From patchwork Wed Jan 6 13:26:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ondrej Mosnacek X-Patchwork-Id: 12001627 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8248BC433E9 for ; Wed, 6 Jan 2021 13:28:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 444542311A for ; Wed, 6 Jan 2021 13:28:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726439AbhAFN2D (ORCPT ); Wed, 6 Jan 2021 08:28:03 -0500 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:38929 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726430AbhAFN2C (ORCPT ); Wed, 6 Jan 2021 08:28:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1609939596; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zih4Bfaq/tVIh8oxdOY97CMjx0ttgE9uKFS1bihmBb0=; b=YsMS7w9A12o27P1wnjbFGOpiEIH1DQ8yR0e5AWJ3IvoCwQ0HnGngz4h8Ebk5U/P0uiX3/k T5Pp1ycNaHkSZuWJWoXuxFpIY+2TuJYFGFBHT8tQ6FWYp77hpT39Z5kdviGAF2xA3NowNk h3/adlYaPeGYeu8lCZ0yXehfIb+tPk8= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-124-0S3iigdxPviSX4bErSURoA-1; Wed, 06 Jan 2021 08:26:32 -0500 X-MC-Unique: 0S3iigdxPviSX4bErSURoA-1 Received: by mail-ej1-f69.google.com with SMTP id ov1so1309999ejb.1 for ; Wed, 06 Jan 2021 05:26:32 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=zih4Bfaq/tVIh8oxdOY97CMjx0ttgE9uKFS1bihmBb0=; b=D7MpyUgziPouOc9nRd++WPNiAU45OKhubuBVmyKSyuPbEBSyAajZzZQT2vinzglgna JKbOQiNL3mhGcv4UGSuxSwGAXyffxLZ21s/mbdDYaL7loiwIjc8W5dt45uvo72DaUsA5 qGSGuEdppROsaOnJqBlcy0DbYEfU4zaQibzmbWSFQWBgq/jUgOc7KbJ1LShsxp60IA7X 6AKalg25HGhgVEpazueBt0NdUa5ItysfaFXnsSayOpjpc6z53UoBdMqtCCwj6WJIDWbU Q15b7zpFZKK/zYnqvxZLpBedmI2El4Z0Ox3aAJlivGYac0ZF9K+FGkApkaKQyrLyK725 jSww== X-Gm-Message-State: AOAM530OpFU6zAylecoNsx/LqvY4NfYKZ8Sn6oag1hdsj7UABlHG41ol Gp3nOv5OBAhRDK+sVmlSw1lXIdbG+IokLtY5QfM9VkbzOCh90mf71MAm+/elPeP9L9nB19Ib4XQ Nb5Uqa4gN5HruT226zFuQONxQEkF38SA47gYXvndiAn00BGWwYDGtQD7nljq7YIrfZcr10Q== X-Received: by 2002:a50:f392:: with SMTP id g18mr4008717edm.306.1609939591082; Wed, 06 Jan 2021 05:26:31 -0800 (PST) X-Google-Smtp-Source: ABdhPJzIeEdxpSFApb+WZ3MR7lIvwESJ+4g6sj5pwOpPy5AMvTiS/0wMHJvudZB28kcTc8WImZ63ng== X-Received: by 2002:a50:f392:: with SMTP id g18mr4008707edm.306.1609939590918; Wed, 06 Jan 2021 05:26:30 -0800 (PST) Received: from omos.redhat.com ([2a02:8308:b105:dd00:277b:6436:24db:9466]) by smtp.gmail.com with ESMTPSA id bm12sm1225893ejb.117.2021.01.06.05.26.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Jan 2021 05:26:30 -0800 (PST) From: Ondrej Mosnacek To: selinux@vger.kernel.org, Paul Moore Cc: Paolo Abeni Subject: [PATCH 1/5] selinux: remove unused global variables Date: Wed, 6 Jan 2021 14:26:18 +0100 Message-Id: <20210106132622.1122033-2-omosnace@redhat.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210106132622.1122033-1-omosnace@redhat.com> References: <20210106132622.1122033-1-omosnace@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org All of sel_ib_pkey_list, sel_netif_list, sel_netnode_list, and sel_netport_list are declared but never used. Remove them. Signed-off-by: Ondrej Mosnacek --- security/selinux/ibpkey.c | 1 - security/selinux/netif.c | 1 - security/selinux/netnode.c | 1 - security/selinux/netport.c | 1 - 4 files changed, 4 deletions(-) diff --git a/security/selinux/ibpkey.c b/security/selinux/ibpkey.c index f68a7617cfb95..dbd8fe028b3f2 100644 --- a/security/selinux/ibpkey.c +++ b/security/selinux/ibpkey.c @@ -40,7 +40,6 @@ struct sel_ib_pkey { struct rcu_head rcu; }; -static LIST_HEAD(sel_ib_pkey_list); static DEFINE_SPINLOCK(sel_ib_pkey_lock); static struct sel_ib_pkey_bkt sel_ib_pkey_hash[SEL_PKEY_HASH_SIZE]; diff --git a/security/selinux/netif.c b/security/selinux/netif.c index 86813b46fad5f..1ab03efe74947 100644 --- a/security/selinux/netif.c +++ b/security/selinux/netif.c @@ -36,7 +36,6 @@ struct sel_netif { }; static u32 sel_netif_total; -static LIST_HEAD(sel_netif_list); static DEFINE_SPINLOCK(sel_netif_lock); static struct list_head sel_netif_hash[SEL_NETIF_HASH_SIZE]; diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c index 461fb548453ab..4a7d2ab5b9609 100644 --- a/security/selinux/netnode.c +++ b/security/selinux/netnode.c @@ -54,7 +54,6 @@ struct sel_netnode { * if this becomes a problem we can always add a hash table for each address * family later */ -static LIST_HEAD(sel_netnode_list); static DEFINE_SPINLOCK(sel_netnode_lock); static struct sel_netnode_bkt sel_netnode_hash[SEL_NETNODE_HASH_SIZE]; diff --git a/security/selinux/netport.c b/security/selinux/netport.c index d340f4dcdf5f0..b8bc3897891d9 100644 --- a/security/selinux/netport.c +++ b/security/selinux/netport.c @@ -53,7 +53,6 @@ struct sel_netport { * if this becomes a problem we can always add a hash table for each address * family later */ -static LIST_HEAD(sel_netport_list); static DEFINE_SPINLOCK(sel_netport_lock); static struct sel_netport_bkt sel_netport_hash[SEL_NETPORT_HASH_SIZE]; From patchwork Wed Jan 6 13:26:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ondrej Mosnacek X-Patchwork-Id: 12001619 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3C771C433E6 for ; Wed, 6 Jan 2021 13:28:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 123E52311C for ; Wed, 6 Jan 2021 13:28:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726442AbhAFN2B (ORCPT ); Wed, 6 Jan 2021 08:28:01 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:52597 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726430AbhAFN2B (ORCPT ); Wed, 6 Jan 2021 08:28:01 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1609939594; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wTI5SKw4scWN+HP6705lJF5/x9BwGfvJaifgReVSZ+U=; b=C8cU1XeMpIqzOhIhdS0puzC9MUrqS0i0HHCpi3W7xhM6qb7TrHc5djPmPvueqSh+1RaVik 6TWNEEbl2dd8cGGzxvr8IqSfE44Wt/dGqTsTQcrZlAIDZuEw3oqyvdLElIVZ6Zj4CVQv5Z mUs+P0sc4RqwDwGnE8NL/4jd4BFpbf0= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-205-2MjxFX2lNpSVBuIEygthRg-1; Wed, 06 Jan 2021 08:26:33 -0500 X-MC-Unique: 2MjxFX2lNpSVBuIEygthRg-1 Received: by mail-ej1-f70.google.com with SMTP id y14so1296058ejf.11 for ; Wed, 06 Jan 2021 05:26:33 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=wTI5SKw4scWN+HP6705lJF5/x9BwGfvJaifgReVSZ+U=; b=s6nrZ7jA7hC8WprsUq8gX4SxqbHkjIdHqfn/IPJtlM0g4fyP6f5XubQCrZ5GTuPQrY Nuw3adF3BBmPcw1HXUDdu25lg0ZPm0+dzXBHYXdkvK093LmwsmQbtY5foufonFbWSM30 CjALVRnAzHx/zYCZ9LzAfvu/it6QH8izdfq9DBpu44bB95Pb88e6EyJ8onol8MMYxnW6 9ORXOnzQd8iclpZnrkFi2DfmFIWum/xWwNV+hWPNZ09TuA4QCi5W0Hxajtdq/bcBPMet 6TtfEc3P3ArlDVBUiz93BFYK4hE+zNd84RCMjyMpWLXo0MW5zodZ8hVHFGTzxQdW+5bo RX/A== X-Gm-Message-State: AOAM532imHMGt7vXetdAftojqLCyAoRJhFa9/Dow8rP1reUoeMebTMtc +zUeOxMs9OfyfIozS6j/xS1KU7OC2U/3mXvp7ENApQVes8EyKLdiDdFacvx1ZaNa1gSK5CstGY+ djKeuPGjhyVtGSx6LfrUX+z/UzoWQzUWhf2bEkkmoesDUfq5odt7xLH8hGm1/P9ieZ1eFew== X-Received: by 2002:a17:907:4332:: with SMTP id ni2mr2917253ejb.422.1609939592084; Wed, 06 Jan 2021 05:26:32 -0800 (PST) X-Google-Smtp-Source: ABdhPJzZ0n6e65n30Q56GF374U+UFHw/QtpKk8regNmVE7jb66jKrfQBOKcd3/IZwb+RKj+BAsa7NA== X-Received: by 2002:a17:907:4332:: with SMTP id ni2mr2917238ejb.422.1609939591871; Wed, 06 Jan 2021 05:26:31 -0800 (PST) Received: from omos.redhat.com ([2a02:8308:b105:dd00:277b:6436:24db:9466]) by smtp.gmail.com with ESMTPSA id bm12sm1225893ejb.117.2021.01.06.05.26.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Jan 2021 05:26:31 -0800 (PST) From: Ondrej Mosnacek To: selinux@vger.kernel.org, Paul Moore Cc: Paolo Abeni Subject: [PATCH 2/5] selinux: drop the unnecessary aurule_callback variable Date: Wed, 6 Jan 2021 14:26:19 +0100 Message-Id: <20210106132622.1122033-3-omosnace@redhat.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210106132622.1122033-1-omosnace@redhat.com> References: <20210106132622.1122033-1-omosnace@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Its value is actually not changed anywhere, so it can be substituted for a direct call to audit_update_lsm_rules(). Signed-off-by: Ondrej Mosnacek --- security/selinux/ss/services.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 597b79703584e..5e08ce2c5994a 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -3693,15 +3693,11 @@ out: return match; } -static int (*aurule_callback)(void) = audit_update_lsm_rules; - static int aurule_avc_callback(u32 event) { - int err = 0; - - if (event == AVC_CALLBACK_RESET && aurule_callback) - err = aurule_callback(); - return err; + if (event == AVC_CALLBACK_RESET) + return audit_update_lsm_rules(); + return 0; } static int __init aurule_init(void) From patchwork Wed Jan 6 13:26:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ondrej Mosnacek X-Patchwork-Id: 12001623 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 502E1C433E0 for ; Wed, 6 Jan 2021 13:28:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2C7312311E for ; Wed, 6 Jan 2021 13:28:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726454AbhAFN2C (ORCPT ); Wed, 6 Jan 2021 08:28:02 -0500 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:60630 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726439AbhAFN2C (ORCPT ); Wed, 6 Jan 2021 08:28:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1609939595; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wHE6P1TOGG+8RzuUTOU60xBKbgs5tAYorI9d4Iv36Dw=; b=VO4x5yDGouQPbQxXxp9Ss7QsjFvKYrcNmtT9u3LA3ek/I1pxKv+c7TQy1dZk7sSbU2g1/n AkkNJCFNEuSR4QFossDET3h84+zCXHul6nPZFqy4OoCVRRvYXfPTah6G/wijrCfd7k9kwF 1223oImYY58PdbB6xYYGSqoEqNiQF9c= Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-206-N1865SQ2Pfi3Q3Gr-N6opg-1; Wed, 06 Jan 2021 08:26:34 -0500 X-MC-Unique: N1865SQ2Pfi3Q3Gr-N6opg-1 Received: by mail-ed1-f70.google.com with SMTP id e11so1916173edn.11 for ; Wed, 06 Jan 2021 05:26:34 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=wHE6P1TOGG+8RzuUTOU60xBKbgs5tAYorI9d4Iv36Dw=; b=onDCWhz0ATqW2Cq0eHVba5l5of5FK2fCAvpAdKWqpSjaaOQSeLFahOWUTOngZBhEKo J7dqBjGbiqgmOoFQjhrH9aYbBvJDtFW8U+7ixO3+qJcqrR6wjvQHRcGwMBA/kvr+02ew SjkSLiQ+4AfzDGWFKUXVkVtTNJzlw33IzYoUkWrjxWgNl+Zh2QYCwdLHqsqtJF36v5/F