On 12/19/19 4:48 AM, Ravi Kumar Siddojigari wrote:
Sorry , Re-adding the patch below as requested.
Stephen ,
Issue is fixed with this 2 changes , Issue as even reproduced on v4.14 and similar changes work there also .
It would be preferable if you sent the patch directly via git send-email
or similar. In any event, for the final version, we should drop the
Change-Id because it is Android-specific and we should add a Fixes line
like so:
Fixes: fa1aa143ac4a ("selinux: extended permissions for ioctls")
Given the behavior you are describing and the fact that you could
reproduce it on v4.14 as well, I would recommend marking both it and
Paul's earlier patch for stable (Paul will do this if he agrees; no
action required by you).
--
From 77c618006397c7a65ead257f3cb4e4fe3da2d4b8 Mon Sep 17 00:00:00 2001
From: Jaihind Yadav <jaihindyadav@xxxxxxxxxxxxxx>
Date: Tue, 17 Dec 2019 17:25:47 +0530
Subject: [PATCH] selinux: ensure we cleanup the internal AVC counters on error
in avc_update()
In AVC update we don't call avc_node_kill() when avc_xperms_populate()
fails, resulting in the avc->avc_cache.active_nodes counter having a
false value. In last patch this changes was missed , so correcting it.
Change-Id: Ic0298162cc766c0f21be7ab232e259766654dad3
Signed-off-by: Ravi Kumar Siddojigari <rsiddoji@xxxxxxxxxxxxxx>
---
security/selinux/avc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 91d24c2..3d1cff2 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -913,7 +913,7 @@ static int avc_update_node(struct selinux_avc *avc,
if (orig->ae.xp_node) {
rc = avc_xperms_populate(node, orig->ae.xp_node);
if (rc) {
- kmem_cache_free(avc_node_cachep, node);
+ avc_node_kill(avc, node);
goto out_unlock;
}
}
--
1.9.1
Br,