On Thu, 2024-11-28 at 11:06 +0100, Roberto Sassu wrote: > From: Roberto Sassu <roberto.sassu@xxxxxxxxxx> > > Use the READ_ONCE() and WRITE_ONCE() macros to mark concurrent read and > write accesses to the portion of the inode security blob containing the > iint pointer. > > Writers are serialized by the iint lock. > > Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx> Thanks, Roberto. Reviewed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx> > --- > security/integrity/ima/ima_iint.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c > index fca9db293c79..c763f431fbc1 100644 > --- a/security/integrity/ima/ima_iint.c > +++ b/security/integrity/ima/ima_iint.c > @@ -32,7 +32,7 @@ struct ima_iint_cache *ima_iint_find(struct inode *inode) > if (!iint_lock) > return NULL; > > - return iint_lock->iint; > + return READ_ONCE(iint_lock->iint); > } > > #define IMA_MAX_NESTING (FILESYSTEM_MAX_STACK_DEPTH + 1) > @@ -99,7 +99,7 @@ struct ima_iint_cache *ima_inode_get(struct inode *inode) > > lockdep_assert_held(&iint_lock->mutex); > > - iint = iint_lock->iint; > + iint = READ_ONCE(iint_lock->iint); > if (iint) > return iint; > > @@ -109,7 +109,7 @@ struct ima_iint_cache *ima_inode_get(struct inode *inode) > > ima_iint_init_always(iint, inode); > > - iint_lock->iint = iint; > + WRITE_ONCE(iint_lock->iint, iint); > > return iint; > }