lbkV4hPDmMw1PJh+izyylmVk9AtqNh2WIlJcu1emU6Tc6U76v60sNDA+ROX/DH3Vsk00 fAEwpk3bMXv7G6KAnTznZAllsPLHlHdDnvht0HltCdMBMXRzDHKnXKUVLnaocpatdQQS z9PA== X-Gm-Message-State: AOAM5327UfPsuNw/uP7oMSOoR2F42IxzZCIAh1mHTTv1PDNQ211sxGwY kEZQF4AbWkwN6UMatKbgReaGI7BRmW1yhUaBCeIN/qO4xaBPFc/BX0q+Kwjiy0UhedkSBR6skEH N1flEkjn5eVOTHSU2/yscvsVZypVRHwTYbHueIfrkFqug0yoU/eu97GYIqllOgOjd5w7MGA== X-Received: by 2002:a05:6402:4d6:: with SMTP id n22mr4078307edw.27.1609939592906; Wed, 06 Jan 2021 05:26:32 -0800 (PST) X-Google-Smtp-Source: ABdhPJy6GK9bdOMluUJ7AMc9lfyHlADCM3UvVQglRsdwQOaKZlblrVHp5X04eRYmFicWyVhP7vm0tw== X-Received: by 2002:a05:6402:4d6:: with SMTP id n22mr4078295edw.27.1609939592659; Wed, 06 Jan 2021 05:26:32 -0800 (PST) Received: from omos.redhat.com ([2a02:8308:b105:dd00:277b:6436:24db:9466]) by smtp.gmail.com with ESMTPSA id bm12sm1225893ejb.117.2021.01.06.05.26.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Jan 2021 05:26:32 -0800 (PST) From: Ondrej Mosnacek To: selinux@vger.kernel.org, Paul Moore Cc: Paolo Abeni Subject: [PATCH 3/5] selinux: make selinuxfs_mount static Date: Wed, 6 Jan 2021 14:26:20 +0100 Message-Id: <20210106132622.1122033-4-omosnace@redhat.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210106132622.1122033-1-omosnace@redhat.com> References: <20210106132622.1122033-1-omosnace@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org It is not referenced outside selinuxfs.c, so remove its extern header declaration and make it static. Signed-off-by: Ondrej Mosnacek --- security/selinux/include/security.h | 1 - security/selinux/selinuxfs.c | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 3cc8bab31ea85..765a258a899ef 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -436,7 +436,6 @@ extern void selinux_complete_init(void); extern int selinux_disable(struct selinux_state *state); extern void exit_sel_fs(void); extern struct path selinux_null; -extern struct vfsmount *selinuxfs_mount; extern void selnl_notify_setenforce(int val); extern void selnl_notify_policyload(u32 seqno); extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm); diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 4bde570d56a2c..4fdfe7b67df89 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -2204,7 +2204,7 @@ static struct file_system_type sel_fs_type = { .kill_sb = sel_kill_sb, }; -struct vfsmount *selinuxfs_mount; +static struct vfsmount *selinuxfs_mount; struct path selinux_null; static int __init init_sel_fs(void) From patchwork Wed Jan 6 13:26:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ondrej Mosnacek X-Patchwork-Id: 12001625 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9CFAFC43381 for ; Wed, 6 Jan 2021 13:28:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 642572311C for ; Wed, 6 Jan 2021 13:28:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726430AbhAFN2F (ORCPT ); Wed, 6 Jan 2021 08:28:05 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:24471 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726449AbhAFN2D (ORCPT ); Wed, 6 Jan 2021 08:28:03 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1609939597; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gUXpnHMB5BQWXnJYebKzDvEArZh3kRKXO9Yn4rzEv8g=; b=BEbOqrrzeOAIr+yLOS6iDgF73osrQ+7cTU3MXrGspxEJ2L+rRFCkVsXb5vwOyzo4WumEIG