From: Jann Horn <jannh@google.com>
To: Ondrej Mosnacek <omosnace@redhat.com>
Cc: SElinux list <selinux@vger.kernel.org>,
Paul Moore <paul@paul-moore.com>,
NitinGote <nitin.r.gote@intel.com>,
Kees Cook <keescook@chromium.org>
Subject: Re: [PATCH] selinux: avoid atomic_t usage in sidtab
Date: Thu, 25 Jul 2019 16:59:13 +0200 [thread overview]
Message-ID: <CAG48ez3ii7wFyX9BLrehGwHAPERnR3EY49Ky-3M=yJKsY-xkXg@mail.gmail.com> (raw)
In-Reply-To: <20190725135933.30046-1-omosnace@redhat.com>
On Thu, Jul 25, 2019 at 3:59 PM Ondrej Mosnacek <omosnace@redhat.com> wrote:
> As noted in Documentation/atomic_t.txt, if we don't need the RMW atomic
> operations, we should only use READ_ONCE()/WRITE_ONCE() +
> smp_rmb()/smp_wmb() where necessary (or the combined variants
> smp_load_acquire()/smp_store_release()).
>
> This patch converts the sidtab code to use regular u32 for the counter
> and reverse lookup cache and use the appropriate operations instead of
> atomic_get()/atomic_set(). Note that when reading/updating the reverse
> lookup cache we don't need memory barriers as it doesn't need to be
> consistent or accurate. We can now also replace some atomic ops with
> regular loads (when under spinlock) and stores (for conversion target
> fields that are always accessed under the master table's spinlock).
>
> We can now also bump SIDTAB_MAX to U32_MAX as we can use the full u32
> range again.
>
> Suggested-by: Jann Horn <jannh@google.com>
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Looks good to me; you can add "Reviewed-by: Jann Horn
<jannh@google.com>" if you want.
next prev parent reply other threads:[~2019-07-25 14:59 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-25 13:59 [PATCH] selinux: avoid atomic_t usage in sidtab Ondrej Mosnacek
2019-07-25 14:59 ` Jann Horn [this message]
2019-07-25 18:58 ` Gote, Nitin R
2019-08-01 0:09 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAG48ez3ii7wFyX9BLrehGwHAPERnR3EY49Ky-3M=yJKsY-xkXg@mail.gmail.com' \
--to=jannh@google.com \
--cc=keescook@chromium.org \
--cc=nitin.r.gote@intel.com \
--cc=omosnace@redhat.com \
--cc=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.