selinux: pre-allocate the status page

Since the status page is currently only allocated on first use, the
sequence number of the initial policyload (i.e. 1) is not stored,
leading to the observable sequence of 0, 2, 3, 4, ...

Try to pre-allocate the status page during the initialization of the
selinuxfs, so selinux_status_update_policyload() will set the sequence
number.

This brings the status page to return the actual sequence number for the
initial policy load, which is also observable via the netlink socket.
I could not find any occurrence where userspace depends on the actual
value returned by selinux_status_policyload(3), thus the breakage should
be unnoticed.

Closes: https://lore.kernel.org/selinux/[email protected]/
Signed-off-by: Christian Göttsche <[email protected]>
[PM: trimmed 'reported-by' that was missing an email]
Signed-off-by: Paul Moore <[email protected]>

1 files changed, 6 insertions, 0 deletions

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index d18581d741e8..17a2df4d5eb9 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -2161,6 +2161,12 @@ static int __init init_sel_fs(void)
 		selinux_null.dentry = NULL;
 	}
 
+	/*
+	 * Try to pre-allocate the status page, so the sequence number of the
+	 * initial policy load can be stored.
+	 */
+	(void) selinux_kernel_status_page();
+
 	return err;
 }