XIG1MNevhUCcXU/+dXYZZtVvoNO91sfTVY79zIM4llsMopIYZXbpqYwM1Wg/BnnKyYrkn0 1n4KAoOaDBG+fe3SeOvMOmMogxp4kBI= Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-449-u0bHsy_9NOmfLPl4VZjbYA-1; Wed, 06 Jan 2021 08:26:35 -0500 X-MC-Unique: u0bHsy_9NOmfLPl4VZjbYA-1 Received: by mail-ed1-f70.google.com with SMTP id h5so1927143edq.3 for ; Wed, 06 Jan 2021 05:26:35 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=gUXpnHMB5BQWXnJYebKzDvEArZh3kRKXO9Yn4rzEv8g=; b=loiKi6MJES5TEsUay2o4j7tzIgDwu28DIZZGUUsEtE13OyaxgsMCwGqhzxPY/R/pSY 74iw3KM6o047h4j6aM0CYCFaQK5rVNyHZpsJxEtp60SZoYGDWucmBJh5LlgkzBF7xD+k HiDhNbZ7AhZHc2MWGB9sXTNnuboZrIiWt3LZL5YZkc3UnFr2kIWzxfWNXAzYTr5O8iDp LiiJodbfBswIkU+DGAawYY1/fw42JFV2KHzyFvMiNYyjExH5gNZ2w+tsI0kIBdYgZQ+A eJNsrVlwUKVlydWevTiYiQ0i8KMfTtj1oE+uat2k8c5ZE/FXkctQw6UHD1J7ZpwyCcZ1 +Kuw== X-Gm-Message-State: AOAM5337Qh3XFwGI5+loYpOaLMp2YEF5JQGn+8WYuvC21EZyzEIHbHvh X9C+4KFULvcnIMA5ObU5wMY1Fb6p7miix34uBnDVrY9ez98urM74Iaf8x0J0fTaq1ZkYx+C8fGK 6rMyP2nUuN54L0pKrK7QVvVcRxrSrfiDjYVHntMRoYJ29+G5hMp2O4g5lueduN73DHmjtFQ== X-Received: by 2002:a50:ce13:: with SMTP id y19mr3932258edi.241.1609939594008; Wed, 06 Jan 2021 05:26:34 -0800 (PST) X-Google-Smtp-Source: ABdhPJwUTwu3C5lccobb7OINbVazRCPaRAl4cAYZx1N3eE86k8tLEoOIq809yWAp4rVodNLlJr38bw== X-Received: by 2002:a50:ce13:: with SMTP id y19mr3932239edi.241.1609939593662; Wed, 06 Jan 2021 05:26:33 -0800 (PST) Received: from omos.redhat.com ([2a02:8308:b105:dd00:277b:6436:24db:9466]) by smtp.gmail.com with ESMTPSA id bm12sm1225893ejb.117.2021.01.06.05.26.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Jan 2021 05:26:32 -0800 (PST) From: Ondrej Mosnacek To: selinux@vger.kernel.org, Paul Moore Cc: Paolo Abeni Subject: [PATCH 4/5] selinux: mark some global variables __ro_after_init Date: Wed, 6 Jan 2021 14:26:21 +0100 Message-Id: <20210106132622.1122033-5-omosnace@redhat.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210106132622.1122033-1-omosnace@redhat.com> References: <20210106132622.1122033-1-omosnace@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org All of these are never modified outside initcalls, so they can be __ro_after_init. Signed-off-by: Ondrej Mosnacek --- security/selinux/avc.c | 10 +++++----- security/selinux/netlink.c | 2 +- security/selinux/selinuxfs.c | 4 ++-- security/selinux/ss/avtab.c | 4 ++-- security/selinux/ss/ebitmap.c | 2 +- security/selinux/ss/hashtab.c | 2 +- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 3c05827608b6a..ad451cf9375e4 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -118,11 +118,11 @@ void avc_set_cache_threshold(struct selinux_avc *avc, avc->avc_cache_threshold = cache_threshold; } -static struct avc_callback_node *avc_callbacks; -static struct kmem_cache *avc_node_cachep; -static struct kmem_cache *avc_xperms_data_cachep; -static struct kmem_cache *avc_xperms_decision_cachep; -static struct kmem_cache *avc_xperms_cachep; +static struct avc_callback_node *avc_callbacks __ro_after_init; +static struct kmem_cache *avc_node_cachep __ro_after_init; +static struct kmem_cache *avc_xperms_data_cachep __ro_after_init; +static struct kmem_cache *avc_xperms_decision_cachep __ro_after_init; +static struct kmem_cache *avc_xperms_cachep __ro_after_init; static inline int avc_hash(u32 ssid, u32 tsid, u16 tclass) { diff --git a/security/selinux/netlink.c