[PATCH] selinux: cache not freed if load_policy fails; reload BUG's

If security_load_policy() fails on the first try, the cache is never cleaned
up. When the policy is fixed and a reload is attempted, the old cache will
still exist, causing a BUG() in kmem_cache_create().

This patch adds a destroy operation to clean up the cache on failure.

Signed-off-by: Jeff Mahoney <jeffm@novell.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

3 files changed, 8 insertions, 0 deletions

diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c
index 66fbdbb58be8..bcfec76741f7 100644
--- a/security/selinux/ss/avtab.c
+++ b/security/selinux/ss/avtab.c
@@ -407,3 +407,8 @@ void avtab_cache_init(void)
 					      sizeof(struct avtab_node),
 					      0, SLAB_PANIC, NULL, NULL);
 }
+
+void avtab_cache_destroy(void)
+{
+	kmem_cache_destroy (avtab_node_cachep);
+}
diff --git a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h
index f1d17575d926..f636ac844a48 100644
--- a/security/selinux/ss/avtab.h
+++ b/security/selinux/ss/avtab.h
@@ -79,6 +79,7 @@ struct avtab_node *avtab_search_node(struct avtab *h, struct avtab_key *key, int
 struct avtab_node *avtab_search_node_next(struct avtab_node *node, int specified);
 
 void avtab_cache_init(void);
+void avtab_cache_destroy(void);
 
 #define AVTAB_HASH_BITS 15
 #define AVTAB_HASH_BUCKETS (1 << AVTAB_HASH_BITS)
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index cad425719719..97341688c5dd 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1037,11 +1037,13 @@ int security_load_policy(void *data, size_t len)
 		avtab_cache_init();
 		if (policydb_read(&policydb, fp)) {
 			LOAD_UNLOCK;
+			avtab_cache_destroy();
 			return -EINVAL;
 		}
 		if (policydb_load_isids(&policydb, &sidtab)) {
 			LOAD_UNLOCK;
 			policydb_destroy(&policydb);
+			avtab_cache_destroy();
 			return -EINVAL;
 		}
 		ss_initialized = 1;