From 40425d2700228fa2322217168d5e32ac4cb3ccb2 Mon Sep 17 00:00:00 2001
From: "vijay.rayabarapu" <vijay.rayabarapu@codeaurora.org>
Date: Tue, 17 Dec 2019 17:25:47 +0530
Subject: [PATCH] selinux: cleanup the internal AVC counters on error in
 avc_update()

In avc_update_node() after calling avc_alloc_node() which,
increments avc->avc_cache.active_nodes counter,
but kmem_cache_free() were called when avc_xperms_populate()
fails , which does not decrements the active_nodes count,
resulting in the avc->avc_cache.active_nodes counter having
false value.so calling avc_node_node() to fix it.

Change-Id: Ic0298162cc766c0f21be7ab232e259766654dad3
Signed-off-by: Jaihind Yadav <jaihindyadav@codeaurora.org>
Signed-off-by: vijay.rayabarapu <vijay.rayabarapu@codeaurora.org>
Signed-off-by: Ravi Kumar Siddojigari <rsiddoji@codeaurora.org>
---
 security/selinux/avc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 1f5e66630639..da1c5d34fa9e 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -863,7 +863,7 @@ static int avc_update_node(u32 event, u32 perms, u8 driver, u8 xperm, u32 ssid,
 	if (orig->ae.xp_node) {
 		rc = avc_xperms_populate(node, orig->ae.xp_node);
 		if (rc) {
-			kmem_cache_free(avc_node_cachep, node);
+			avc_node_kill(node);
 			goto out_unlock;
 		}
 	}