[PATCH] selinux: cache not freed if load_policy fails; reload BUG's

From: Jeffrey Mahoney
Date: Fri Nov 19 2004 - 16:57:44 EST

Next message: Chris Friesen: "question on accessing device nodes for drivers that are not loaded"
Previous message: Greg KH: "Re: [PATCH] Driver Core fixes for 2.6.10-rc2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If security_load_policy() fails on the first try, the cache is never cleaned
up. When the policy is fixed and a reload is attempted, the old cache will
still exist, causing a BUG() in kmem_cache_create().

This patch adds a destroy operation to clean up the cache on failure.

Signed-off-by: Jeff Mahoney <jeffm@xxxxxxxxxx>

Please apply.

diff -rupX dontdiff linux-2.6.9/security/selinux/ss/avtab.c linux-2.6.9.selinux/security/selinux/ss/avtab.c
--- linux-2.6.9/security/selinux/ss/avtab.c 2004-11-19 14:40:58.000000000 -0500
+++ linux-2.6.9.selinux/security/selinux/ss/avtab.c 2004-11-19 16:14:51.573323560 -0500
@@ -407,3 +407,8 @@ void avtab_cache_init(void)
sizeof(struct avtab_node),
0, SLAB_PANIC, NULL, NULL);
}
+
+void avtab_cache_destroy(void)
+{
+ kmem_cache_destroy (avtab_node_cachep);
+}
diff -rupX dontdiff linux-2.6.9/security/selinux/ss/avtab.h linux-2.6.9.selinux/security/selinux/ss/avtab.h
--- linux-2.6.9/security/selinux/ss/avtab.h 2004-11-19 14:40:58.000000000 -0500
+++ linux-2.6.9.selinux/security/selinux/ss/avtab.h 2004-11-19 16:16:06.801887080 -0500
@@ -79,6 +79,7 @@ struct avtab_node *avtab_search_node(str
struct avtab_node *avtab_search_node_next(struct avtab_node *node, int specified);

void avtab_cache_init(void);
+void avtab_cache_destroy(void);

#define AVTAB_HASH_BITS 15
#define AVTAB_HASH_BUCKETS (1 << AVTAB_HASH_BITS)
diff -rupX dontdiff linux-2.6.9/security/selinux/ss/services.c linux-2.6.9.selinux/security/selinux/ss/services.c
--- linux-2.6.9/security/selinux/ss/services.c 2004-11-19 14:40:58.000000000 -0500
+++ linux-2.6.9.selinux/security/selinux/ss/services.c 2004-11-19 16:15:05.941139320 -0500
@@ -1037,11 +1037,13 @@ int security_load_policy(void *data, siz
avtab_cache_init();
if (policydb_read(&policydb, fp)) {
LOAD_UNLOCK;
+ avtab_cache_destroy();
return -EINVAL;
}
if (policydb_load_isids(&policydb, &sidtab)) {
LOAD_UNLOCK;
policydb_destroy(&policydb);
+ avtab_cache_destroy();
return -EINVAL;
}
ss_initialized = 1;
--
Jeff Mahoney
SuSE Labs
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Friesen: "question on accessing device nodes for drivers that are not loaded"
Previous message: Greg KH: "Re: [PATCH] Driver Core fixes for 2.6.10-rc2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]