github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 14:42:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
01ee183b6d
linux/security
History
Ondrej Mosnacek 01ee183b6d UPSTREAM: selinux: avoid atomic_t usage in sidtab 
As noted in Documentation/atomic_t.txt, if we don't need the RMW atomic
operations, we should only use READ_ONCE()/WRITE_ONCE() +
smp_rmb()/smp_wmb() where necessary (or the combined variants
smp_load_acquire()/smp_store_release()).

This patch converts the sidtab code to use regular u32 for the counter
and reverse lookup cache and use the appropriate operations instead of
atomic_get()/atomic_set(). Note that when reading/updating the reverse
lookup cache we don't need memory barriers as it doesn't need to be
consistent or accurate. We can now also replace some atomic ops with
regular loads (when under spinlock) and stores (for conversion target
fields that are always accessed under the master table's spinlock).

We can now also bump SIDTAB_MAX to U32_MAX as we can use the full u32
range again.

Suggested-by: Jann Horn <jannh@google.com>
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Reviewed-by: Jann Horn <jannh@google.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

(cherry picked from commit 116f21bb96)
Change-Id: I15ecafe9be3cc434fc91978d6621333b8a5669cb
Bug: 140252993
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
2020-01-08 22:21:28 +00:00
..
apparmor apparmor: fix unsigned len comparison with less than zero 2020-01-04 19:13:08 +01:00
integrity ima: fix freeing ongoing ahash_request 2019-10-11 18:21:11 +02:00
keys keys: Fix missing null pointer check in request_key_auth_describe() 2019-09-21 07:17:13 +02:00
loadpin module: replace the existing LSM hook in init_module 2018-07-16 12:31:57 -07:00
selinux UPSTREAM: selinux: avoid atomic_t usage in sidtab 2020-01-08 22:21:28 +00:00
smack smack: use GFP_NOFS while holding inode_smack::smk_lock 2019-10-07 18:57:27 +02:00
tomoyo Kbuild updates for v4.19 2018-08-15 12:09:03 -07:00
yama Yama: Check for pid death before checking ancestry 2019-01-22 21:40:32 +01:00
commoncap.c cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias() 2018-08-11 02:05:53 -05:00
device_cgroup.c device_cgroup: fix RCU imbalance in error case 2019-04-27 09:36:40 +02:00
inode.c This is the 4.19.46 stable release 2019-05-25 19:09:59 +02:00
Kconfig BACKPORT: security: Create "kernel hardening" config area 2019-06-17 19:26:08 +00:00
Kconfig.hardening ANDROID: Fix allmodconfig build with CC=clang 2019-11-14 10:56:08 -08:00
lsm_audit.c missing barriers in some of unix_sock ->addr and ->path accesses 2019-03-19 13:12:41 +01:00
Makefile
min_addr.c
security.c BACKPORT: perf_event: Add support for LSM and SELinux checks 2020-01-07 22:30:02 +00:00