[v3,0/2] selinux: parse sids earlier to avoid doing memory allocations under spinlock

Message

Scott Mayhew Jan. 31, 2022, 6:57 p.m. UTC

selinux_sb_mnt_opts_compat() is called under the sb_lock spinlock and
shouldn't be performing any memory allocations. 

The first patch fixes this by parsing the sids at the same time the
context mount options are being parsed from the mount options string
and storing the parsed sids in the selinux_mnt_opts struct. 

The second patch adds logic to selinux_set_mnt_opts() and
selinux_sb_remount() that checks to see if a sid has already been
parsed before calling parse_sid(), and adds the parsed sids to the
data being copied in selinux_fs_context_dup().

Scott Mayhew (2):
  selinux: Fix selinux_sb_mnt_opts_compat()
  selinux: try to use preparsed sid before calling parse_sid()

 security/selinux/hooks.c | 147 ++++++++++++++++++++++++---------------
 1 file changed, 92 insertions(+), 55 deletions(-)

Comments

Paul Moore Feb. 1, 2022, 9:44 p.m. UTC | #1

On Mon, Jan 31, 2022 at 1:57 PM Scott Mayhew <smayhew@redhat.com> wrote:
>
> selinux_sb_mnt_opts_compat() is called under the sb_lock spinlock and
> shouldn't be performing any memory allocations.
>
> The first patch fixes this by parsing the sids at the same time the
> context mount options are being parsed from the mount options string
> and storing the parsed sids in the selinux_mnt_opts struct.
>
> The second patch adds logic to selinux_set_mnt_opts() and
> selinux_sb_remount() that checks to see if a sid has already been
> parsed before calling parse_sid(), and adds the parsed sids to the
> data being copied in selinux_fs_context_dup().
>
> Scott Mayhew (2):
>   selinux: Fix selinux_sb_mnt_opts_compat()
>   selinux: try to use preparsed sid before calling parse_sid()
>
>  security/selinux/hooks.c | 147 ++++++++++++++++++++++++---------------
>  1 file changed, 92 insertions(+), 55 deletions(-)

Merged both into selinux/next, thanks Scott.