Commit 268df1fc authored Dec 17, 2019 by Jaihind Yadav Committed by Gerrit - the friendly Code Review server Dec 26, 2019

selinux: cleanup the internal AVC counters on error in avc_update()



In avc_update_node() after calling avc_alloc_node() which,
increments avc->avc_cache.active_nodes counter,
but kmem_cache_free() were called when avc_xperms_populate()
fails , which does not decrements the active_nodes count,
resulting in the avc->avc_cache.active_nodes counter having
false value.so calling avc_node_node() to fix it.

Change-Id: Ic0298162cc766c0f21be7ab232e259766654dad3
Signed-off-by: Jaihind Yadav <jaihindyadav@codeaurora.org>
Signed-off-by: Ravi Kumar Siddojigari <rsiddoji@codeaurora.org>
Signed-off-by: vijay.rayabarapu <vijay.rayabarapu@codeaurora.org>

parent 570f6d4c

security/selinux/avc.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -913,7 +913,7 @@ static int avc_update_node(struct selinux_avc *avc,
		if (orig->ae.xp_node) {
		rc = avc_xperms_populate(node, orig->ae.xp_node);
		if (rc) {
		kmem_cache_free(avc_node_cachep, node);
		avc_node_kill(avc, node);
		goto out_unlock;
		}
		}