kernel-fxtec-pro1x/net/netlabel
Paul Moore a3a5cb6776 netlabel: fix problems with mapping removal
[ Upstream commit d3b990b7f327e2afa98006e7666fb8ada8ed8683 ]

This patch fixes two main problems seen when removing NetLabel
mappings: memory leaks and potentially extra audit noise.

The memory leaks are caused by not properly free'ing the mapping's
address selector struct when free'ing the entire entry as well as
not properly cleaning up a temporary mapping entry when adding new
address selectors to an existing entry.  This patch fixes both these
problems such that kmemleak reports no NetLabel associated leaks
after running the SELinux test suite.

The potentially extra audit noise was caused by the auditing code in
netlbl_domhsh_remove_entry() being called regardless of the entry's
validity.  If another thread had already marked the entry as invalid,
but not removed/free'd it from the list of mappings, then it was
possible that an additional mapping removal audit record would be
generated.  This patch fixes this by returning early from the removal
function when the entry was previously marked invalid.  This change
also had the side benefit of improving the code by decreasing the
indentation level of large chunk of code by one (accounting for most
of the diffstat).

Fixes: 63c4168874 ("netlabel: Add network address selectors to the NetLabel/LSM domain mapping")
Reported-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-09-12 13:40:22 +02:00
..
Kconfig calipso: Set the calipso socket label to match the secattr. 2016-06-27 15:02:51 -04:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
netlabel_addrlist.c netlabel: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
netlabel_addrlist.h net/netlabel: Add list_next_rcu() in rcu_dereference(). 2017-11-18 10:32:41 +09:00
netlabel_calipso.c locking/atomics: COCCINELLE/treewide: Convert trivial ACCESS_ONCE() patterns to READ_ONCE()/WRITE_ONCE() 2017-10-25 11:01:08 +02:00
netlabel_calipso.h calipso: Add a label cache. 2016-06-27 15:06:17 -04:00
netlabel_cipso_v4.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
netlabel_cipso_v4.h netlabel: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
netlabel_domainhash.c netlabel: fix problems with mapping removal 2020-09-12 13:40:22 +02:00
netlabel_domainhash.h netlabel: Implement CALIPSO config functions for SMACK. 2016-06-27 15:06:18 -04:00
netlabel_kapi.c netlabel: cope with NULL catmap 2020-05-20 08:18:35 +02:00
netlabel_mgmt.c genetlink: mark families as __ro_after_init 2016-10-27 16:16:09 -04:00
netlabel_mgmt.h netlabel: Add support for creating a CALIPSO protocol domain mapping. 2016-06-27 15:02:49 -04:00
netlabel_unlabeled.c netlabel: check for IPV4MASK in addrinfo_get 2018-09-21 18:58:34 -07:00
netlabel_unlabeled.h netlabel: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
netlabel_user.c audit: eliminate audit_enabled magic number comparison 2018-06-19 10:43:55 -04:00
netlabel_user.h netlabel: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00