selinux: access policycaps with READ_ONCE/WRITE_ONCE

Use READ_ONCE/WRITE_ONCE for all accesses to the selinux_state.policycaps booleans to prevent compiler mischief. Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Stephen Smalley <stephen.smalley.work@gmail.com> 2020-09-10 10:28:05 -0400
committer: Paul Moore <paul@paul-moore.com> 2020-09-11 10:08:51 -0400
commit: e8ba53d0023a76ba0f50e6ee3e6288c5442f9d33 (patch)
tree: 041eb7d30a3154fc1f9f15d562a9d1e7c3b5d573 /security/selinux/ss/services.c
parent: selinux: simplify away security_policydb_len() (diff)
download: linux-dev-e8ba53d0023a76ba0f50e6ee3e6288c5442f9d33.tar.xz
linux-dev-e8ba53d0023a76ba0f50e6ee3e6288c5442f9d33.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 8dc111fbe23a..9704c8a32303 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2123,7 +2123,8 @@ static void security_load_policycaps(struct selinux_state *state,
 	p = &policy->policydb;
 
 	for (i = 0; i < ARRAY_SIZE(state->policycap); i++)
-		state->policycap[i] = ebitmap_get_bit(&p->policycaps, i);
+		WRITE_ONCE(state->policycap[i],
+			ebitmap_get_bit(&p->policycaps, i));
 
 	for (i = 0; i < ARRAY_SIZE(selinux_policycap_names); i++)
 		pr_info("SELinux:  policy capability %s=%d\n",
author	Stephen Smalley <stephen.smalley.work@gmail.com>	2020-09-10 10:28:05 -0400
committer	Paul Moore <paul@paul-moore.com>	2020-09-11 10:08:51 -0400
commit	e8ba53d0023a76ba0f50e6ee3e6288c5442f9d33 (patch)
tree	041eb7d30a3154fc1f9f15d562a9d1e7c3b5d573 /security/selinux/ss/services.c
parent	selinux: simplify away security_policydb_len() (diff)
download	linux-dev-e8ba53d0023a76ba0f50e6ee3e6288c5442f9d33.tar.xz linux-dev-e8ba53d0023a76ba0f50e6ee3e6288c5442f9d33.zip