From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Wed, 15 May 2024 15:36:30 +0000 (-0700)
Subject: Merge tag 'selinux-pr-20240513' of git://git.kernel.org/pub/scm/linux/kernel/git... 
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=ccae19c6239ae810242d2edc03b02bdcc12fc5ab;p=linux.git

Merge tag 'selinux-pr-20240513' of git://git./linux/kernel/git/pcmoore/selinux

Pull selinux updates from Paul Moore:

 - Attempt to pre-allocate the SELinux status page so it doesn't appear
   to userspace that we are skipping SELinux policy sequence numbers

 - Reject invalid SELinux policy bitmaps with an error at policy load
   time

 - Consistently use the same type, u32, for ebitmap offsets

 - Improve the "symhash" hash function for better distribution on common
   policies

 - Correct a number of printk format specifiers in the ebitmap code

 - Improved error checking in sel_write_load()

 - Ensure we have a proper return code in the
   filename_trans_read_helper_compat() function

 - Make better use of the current_sid() helper function

 - Allow for more hash table statistics when debugging is enabled

 - Migrate from printk_ratelimit() to pr_warn_ratelimited()

 - Miscellaneous cleanups and tweaks to selinux_lsm_getattr()

 - More consitification work in the conditional policy space

* tag 'selinux-pr-20240513' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: constify source policy in cond_policydb_dup()
  selinux: avoid printk_ratelimit()
  selinux: pre-allocate the status page
  selinux: clarify return code in filename_trans_read_helper_compat()
  selinux: use u32 as bit position type in ebitmap code
  selinux: improve symtab string hashing
  selinux: dump statistics for more hash tables
  selinux: make more use of current_sid()
  selinux: update numeric format specifiers for ebitmaps
  selinux: improve error checking in sel_write_load()
  selinux: cleanup selinux_lsm_getattr()
  selinux: reject invalid ebitmaps
---

ccae19c6239ae810242d2edc03b02bdcc12fc5ab
diff --cc security/selinux/selinuxfs.c
index 074d6c2714eb5,17a2df4d5eb99..e172f182b65cc
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@@ -2158,9 -2159,14 +2160,15 @@@ static int __init init_sel_fs(void
  		pr_err("selinuxfs:  could not lookup null!\n");
  		err = PTR_ERR(selinux_null.dentry);
  		selinux_null.dentry = NULL;
 +		return err;
  	}
  
+ 	/*
+ 	 * Try to pre-allocate the status page, so the sequence number of the
+ 	 * initial policy load can be stored.
+ 	 */
+ 	(void) selinux_kernel_status_page();
+ 
  	return err;
  }