From: Eduardo Vasconcelos Date: Thu, 21 May 2026 15:13:06 +0000 (-0300) Subject: apparmor: Fix inverted comparison in cache_hold_inc() X-Git-Tag: v7.2-rc1~43^2~7 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5112ed5258b8d5e0769ae7d2bf9c9dea14c59703;p=thirdparty%2Flinux.git apparmor: Fix inverted comparison in cache_hold_inc() cache_hold_inc() prevents the per-CPU cache hold counter from rising above MAX_HOLD_COUNT, but the comparison is inverted (> MAX_HOLD_COUNT instead of <), so the counter never rises above 0. This breaks the cache mechanism because since the hold counter is always 0, the global pool is always attempted first before falling back to the local cache. The decrement also never occurs, thus the hold counter is effectively dead. Fix by changing > to < in cache_hold_inc(). Fixes: 0b6a6b72b329 ("apparmor: document the buffer hold, add an overflow guard") Signed-off-by: Eduardo Vasconcelos Signed-off-by: John Johansen --- diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 3491e9f601943..b7c19805a216c 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -2129,7 +2129,7 @@ static int param_set_mode(const char *val, const struct kernel_param *kp) */ static void cache_hold_inc(unsigned int *hold) { - if (*hold > MAX_HOLD_COUNT) + if (*hold < MAX_HOLD_COUNT) (*hold)++; }