Re: [RFC PATCH 2/2] selinux: fix data race on AVC latest_notif

Next message: Bjorn Helgaas: "Re: [PATCH 0/4] PCI: Fix procfs PCI config access issues"
Previous message: Danilo Krummrich: "[PATCH 11/24] rust: pci: make Driver trait lifetime-parameterized"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Paul Moore

Date: Mon Apr 27 2026 - 18:19:00 EST

On Mon, Feb 2, 2026 at 8:48 AM Christian Göttsche
<cgoettsche@xxxxxxxxxxxxx> wrote:
>
> From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
>
> The latest revocation notification of the AVC cache can be bumped
> concurrently. Ensure an atomic read using READ_ONCE() and please
> KCSAN by using data_race().
>
> Reported-by: syzbot+a7f7cb0737bd91aa698c@xxxxxxxxxxxxxxxxxxxxxxxxx
> Closes: https://syzkaller.appspot.com/bug?extid=a7f7cb0737bd91aa698c
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
> ---
> security/selinux/avc.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> index 8f77b9a732e1..fd1f9486fa98 100644
> --- a/security/selinux/avc.c
> +++ b/security/selinux/avc.c
> @@ -1204,5 +1204,5 @@ int avc_has_perm(u32 ssid, u32 tsid, u16 tclass,
>
> u32 avc_policy_seqno(void)
> {
> - return selinux_avc.avc_cache.latest_notif;
> + return data_race(READ_ONCE(selinux_avc.avc_cache.latest_notif));
> }

My apologies, I'm not sure what happened, but it looks like my
comments on this patchset were never sent. Regardless, as you likely
saw, patch 1/2 was merged and is now in Linus tree, thank you.
However, I did have a comment on this patch: could we also quiet KCSAN
with a RCU read lock?

u32 avc_policy_seqno(void)
{
u32 seqno;

rcu_read_lock();
seqno = selinux_avc.avc_cache.latest_notif;
rcu_read_unlock();

return seqno;
}

--
paul-moore.com