[net PATCH] netlabel: fix problems with mapping removal

David Miller davem at davemloft.net
Mon Aug 24 23:08:47 UTC 2020


From: Paul Moore <paul at paul-moore.com>
Date: Fri, 21 Aug 2020 16:34:52 -0400

> This patch fixes two main problems seen when removing NetLabel
> mappings: memory leaks and potentially extra audit noise.
> 
> The memory leaks are caused by not properly free'ing the mapping's
> address selector struct when free'ing the entire entry as well as
> not properly cleaning up a temporary mapping entry when adding new
> address selectors to an existing entry.  This patch fixes both these
> problems such that kmemleak reports no NetLabel associated leaks
> after running the SELinux test suite.
> 
> The potentially extra audit noise was caused by the auditing code in
> netlbl_domhsh_remove_entry() being called regardless of the entry's
> validity.  If another thread had already marked the entry as invalid,
> but not removed/free'd it from the list of mappings, then it was
> possible that an additional mapping removal audit record would be
> generated.  This patch fixes this by returning early from the removal
> function when the entry was previously marked invalid.  This change
> also had the side benefit of improving the code by decreasing the
> indentation level of large chunk of code by one (accounting for most
> of the diffstat).
> 
> Fixes: 63c416887437 ("netlabel: Add network address selectors to the NetLabel/LSM domain mapping")
> Reported-by: Stephen Smalley <stephen.smalley.work at gmail.com>
> Signed-off-by: Paul Moore <paul at paul-moore.com>

Applied and queued up for -stable, thanks Paul.



More information about the Linux-security-module-archive mailing list