Merge tag 'selinux-pr-20230420' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull selinux updates from Paul Moore:

 - Stop passing the 'selinux_state' pointers as function arguments

   As discussed during the end of the last development cycle, passing a
   selinux_state pointer through the SELinux code has a noticeable
   impact on performance, and with the current code it is not strictly
   necessary.

   This simplifies things by referring directly to the single
   selinux_state global variable which should help improve SELinux
   performance.

 - Uninline the unlikely portions of avc_has_perm_noaudit()

   This change was also based on a discussion from the last development
   cycle, and is heavily based on an initial proof of concept patch from
   you. The core issue was that avc_has_perm_noaudit() was not able to
   be inlined, as intended, due to its size. We solved this issue by
   extracting the less frequently hit portions of avc_has_perm_noaudit()
   into a separate function, reducing the size of avc_has_perm_noaudit()
   to the point where the compiler began inlining the function. We also
   took the opportunity to clean up some ugly RCU locking in the code
   that became uglier with the change.

 - Remove the runtime disable functionality

   After several years of work by the userspace and distro folks, we are
   finally in a place where we feel comfortable removing the runtime
   disable functionality which we initially deprecated at the start of
   2020.

   There is plenty of information in the kernel's deprecation (now
   removal) notice, but the main motivation was to be able to safely
   mark the LSM hook structures as '__ro_after_init'.

   LWN also wrote a good summary of the deprecation this morning which
   offers a more detailed history:

        https://lwn.net/SubscriberLink/927463/dcfa0d4ed2872f03

 - Remove the checkreqprot functionality

   The original checkreqprot deprecation notice stated that the removal
   would happen no sooner than June 2021, which means this falls hard
   into the "better late than never" bucket.

   The Kconfig and deprecation notice has more detail on this setting,
   but the basic idea is that we want to ensure that the SELinux policy
   allows for the memory protections actually applied by the kernel, and
   not those requested by the process.

   While we haven't found anyone running a supported distro that is
   affected by this deprecation/removal, anyone who is affected would
   only need to update their policy to reflect the reality of their
   applications' mapping protections.

 - Minor Makefile improvements

   Some minor Makefile improvements to correct some dependency issues
   likely only ever seen by SELinux developers. I expect we will have at
   least one more tweak to the Makefile during the next merge window,
   but it didn't quite make the cutoff this time around.

* tag 'selinux-pr-20230420' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: ensure av_permissions.h is built when needed
  selinux: fix Makefile dependencies of flask.h
  selinux: stop returning node from avc_insert()
  selinux: clean up dead code after removing runtime disable
  selinux: update the file list in MAINTAINERS
  selinux: remove the runtime disable functionality
  selinux: remove the 'checkreqprot' functionality
  selinux: stop passing selinux_state pointers and their offspring
  selinux: uninline unlikely parts of avc_has_perm_noaudit()

4 files changed, 5 insertions, 5 deletions

diff --git a/security/landlock/cred.c b/security/landlock/cred.c
index ec6c37f04a19..13dff2a31545 100644
--- a/security/landlock/cred.c
+++ b/security/landlock/cred.c
@@ -34,7 +34,7 @@ static void hook_cred_free(struct cred *const cred)
 		landlock_put_ruleset_deferred(dom);
 }
 
-static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = {
+static struct security_hook_list landlock_hooks[] __ro_after_init = {
 	LSM_HOOK_INIT(cred_prepare, hook_cred_prepare),
 	LSM_HOOK_INIT(cred_free, hook_cred_free),
 };
diff --git a/security/landlock/fs.c b/security/landlock/fs.c
index adcea0fe7e68..1c0c198f6fdb 100644
--- a/security/landlock/fs.c
+++ b/security/landlock/fs.c
@@ -1280,7 +1280,7 @@ static int hook_file_truncate(struct file *const file)
 	return -EACCES;
 }
 
-static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = {
+static struct security_hook_list landlock_hooks[] __ro_after_init = {
 	LSM_HOOK_INIT(inode_free_security, hook_inode_free_security),
 
 	LSM_HOOK_INIT(sb_delete, hook_sb_delete),
diff --git a/security/landlock/ptrace.c b/security/landlock/ptrace.c
index 4c5b9cd71286..8a06d6c492bf 100644
--- a/security/landlock/ptrace.c
+++ b/security/landlock/ptrace.c
@@ -108,7 +108,7 @@ static int hook_ptrace_traceme(struct task_struct *const parent)
 	return task_ptrace(parent, current);
 }
 
-static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = {
+static struct security_hook_list landlock_hooks[] __ro_after_init = {
 	LSM_HOOK_INIT(ptrace_access_check, hook_ptrace_access_check),
 	LSM_HOOK_INIT(ptrace_traceme, hook_ptrace_traceme),
 };
diff --git a/security/landlock/setup.c b/security/landlock/setup.c
index 3f196d2ce4f9..0f6113528fa4 100644
--- a/security/landlock/setup.c
+++ b/security/landlock/setup.c
@@ -15,9 +15,9 @@
 #include "ptrace.h"
 #include "setup.h"
 
-bool landlock_initialized __lsm_ro_after_init = false;
+bool landlock_initialized __ro_after_init = false;
 
-struct lsm_blob_sizes landlock_blob_sizes __lsm_ro_after_init = {
+struct lsm_blob_sizes landlock_blob_sizes __ro_after_init = {
 	.lbs_cred = sizeof(struct landlock_cred_security),
 	.lbs_file = sizeof(struct landlock_file_security),
 	.lbs_inode = sizeof(struct landlock_inode_security),