Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp901752pxb; Tue, 1 Feb 2022 12:47:54 -0800 (PST) X-Google-Smtp-Source: ABdhPJxPfprpkN3eYwovR41guAZWYhhhVm2wvY32noFrZmnHbMe+1E/nYp2lT8LvXtZBBM/h+6cC X-Received: by 2002:a63:d0:: with SMTP id 199mr9577155pga.606.1643748473979; Tue, 01 Feb 2022 12:47:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643748473; cv=none; d=google.com; s=arc-20160816; b=deFpDn2nfloIAYP3i3Rww2ll88SiqBy1gfLX2Gdk2T/hq+uHsd2IGikrQ57ZEUVt0w 3ETBgzREIcmauSi+uZY3q1jlgai05wfekxuTL5VKPLUK82zVgnMJxpS1U3XPaPkNbfqx M9Y4B8ReaXlYpZwy94vGLOIkGMj1U0xLaIe+shjT5lsqZPHlKF3KHPx6zKtqPWdsgnLI 8nyVXDI9ZuRipDUalIJfWl/XFXMykIE8XpFv+xVWAB9w6477U0vEyiBlcKUuzV6zE0tb Ou4HupmDsvlI4q+lMLFCsPzYUvh+nwg2cd73PnJiDsYxZZ7WLN7d2z2bEl/SfqYmH2bG qfYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=oXtMZkUkvrgyWY3ORHNkYE0XqNRKdArTE3bzzRFmsfc=; b=Wp7nw6crz33b+cODbsDliFKriLZ7uqBtGICoS666idN1TDsWvXhm3Q7ha/WcMrRdsG 5dkGpo80vQdrrsg6mOXG10R6OPF1Vym2SLbTx1g5LHNL8J8OMHu6A8GwtTrcAZTP3/AN a/gkS3WzdJ6RPebfGHypSejs25pma5G/LWypbLPRmhq3fGwJ9h+pQhDZblRsFpDp3jB4 p044pQDO9eD7LdSd9QvvczzXx0nbKx8kLQAqceMfPsPMBvw9sgjDOgf0ac+3i/i4tpqF CoSfLRPyZV2af53KAlBa/deFg8VUxDzsY1j+URZwtsL7hu+7EOfW6IrIOTkUopN5xCay vdHw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="M/5tIwxF"; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b2si19514884plh.279.2022.02.01.12.47.41; Tue, 01 Feb 2022 12:47:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="M/5tIwxF"; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1358744AbiAaS6B (ORCPT + 99 others); Mon, 31 Jan 2022 13:58:01 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:43790 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1358833AbiAaS5q (ORCPT ); Mon, 31 Jan 2022 13:57:46 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1643655465; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=oXtMZkUkvrgyWY3ORHNkYE0XqNRKdArTE3bzzRFmsfc=; b=M/5tIwxFbH730blBxnX+S5sAVoN6E7G65wedr8rd/O3Ed0bJq5/OtRBBQvgCrcNZT4Wut+ DWQWqx0pRgsDW/cxKA6yiMU37fTGX+mg5aTYK9NMW7WRL3gGy7f2fr6yn11kgUtKivZ/Fb NVnBnkFuD2hMX8YDWIdIzfRArrk2Kb4= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-410-xKKkJa5ZOzWGjmcaNKWsLQ-1; Mon, 31 Jan 2022 13:57:39 -0500 X-MC-Unique: xKKkJa5ZOzWGjmcaNKWsLQ-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1EA4F86A8A6; Mon, 31 Jan 2022 18:57:38 +0000 (UTC) Received: from aion.usersys.redhat.com (unknown [10.22.17.55]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 029EE7A441; Mon, 31 Jan 2022 18:57:38 +0000 (UTC) Received: by aion.usersys.redhat.com (Postfix, from userid 1000) id 3FE5E1A001F; Mon, 31 Jan 2022 13:57:37 -0500 (EST) From: Scott Mayhew To: paul@paul-moore.com Cc: selinux@vger.kernel.org, linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3 0/2] selinux: parse sids earlier to avoid doing memory allocations under spinlock Date: Mon, 31 Jan 2022 13:57:35 -0500 Message-Id: <20220131185737.1640824-1-smayhew@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org selinux_sb_mnt_opts_compat() is called under the sb_lock spinlock and shouldn't be performing any memory allocations. The first patch fixes this by parsing the sids at the same time the context mount options are being parsed from the mount options string and storing the parsed sids in the selinux_mnt_opts struct. The second patch adds logic to selinux_set_mnt_opts() and selinux_sb_remount() that checks to see if a sid has already been parsed before calling parse_sid(), and adds the parsed sids to the data being copied in selinux_fs_context_dup(). Scott Mayhew (2): selinux: Fix selinux_sb_mnt_opts_compat() selinux: try to use preparsed sid before calling parse_sid() security/selinux/hooks.c | 147 ++++++++++++++++++++++++--------------- 1 file changed, 92 insertions(+), 55 deletions(-) -- 2.31.1