[PATCH 1/2] selinux: treat atomic flags more carefully

Paul Moore paul at paul-moore.com
Fri Jan 10 20:22:58 UTC 2020


On Tue, Jan 7, 2020 at 2:46 PM James Morris <jmorris at namei.org> wrote:
> On Tue, 7 Jan 2020, Ondrej Mosnacek wrote:
>
> > The disabled/enforcing/initialized flags are all accessed concurrently
> > by threads so use the appropriate accessors that ensure atomicity and
> > document that it is expected.
> >
> > Use smp_load/acquire...() helpers (with memory barriers) for the
> > initialized flag, since it gates access to the rest of the state
> > structures.
> >
> > Note that the disabled flag is currently not used for anything other
> > than avoiding double disable, but it will be used for bailing out of
> > hooks once security_delete_hooks() is removed.
> >
> > Signed-off-by: Ondrej Mosnacek <omosnace at redhat.com>
>
>
> Reviewed-by: James Morris <jamorris at linux.microsoft.com>

You get an extra helping of gratitude James for being the only one to
properly trim your reply ;)

-- 
paul moore
www.paul-moore.com



More information about the Linux-security-module-archive mailing list