_KERNEL when reading SELinux policy There were two SELinux policy load helper functions that were allocating memory using GFP_ATOMIC, they have been converted to GFP_KERNEL. - Quiet a KMSAN warning in selinux_inet_conn_request() A one-line error path (re)set patch that resolves a KMSAN warning. It is important to note that this doesn't represent a real bug in the current code, but it quiets KMSAN and arguably hardens the code against future changes. - Cleanup the policy capability accessor functions This is a follow-up to the patch which reverted SELinux to using a global selinux_state pointer. This patch cleans up some artifacts of that change and turns each accessor into a one-line READ_ONCE() call into the policy capabilities array. - A number of patches from Christian Göttsche Christian submitted almost two-thirds of the patches in this pull request as he worked to harden the SELinux code against type differences, variable overflows, etc. - Support for separating early userspace from the kernel in policy, with a later revert We did have a patch that added a new userspace initial SID which would allow SELinux to distinguish between early user processes created before the initial policy load and the kernel itself. Unfortunately additional post-merge testing revealed a problematic interaction with an old SELinux userspace on an old version of Ubuntu so we've reverted the patch until we can resolve the compatibility issue. - Remove some outdated comments dealing with LSM hook registration When we removed the runtime disable functionality we forgot to remove some old comments discussing the importance of LSM hook registration ordering. - Minor administrative changes Stephen Smalley updated his email address and "debranded" SELinux from "NSA SELinux" to simply "SELinux". We've come a long way from the original NSA submission and I would consider SELinux a true community project at this point so removing the NSA branding just makes sense. Please merge, -Paul -- The following changes since commit 06c2afb862f9da8dc5efa4b6076a0e48c3fbaaa5: Linux 6.5-rc1 (2023-07-09 13:53:13 -0700) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git tags/selinux-pr-20230829 for you to fetch changes up to 1df83cbf23a27174aee6ea5e52462f03f7e48a10: selinux: prevent KMSAN warning in selinux_inet_conn_request() (2023-08-15 18:23:22 -0400) ---------------------------------------------------------------- selinux/stable-6.6 PR 20230829 ---------------------------------------------------------------- Andrew Kanner (1): selinux: prevent KMSAN warning in selinux_inet_conn_request() Christian Göttsche (24): selinux: check for multiplication overflow in put_entry() selinux: avoid avtab overflows selinux: consistently use u32 as sequence number type in the status code selinux: avoid implicit conversions in the netif code selinux: avoid implicit conversions in the AVC code selinux: avoid implicit conversions in the LSM hooks selinux: use consistent type for AV rule specifier selinux: fix implicit conversions in the symtab selinux: avoid implicit conversions regarding enforcing status selinux: drop avtab_search() selinux: add missing newlines in pr_err() statements selinux: introduce SECURITY_SELINUX_DEBUG configuration selinux: log about VM being executable by default selinux: move debug functions into debug configuration selinux: use identical iterator type in hashtab_duplicate() selinux: avoid implicit conversions in mls code selinux: avoid implicit conversions in services code selinux: use GFP_KERNEL while reading binary policy selinux: avoid implicit conversions in avtab code selinux: update type for number of class permissions in services code selinux: make left shifts well defined selinux: avoid implicit conversions in selinuxfs code selinux: avoid implicit conversions in policydb code selinux: use unsigned iterator in nlmsgtab code Ondrej Mosnacek (1): selinux: introduce an initial SID for early boot processes Paolo Abeni (1): selinux: introduce and use lsm_ad_net_init*() helpers Paul Moore (3): selinux: cleanup the policycap accessor functions selinux: fix a 0/NULL mistmatch in ad_net_init_from_iif() selinux: revert SECINITSID_INIT support Stephen Smalley (2): selinux: de-brand SELinux selinux: update my email address Xiu Jianfeng (1): selinux: update comment on selinux_hooks[] security/selinux/Kconfig | 25 ++++-- security/selinux/avc.c | 17 ++-- security/selinux/hooks.c | 122 ++++++++++++------------- security/selinux/include/avc.h | 2 +- security/selinux/include/avc_ss.h | 2 +- security/selinux/include/objsec.h | 4 +- security/selinux/include/policycap_names.h | 2 +- security/selinux/include/security.h | 45 ++++------- security/selinux/netif.c | 4 +- security/selinux/netlabel.c | 1 + security/selinux/nlmsgtab.c | 3 +- security/selinux/selinuxfs.c | 28 ++++--- security/selinux/ss/avtab.c | 66 +++++----------- security/selinux/ss/avtab.h | 12 ++- security/selinux/ss/conditional.c | 4 +- security/selinux/ss/constraint.h | 2 +- security/selinux/ss/context.h | 2 +- security/selinux/ss/ebitmap.c | 2 +- security/selinux/ss/ebitmap.h | 2 +- security/selinux/ss/hashtab.c | 8 +- security/selinux/ss/hashtab.h | 8 +- security/selinux/ss/mls.c | 12 +-- security/selinux/ss/mls.h | 2 +- security/selinux/ss/mls_types.h | 2 +- security/selinux/ss/policydb.c | 98 ++++++++++++----------- security/selinux/ss/policydb.h | 9 ++- security/selinux/ss/services.c | 54 ++++++------- security/selinux/ss/services.h | 4 +- security/selinux/ss/sidtab.c | 2 +- security/selinux/ss/sidtab.h | 2 +- security/selinux/ss/symtab.c | 4 +- security/selinux/ss/symtab.h | 4 +- security/selinux/status.c | 6 +- security/selinux/xfrm.c | 2 +- 34 files changed, 276 insertions(+), 286 deletions(-) -- paul-moore.com