b/security/selinux/netlink.c index 621e2e9cd6a1d..1760aee712fd2 100644 --- a/security/selinux/netlink.c +++ b/security/selinux/netlink.c @@ -19,7 +19,7 @@ #include "security.h" -static struct sock *selnl; +static struct sock *selnl __ro_after_init; static int selnl_msglen(int msgtype) { diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 4fdfe7b67df89..01a7d50ed39b8 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -2204,8 +2204,8 @@ static struct file_system_type sel_fs_type = { .kill_sb = sel_kill_sb, }; -static struct vfsmount *selinuxfs_mount; -struct path selinux_null; +static struct vfsmount *selinuxfs_mount __ro_after_init; +struct path selinux_null __ro_after_init; static int __init init_sel_fs(void) { diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index 0172d87e2b9ae..6dcb6aa4db7f0 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c @@ -23,8 +23,8 @@ #include "avtab.h" #include "policydb.h" -static struct kmem_cache *avtab_node_cachep; -static struct kmem_cache *avtab_xperms_cachep; +static struct kmem_cache *avtab_node_cachep __ro_after_init; +static struct kmem_cache *avtab_xperms_cachep __ro_after_init; /* Based on MurmurHash3, written by Austin Appleby and placed in the * public domain. diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c index 14bedc95c6dcf..61fcbb8d0f880 100644 --- a/security/selinux/ss/ebitmap.c +++ b/security/selinux/ss/ebitmap.c @@ -26,7 +26,7 @@ #define BITS_PER_U64 (sizeof(u64) * 8) -static struct kmem_cache *ebitmap_node_cachep; +static struct kmem_cache *ebitmap_node_cachep __ro_after_init; int ebitmap_cmp(struct ebitmap *e1, struct ebitmap *e2) { diff --git a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c index dab8c25c739b9..3881787ce492c 100644 --- a/security/selinux/ss/hashtab.c +++ b/security/selinux/ss/hashtab.c @@ -9,7 +9,7 @@ #include #include "hashtab.h" -static struct kmem_cache *hashtab_node_cachep; +static struct kmem_cache *hashtab_node_cachep __ro_after_init; /* * Here we simply round the number of elements up to the nearest power of two. From patchwork Wed Jan 6 13:26:22 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ondrej Mosnacek X-Patchwork-Id: 12001629 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AE9F6C4332D for ; Wed, 6 Jan 2021 13:28:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7F1F02311E for ; Wed, 6 Jan 2021 13:28:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726449AbhAFN2G (ORCPT ); Wed, 6 Jan 2021 08:28:06 -0500 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:47248 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726456AbhAFN2E (ORCPT ); Wed, 6 Jan 2021 08:28:04 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1609939598; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bkmy+sPRJ3GBQ9N4fTsOS+0JPaHqtBA/WIcoxRE4Kqo=; b=bfUaEYcduwk3weIgbRNDOFMU9pqE5mdVvl1AeyVV8k+Szn6Qr5cttIKWGAOypY8XugUcDR 6FYuRU0Tnc2/mvxsC4TMoA8O1DoFBpM87SfIkPzbtRBF7p01UAaLkMKR3I9KxWqM7e0S/R O1KVCGnKDplErrCD306XIZuLGqrojtM= Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-548-qSM2VcMMMqKTdWIaArEk0w-1; Wed, 06 Jan 2021 08:26:36 -0500 X-MC-Unique: qSM2VcMMMqKTdWIaArEk0w-1 Received: by mail-ed1-f71.google.com with SMTP id g6so1909763edw.13 for ; Wed, 06 Jan 2021 05:26:36 