selinux: pre-allocate the status page

Since the status page is currently only allocated on first use, the
sequence number of the initial policyload (i.e. 1) is not stored,
leading to the observable sequence of 0, 2, 3, 4, ...

Try to pre-allocate the status page during the initialization of the
selinuxfs, so selinux_status_update_policyload() will set the sequence
number.

This brings the status page to return the actual sequence number for the
initial policy load, which is also observable via the netlink socket.
I could not find any occurrence where userspace depends on the actual
value returned by selinux_status_policyload(3), thus the breakage should
be unnoticed.

Closes: https://lore.kernel.org/selinux/87o7fmua12.fsf@redhat.com/
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
[PM: trimmed 'reported-by' that was missing an email]
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index d18581d741e8a602345ef8729a92363fa714a27f..17a2df4d5eb9971ff48e4788be16a5e73f80d259 100644 (file)
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -2161,6 +2161,12 @@ static int __init init_sel_fs(void)
                selinux_null.dentry = NULL;
        }
 
+       /*
+        * Try to pre-allocate the status page, so the sequence number of the
+        * initial policy load can be stored.
+        */
+       (void) selinux_kernel_status_page();
+
        return err;
 }