On Tue, Oct 28, 2025 at 2:00 PM Al Viro <[email protected]> wrote: > > Tree has invariant part + two subtrees that get replaced upon each > policy load. Invariant parts stay for the lifetime of filesystem, > these two subdirs - from policy load to policy load (serialized > on lock_rename(root, ...)). > > All object creations are via d_alloc_name()+d_add() inside selinuxfs, > all removals are via simple_recursive_removal(). > > Turn those d_add() into d_make_persistent()+dput() and that's mostly it. > > Signed-off-by: Al Viro <[email protected]>
I took this series for a spin and didn't see any problems with the selinux-testsuite. Also re-based my WIP selinux namespaces patch series [1] on top, which introduces multiple selinuxfs instances (one per selinux namespace), and didn't see any problems. Reviewed-by: Stephen Smalley <[email protected]> Tested-by: Stephen Smalley <[email protected]> [1] https://lore.kernel.org/selinux/[email protected]/ > --- > security/selinux/selinuxfs.c | 10 ++++++---- > 1 file changed, 6 insertions(+), 4 deletions(-) > > diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c > index f088776dbbd3..eae565358db4 100644 > --- a/security/selinux/selinuxfs.c > +++ b/security/selinux/selinuxfs.c > @@ -1205,7 +1205,8 @@ static struct dentry *sel_attach(struct dentry *parent, > const char *name, > iput(inode); > return ERR_PTR(-ENOMEM); > } > - d_add(dentry, inode); > + d_make_persistent(dentry, inode); > + dput(dentry); > return dentry; > } > > @@ -1934,10 +1935,11 @@ static struct dentry *sel_make_swapover_dir(struct > super_block *sb, > /* directory inodes start off with i_nlink == 2 (for "." entry) */ > inc_nlink(inode); > inode_lock(sb->s_root->d_inode); > - d_add(dentry, inode); > + d_make_persistent(dentry, inode); > inc_nlink(sb->s_root->d_inode); > inode_unlock(sb->s_root->d_inode); > - return dentry; > + dput(dentry); > + return dentry; // borrowed > } > > #define NULL_FILE_NAME "null" > @@ -2080,7 +2082,7 @@ static int sel_init_fs_context(struct fs_context *fc) > static void sel_kill_sb(struct super_block *sb) > { > selinux_fs_info_free(sb); > - kill_litter_super(sb); > + kill_anon_super(sb); > } > > static struct file_system_type sel_fs_type = { > -- > 2.47.3 > >
