summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2020-01-02 12:53:49 +0900
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2020-02-05 14:43:38 +0000
commit8f1c7fe1d57e37d03107c75f5deaa6ead31b8a4d (patch)
treefcb6c4acd110faa94603bb2bfefdee1f5f980c96 /security
parentddba92fa8338d3ee081d9be7702c287a8daf9111 (diff)
downloadlinux-stable-8f1c7fe1d57e37d03107c75f5deaa6ead31b8a4d.tar.gz
linux-stable-8f1c7fe1d57e37d03107c75f5deaa6ead31b8a4d.tar.bz2
linux-stable-8f1c7fe1d57e37d03107c75f5deaa6ead31b8a4d.zip
tomoyo: Use atomic_t for statistics counter
commit a8772fad0172aeae339144598b809fd8d4823331 upstream. syzbot is reporting that there is a race at tomoyo_stat_update() [1]. Although it is acceptable to fail to track exact number of times policy was updated, convert to atomic_t because this is not a hot path. [1] https://syzkaller.appspot.com/bug?id=a4d7b973972eeed410596e6604580e0133b0fc04 Reported-by: syzbot <syzbot+efea72d4a0a1d03596cd@syzkaller.appspotmail.com> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'security')
-rw-r--r--security/tomoyo/common.c11
1 files changed, 4 insertions, 7 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 03923a138ef5..ca0c98240e0d 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -2254,9 +2254,9 @@ static const char * const tomoyo_memory_headers[TOMOYO_MAX_MEMORY_STAT] = {
[TOMOYO_MEMORY_QUERY] = "query message:",
};
-/* Timestamp counter for last updated. */
-static unsigned int tomoyo_stat_updated[TOMOYO_MAX_POLICY_STAT];
/* Counter for number of updates. */
+static atomic_t tomoyo_stat_updated[TOMOYO_MAX_POLICY_STAT];
+/* Timestamp counter for last updated. */
static time64_t tomoyo_stat_modified[TOMOYO_MAX_POLICY_STAT];
/**
@@ -2268,10 +2268,7 @@ static time64_t tomoyo_stat_modified[TOMOYO_MAX_POLICY_STAT];
*/
void tomoyo_update_stat(const u8 index)
{
- /*
- * I don't use atomic operations because race condition is not fatal.
- */
- tomoyo_stat_updated[index]++;
+ atomic_inc(&tomoyo_stat_updated[index]);
tomoyo_stat_modified[index] = ktime_get_real_seconds();
}
@@ -2291,7 +2288,7 @@ static void tomoyo_read_stat(struct tomoyo_io_buffer *head)
for (i = 0; i < TOMOYO_MAX_POLICY_STAT; i++) {
tomoyo_io_printf(head, "Policy %-30s %10u",
tomoyo_policy_headers[i],
- tomoyo_stat_updated[i]);
+ atomic_read(&tomoyo_stat_updated[i]));
if (tomoyo_stat_modified[i]) {
struct tomoyo_time stamp;
tomoyo_convert_time(tomoyo_stat_modified[i], &stamp);