| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e6a2c26951147ce12c57ff1fd53651c0@paul-moore.com>
Date: Fri, 21 Nov 2025 15:57:27 -0500
From: Paul Moore <paul@...l-moore.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: selinux@...r.kernel.org, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [GIT PULL] selinux/selinux-pr-20251121
Hi Linus,
Three SELinux patches for v6.18 to fix issues around accessing the
per-task decision cache that we introduced in v6.16 to help reduce
SELinux overhead on path walks. The problem was that despite the
cache being located in the SELinux "task_security_struct", the
parent struct wasn't actually tied to the task, it was tied to a cred.
Historically SELinux did locate the task_security_struct in the
task_struct's security blob, but it was later relocated to the cred
struct when the cred work happened, as it made the most sense at the
time. Unfortunately we never did the task_security_struct to
cred_security_struct rename work (avoid code churn maybe? who knows)
because it didn't really matter at the time. However, it suddenly
became a problem when we added a per-task cache to a per-cred object
and didn't notice because of the old, no-longer-correct struct naming.
Thanks to KCSAN for flagging this, as the silly humans running
things forgot that the task_security_struct was a big lie.
This pull request contains three patches, only one of which actually
fixes the problem described above and moves the SELinux decision cache
from the per-cred struct to a newly (re)created per-task struct. The
other two patches, which form the bulk of the diffstat, take care of
the associated renaming tasks so we can hopefully avoid making the
same stupid mistake in the future. For the record, I did contemplate
sending just a fix for the cache, leaving the renaming patches for the
upcoming merge window, but the type/variable naming ended up being
pretty awful and would have made v6.18 an outlier stuck between the
"old" names and the "new" names in v6.19. The renaming patches are
also fairly mechanical/trivial and shouldn't pose much risk despite
their size.
TLDR; naming things may be hard, but if you mess it up bad things
happen.
Paul
--
The following changes since commit 211ddde0823f1442e4ad052a2f30f050145ccada:
Linux 6.18-rc2 (2025-10-19 15:19:16 -1000)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
tags/selinux-pr-20251121
for you to fetch changes up to 3ded250b97c3ae94a642bc2e710a95700e72dfb0:
selinux: rename the cred_security_struct variables to "crsec"
(2025-11-20 16:47:50 -0500)
----------------------------------------------------------------
selinux/stable-6.18 PR 20251121
----------------------------------------------------------------
Paul Moore (1):
selinux: rename the cred_security_struct variables to "crsec"
Stephen Smalley (2):
selinux: rename task_security_struct to cred_security_struct
selinux: move avdcache to per-task security struct
security/selinux/hooks.c | 251 +++++++++++++++---------------
security/selinux/include/objsec.h | 22 +-
2 files changed, 144 insertions(+), 129 deletions(-)
--
paul-moore.com
Powered by blists - more mailing lists