Hi team ,
Looks like we have issue in handling the "active_nodes" count in the
Selinux - avc.c file.
Where avc_cache.active_nodes increase more than slot array and code
frequency calling of avc_reclaim_node() from avc_alloc_node() ;
Where following are the 2 instance which seem to possible culprits which
are seen on 4.19 kernel . Can you comment if my understand is wrong.
#1. if we see the active_nodes count is incremented in avc_alloc_node
(avc) which is called in avc_insert()
Where if the code take failure path on avc_xperms_populate the code will
not decrement this counter .
static struct avc_node *avc_insert(struct selinux_avc *avc,
u32 ssid, u32 tsid, u16 tclass,
struct av_decision *avd,
....
node = avc_alloc_node(avc); //incremented here
....
rc = avc_xperms_populate(node, xp_node); // possibilities of
this getting failure is there .
if (rc) {
kmem_cache_free(avc_node_cachep, node); // but on
failure we are not decrementing active_nodes ?
return NULL;
}
#2. where it looks like the logic on comparing the active_nodes against
avc_cache_threshold seems wired as the count of active nodes is always
going to be
more than 512 will may land in simply removing /calling avc_reclaim_node
frequently much before the slots are full maybe we are not using cache at
best ?
we should be comparing with some high watermark ? or my understanding wrong
?
/*@ static struct avc_node *avc_alloc_node(struct selinux_avc *avc) */
if (atomic_inc_return(&avc->avc_cache.active_nodes) >
avc->avc_cache_threshold) // default threshold is 512
avc_reclaim_node(avc);
Regards,
Ravi
