---

yaml --- r: 165533 b: refs/heads/master c: 5224ee0 h: refs/heads/master i: 165531: 870209b v: v3
git-mirror · Sep 23, 2009 · c185e86 · c185e86
1 parent 9c4e552
commit c185e86
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 5 deletions.
diff --git a/[refs] b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 606531c316d30e9639473a6da09ee917125ab467
+refs/heads/master: 5224ee086321fec78970e2f2805892d2b34e8957
diff --git a/trunk/security/selinux/avc.c b/trunk/security/selinux/avc.c
@@ -868,8 +868,19 @@ u32 avc_policy_seqno(void)
 
 void avc_disable(void)
 {
-	avc_flush();
-	synchronize_rcu();
-	if (avc_node_cachep)
-		kmem_cache_destroy(avc_node_cachep);
+	/*
+	 * If you are looking at this because you have realized that we are
+	 * not destroying the avc_node_cachep it might be easy to fix, but
+	 * I don't know the memory barrier semantics well enough to know.  It's
+	 * possible that some other task dereferenced security_ops when
+	 * it still pointed to selinux operations.  If that is the case it's
+	 * possible that it is about to use the avc and is about to need the
+	 * avc_node_cachep.  I know I could wrap the security.c security_ops call
+	 * in an rcu_lock, but seriously, it's not worth it.  Instead I just flush
+	 * the cache and get that memory back.
+	 */
+	if (avc_node_cachep) {
+		avc_flush();
+		/* kmem_cache_destroy(avc_node_cachep); */
+	}
 }