Merge tag 'selinux-pr-20211101' of git://git.kernel.org/pub/scm/linux/kernel/git...

Pull selinux updates from Paul Moore:

 - Add LSM/SELinux/Smack controls and auditing for io-uring.

   As usual, the individual commit descriptions have more detail, but we
   were basically missing two things which we're adding here:

      + establishment of a proper audit context so that auditing of
        io-uring ops works similarly to how it does for syscalls (with
        some io-uring additions because io-uring ops are *not* syscalls)

      + additional LSM hooks to enable access control points for some of
        the more unusual io-uring features, e.g. credential overrides.

   The additional audit callouts and LSM hooks were done in conjunction
   with the io-uring folks, based on conversations and RFC patches
   earlier in the year.

 - Fixup the binder credential handling so that the proper credentials
   are used in the LSM hooks; the commit description and the code
   comment which is removed in these patches are helpful to understand
   the background and why this is the proper fix.

 - Enable SELinux genfscon policy support for securityfs, allowing
   improved SELinux filesystem labeling for other subsystems which make
   use of securityfs, e.g. IMA.

* tag 'selinux-pr-20211101' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  security: Return xattr name from security_dentry_init_security()
  selinux: fix a sock regression in selinux_ip_postroute_compat()
  binder: use cred instead of task for getsecid
  binder: use cred instead of task for selinux checks
  binder: use euid from cred instead of using task
  LSM: Avoid warnings about potentially unused hook variables
  selinux: fix all of the W=1 build warnings
  selinux: make better use of the nf_hook_state passed to the NF hooks
  selinux: fix race condition when computing ocontext SIDs
  selinux: remove unneeded ipv6 hook wrappers
  selinux: remove the SELinux lockdown implementation
  selinux: enable genfscon labeling for securityfs
  Smack: Brutalist io_uring support
  selinux: add support for the io_uring access controls
  lsm,io_uring: add LSM hooks to io_uring
  io_uring: convert io_uring to the secure anon inode interface
  fs: add anon_inode_getfile_secure() similar to anon_inode_getfd_secure()
  audit: add filtering for io_uring records
  audit,io_uring,io-wq: add some basic audit support to io_uring
  audit: prepare audit_context for use in calling contexts beyond syscalls

diff --cc drivers/android/binder.c
Simple merge

diff --cc drivers/android/binder_internal.h
Simple merge

diff --cc fs/io-wq.c
index 38b33ad,dac5c59..c516912
--- 1/fs/io-wq.c
--- 2/fs/io-wq.c
+++ b/fs/io-wq.c
@@@ -14,7 -14,7 +14,8 @@@
  #include <linux/rculist_nulls.h>
  #include <linux/cpu.h>
  #include <linux/tracehook.h>
+ #include <linux/audit.h>
 +#include <uapi/linux/io_uring.h>
  
  #include "io-wq.h"
  

diff --cc fs/io_uring.c
index 3a4af97,f89d00a..3ecd4b5
--- 1/fs/io_uring.c
--- 2/fs/io_uring.c
+++ b/fs/io_uring.c
@@@ -910,8 -917,10 +912,10 @@@ struct io_op_def 
        unsigned                buffer_select : 1;
        /* do prep async if is going to be punted */
        unsigned                needs_async_setup : 1;
 -      /* should block plug */
 -      unsigned                plug : 1;
 +      /* opcode is not supported by this kernel */
 +      unsigned                not_supported : 1;
+       /* skip auditing */
+       unsigned                audit_skip : 1;
        /* size of async data needed, if any */
        unsigned short          async_size;
  };
@@@ -6578,9 -6621,13 +6612,12 @@@ static int io_issue_sqe(struct io_kioc
        const struct cred *creds = NULL;
        int ret;
  
 -      if ((req->flags & REQ_F_CREDS) && req->creds != current_cred())
 +      if (unlikely((req->flags & REQ_F_CREDS) && req->creds != current_cred()))
                creds = override_creds(req->creds);
  
+       if (!io_op_defs[req->opcode].audit_skip)
+               audit_uring_entry(req->opcode);
+ 
        switch (req->opcode) {
        case IORING_OP_NOP:
                ret = io_nop(req, issue_flags);
@@@ -7090,14 -7067,38 +7130,21 @@@ static int io_init_req(struct io_ring_c
  
        personality = READ_ONCE(sqe->personality);
        if (personality) {
++              int ret;
++
                req->creds = xa_load(&ctx->personalities, personality);
                if (!req->creds)
                        return -EINVAL;
                get_cred(req->creds);
+               ret = security_uring_override_creds(req->creds);
+               if (ret) {
+                       put_cred(req->creds);
+                       return ret;
+               }
                req->flags |= REQ_F_CREDS;
        }
 -      state = &ctx->submit_state;
 -
 -      /*
 -       * Plug now if we have more than 1 IO left after this, and the target
 -       * is potentially a read/write to block based storage.
 -       */
 -      if (!state->plug_started && state->ios_left > 1 &&
 -          io_op_defs[req->opcode].plug) {
 -              blk_start_plug(&state->plug);
 -              state->plug_started = true;
 -      }
 -
 -      if (io_op_defs[req->opcode].needs_file) {
 -              req->file = io_file_get(ctx, req, READ_ONCE(sqe->fd),
 -                                      (sqe_flags & IOSQE_FIXED_FILE));
 -              if (unlikely(!req->file))
 -                      ret = -EBADF;
 -      }
  
 -      state->ios_left--;
 -      return ret;
 +      return io_req_prep(req, sqe);
  }
  
  static int io_submit_sqe(struct io_ring_ctx *ctx, struct io_kiocb *req,

diff --cc kernel/auditsc.c
Simple merge

diff --cc security/selinux/hooks.c
Simple merge

diff --cc security/smack/smack_lsm.c
Simple merge