selinux: access policycaps with READ_ONCE/WRITE_ONCE

stephensmalley · gregkh · commit 4c210f8a0907 · 2020-11-05T11:51:21.000+01:00
[ Upstream commit e8ba53d ] Use READ_ONCE/WRITE_ONCE for all accesses to the selinux_state.policycaps booleans to prevent compiler mischief. Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
@@ -177,49 +177,49 @@ static inline bool selinux_policycap_netpeer(void)
 {
 	struct selinux_state *state = &selinux_state;
 
-	return state->policycap[POLICYDB_CAPABILITY_NETPEER];
+	return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_NETPEER]);
 }
 
 static inline bool selinux_policycap_openperm(void)
 {
 	struct selinux_state *state = &selinux_state;
 
-	return state->policycap[POLICYDB_CAPABILITY_OPENPERM];
+	return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_OPENPERM]);
 }
 
 static inline bool selinux_policycap_extsockclass(void)
 {
 	struct selinux_state *state = &selinux_state;
 
-	return state->policycap[POLICYDB_CAPABILITY_EXTSOCKCLASS];
+	return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_EXTSOCKCLASS]);
 }
 
 static inline bool selinux_policycap_alwaysnetwork(void)
 {
 	struct selinux_state *state = &selinux_state;
 
-	return state->policycap[POLICYDB_CAPABILITY_ALWAYSNETWORK];
+	return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_ALWAYSNETWORK]);
 }
 
 static inline bool selinux_policycap_cgroupseclabel(void)
 {
 	struct selinux_state *state = &selinux_state;
 
-	return state->policycap[POLICYDB_CAPABILITY_CGROUPSECLABEL];
+	return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_CGROUPSECLABEL]);
 }
 
 static inline bool selinux_policycap_nnp_nosuid_transition(void)
 {
 	struct selinux_state *state = &selinux_state;
 
-	return state->policycap[POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION];
+	return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION]);
 }
 
 static inline bool selinux_policycap_genfs_seclabel_symlinks(void)
 {
 	struct selinux_state *state = &selinux_state;
 
-	return state->policycap[POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS];
+	return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS]);
 }
 
 int security_mls_enabled(struct selinux_state *state);
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
@@ -2103,7 +2103,8 @@ static void security_load_policycaps(struct selinux_state *state)
 	struct ebitmap_node *node;
 
 	for (i = 0; i < ARRAY_SIZE(state->policycap); i++)
-		state->policycap[i] = ebitmap_get_bit(&p->policycaps, i);
+		WRITE_ONCE(state->policycap[i],
+			ebitmap_get_bit(&p->policycaps, i));
 
 	for (i = 0; i < ARRAY_SIZE(selinux_policycap_names); i++)
 		pr_info("SELinux:  policy capability %s=%d\n",

Original file line number	Diff line number	Diff line change
`@@ -177,49 +177,49 @@ static inline bool selinux_policycap_netpeer(void)`
`177`	`177`	`{`
`178`	`178`	`struct selinux_state *state = &selinux_state;`
`179`	`179`
`180`		`- return state->policycap[POLICYDB_CAPABILITY_NETPEER];`
	`180`	`+ return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_NETPEER]);`
`181`	`181`	`}`
`182`	`182`
`183`	`183`	`static inline bool selinux_policycap_openperm(void)`
`184`	`184`	`{`
`185`	`185`	`struct selinux_state *state = &selinux_state;`
`186`	`186`
`187`		`- return state->policycap[POLICYDB_CAPABILITY_OPENPERM];`
	`187`	`+ return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_OPENPERM]);`
`188`	`188`	`}`
`189`	`189`
`190`	`190`	`static inline bool selinux_policycap_extsockclass(void)`
`191`	`191`	`{`
`192`	`192`	`struct selinux_state *state = &selinux_state;`
`193`	`193`
`194`		`- return state->policycap[POLICYDB_CAPABILITY_EXTSOCKCLASS];`
	`194`	`+ return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_EXTSOCKCLASS]);`
`195`	`195`	`}`
`196`	`196`
`197`	`197`	`static inline bool selinux_policycap_alwaysnetwork(void)`
`198`	`198`	`{`
`199`	`199`	`struct selinux_state *state = &selinux_state;`
`200`	`200`
`201`		`- return state->policycap[POLICYDB_CAPABILITY_ALWAYSNETWORK];`
	`201`	`+ return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_ALWAYSNETWORK]);`
`202`	`202`	`}`
`203`	`203`
`204`	`204`	`static inline bool selinux_policycap_cgroupseclabel(void)`
`205`	`205`	`{`
`206`	`206`	`struct selinux_state *state = &selinux_state;`
`207`	`207`
`208`		`- return state->policycap[POLICYDB_CAPABILITY_CGROUPSECLABEL];`
	`208`	`+ return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_CGROUPSECLABEL]);`
`209`	`209`	`}`
`210`	`210`
`211`	`211`	`static inline bool selinux_policycap_nnp_nosuid_transition(void)`
`212`	`212`	`{`
`213`	`213`	`struct selinux_state *state = &selinux_state;`
`214`	`214`
`215`		`- return state->policycap[POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION];`
	`215`	`+ return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION]);`
`216`	`216`	`}`
`217`	`217`
`218`	`218`	`static inline bool selinux_policycap_genfs_seclabel_symlinks(void)`
`219`	`219`	`{`
`220`	`220`	`struct selinux_state *state = &selinux_state;`
`221`	`221`
`222`		`- return state->policycap[POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS];`
	`222`	`+ return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS]);`
`223`	`223`	`}`
`224`	`224`
`225`	`225`	`int security_mls_enabled(struct selinux_state *state);`