• Paul Moore's avatar
    netlabel: fix problems with mapping removal · a3a5cb67
    Paul Moore authored
    [ Upstream commit d3b990b7 ]
    
    This patch fixes two main problems seen when removing NetLabel
    mappings: memory leaks and potentially extra audit noise.
    
    The memory leaks are caused by not properly free'ing the mapping's
    address selector struct when free'ing the entire entry as well as
    not properly cleaning up a temporary mapping entry when adding new
    address selectors to an existing entry.  This patch fixes both these
    problems such that kmemleak reports no NetLabel associated leaks
    after running the SELinux test suite.
    
    The potentially extra audit noise was caused by the auditing code in
    netlbl_domhsh_remove_entry() being called regardless of the entry's
    validity.  If another thread had already marked the entry as invalid,
    but not removed/free'd it from the list of mappings, then it was
    possible that an additional mapping removal audit record would be
    generated.  This patch fixes this by returning early from the removal
    function when the entry was previously marked invalid.  This change
    also had the side benefit of improving the code by decreasing the
    indentation level of large chunk of code by one (accounting for most
    of the diffstat).
    
    Fixes: 63c41688 ("netlabel: Add network address selectors to the NetLabel/LSM domain mapping")
    Reported-by: default avatarStephen Smalley <stephen.smalley.work@gmail.com>
    Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    a3a5cb67
netlabel_domainhash.c 28 KB