]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
projects / thirdparty / kernel / stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 06389f6) | patch
selinux: ensure we cleanup the internal AVC counters on error in avc_insert()
authorPaul Moore <paul@paul-moore.com>
Tue, 10 Dec 2019 01:39:46 +0000 (20:39 -0500)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 24 Feb 2020 07:38:13 +0000 (08:38 +0100)
commit7b94c9965ca06e1944fddc1326273e4882846fbb
tree2233c108754d6c36fec869e8477e31ef17d33669tree | snapshot
parent06389f62ef05ace90a0140966b6b4ed27848ddb3commit | diff
selinux: ensure we cleanup the internal AVC counters on error in avc_insert()

[ Upstream commit d8db60cb23e49a92cf8cada3297395c7fa50fdf8 ]

Fix avc_insert() to call avc_node_kill() if we've already allocated
an AVC node and the code fails to insert the node in the cache.

Fixes: fa1aa143ac4a ("selinux: extended permissions for ioctls")
Reported-by: rsiddoji@codeaurora.org
Suggested-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
security/selinux/avc.c diff | blob | blame | history
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git