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=bkmy+sPRJ3GBQ9N4fTsOS+0JPaHqtBA/WIcoxRE4Kqo=; b=T/BryOGgIPKt/0OU2rS42vqsiGlx8iHM2c+xfo4MfJGQpnIw9wnTUbPxQHvgSkeYK9 d5Yc1VXb1M5Mbk95F5RuyHJrnGs78+CcRoQm3fitFc+7+ssM0IOZXR1pkiyhAeZFX43I rq4NkhTOYGNpID2RnubyUD37rpgPTpsN+enJaLmV/l/mTE+fY5Ac8jfN32lYkBMBR7DN oGyvuB0cOu4VDUWKjhpAA+3TsVODMrWc9ttoBQdJKkecVG/9pOZscl1/m0EehoQCdRwA NMj8MDyrIy2zwTbP7BQNQjFH5xVOh7rQXt/FJ7S9+2dx1xYmI0WHO0fMx/Ss4Xi0ZOLJ gSDA== X-Gm-Message-State: AOAM532p7xzFIS+D+GYCR+l/0924NQAJzrjWyklYTQtWPTTUnmJzIRyp 6M8D0/z2WMKs9L8+v+lQ46jNkoPAgPrT9ODyQ6i5kOhwDUwhunl/PXN8PaRRKruse/AB46zNS/a CHNNoobXyZRGpBA3U7LiZhh6zlGtzCI8lRLtNsXrEuGXDuhj9TagbaXSny3gfrB2zwMfKOQ== X-Received: by 2002:a17:906:350b:: with SMTP id r11mr2958682eja.143.1609939595174; Wed, 06 Jan 2021 05:26:35 -0800 (PST) X-Google-Smtp-Source: ABdhPJwKHYElX2zlnRfoyYzjCpsot7Te0of2+UpUR3Iz4s3GgsiPTf0Jr1Vw6xf+65hiihjoGOMECA== X-Received: by 2002:a17:906:350b:: with SMTP id r11mr2958666eja.143.1609939594876; Wed, 06 Jan 2021 05:26:34 -0800 (PST) Received: from omos.redhat.com ([2a02:8308:b105:dd00:277b:6436:24db:9466]) by smtp.gmail.com with ESMTPSA id bm12sm1225893ejb.117.2021.01.06.05.26.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Jan 2021 05:26:34 -0800 (PST) From: Ondrej Mosnacek To: selinux@vger.kernel.org, Paul Moore Cc: Paolo Abeni Subject: [PATCH 5/5] selinux: mark selinux_xfrm_refcount as __read_mostly Date: Wed, 6 Jan 2021 14:26:22 +0100 Message-Id: <20210106132622.1122033-6-omosnace@redhat.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210106132622.1122033-1-omosnace@redhat.com> References: <20210106132622.1122033-1-omosnace@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org This is motivated by a perfomance regression of selinux_xfrm_enabled() that happened on a RHEL kernel due to false sharing between selinux_xfrm_refcount and (the late) selinux_ss.policy_rwlock (i.e. the .bss section memory layout changed such that they happened to share the same cacheline). Since the policy rwlock's memory region was modified upon each read-side critical section, the readers of selinux_xfrm_refcount had frequent cache misses, eventually leading to a significant performance degradation under a TCP SYN flood on a system with many cores (32 in this case, but it's detectable on less cores as well). While upstream has since switched to RCU locking, so the same can no longer happen here, selinux_xfrm_refcount could still share a cacheline with another frequently written region, thus marking it __read_mostly still makes sense. __read_mostly helps, because it will put the symbol in a separate section along with other read-mostly variables, so there should never be a clash with frequently written data. Since selinux_xfrm_refcount is modified only in case of an explicit action, it should be safe to do this (i.e. it shouldn't disrupt other read-mostly variables too much). Signed-off-by: Ondrej Mosnacek --- security/selinux/xfrm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index c367d36965d4f..634f3db24da67 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c @@ -47,7 +47,7 @@ #include "xfrm.h" /* Labeled XFRM instance counter */ -atomic_t selinux_xfrm_refcount = ATOMIC_INIT(0); +atomic_t selinux_xfrm_refcount __read_mostly = ATOMIC_INIT(0); /* * Returns true if the context is an LSM/SELinux context.