aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux')
-rw-r--r--security/selinux/avc.c28
1 files changed, 7 insertions, 21 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 0d00f4874f3..0afb990fdfa 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -88,7 +88,6 @@ struct avc_entry {
88 u32 tsid; 88 u32 tsid;
89 u16 tclass; 89 u16 tclass;
90 struct av_decision avd; 90 struct av_decision avd;
91 atomic_t used; /* used recently */
92}; 91};
93 92
94struct avc_node { 93struct avc_node {
@@ -316,16 +315,13 @@ static inline int avc_reclaim_node(void)
316 315
317 rcu_read_lock(); 316 rcu_read_lock();
318 list_for_each_entry(node, &avc_cache.slots[hvalue], list) { 317 list_for_each_entry(node, &avc_cache.slots[hvalue], list) {
319 if (atomic_dec_and_test(&node->ae.used)) { 318 avc_node_delete(node);
320 /* Recently Unused */ 319 avc_cache_stats_incr(reclaims);
321 avc_node_delete(node); 320 ecx++;
322 avc_cache_stats_incr(reclaims); 321 if (ecx >= AVC_CACHE_RECLAIM) {
323 ecx++; 322 rcu_read_unlock();
324 if (ecx >= AVC_CACHE_RECLAIM) { 323 spin_unlock_irqrestore(&avc_cache.slots_lock[hvalue], flags);
325 rcu_read_unlock(); 324 goto out;
326 spin_unlock_irqrestore(&avc_cache.slots_lock[hvalue], flags);
327 goto out;
328 }
329 } 325 }
330 } 326 }
331 rcu_read_unlock(); 327 rcu_read_unlock();
@@ -345,7 +341,6 @@ static struct avc_node *avc_alloc_node(void)
345 341
346 INIT_RCU_HEAD(&node->rhead); 342 INIT_RCU_HEAD(&node->rhead);
347 INIT_LIST_HEAD(&node->list); 343 INIT_LIST_HEAD(&node->list);
348 atomic_set(&node->ae.used, 1);
349 avc_cache_stats_incr(allocations); 344 avc_cache_stats_incr(allocations);
350 345
351 if (atomic_inc_return(&avc_cache.active_nodes) > avc_cache_threshold) 346 if (atomic_inc_return(&avc_cache.active_nodes) > avc_cache_threshold)
@@ -378,15 +373,6 @@ static inline struct avc_node *avc_search_node(u32 ssid, u32 tsid, u16 tclass)
378 } 373 }
379 } 374 }
380 375
381 if (ret == NULL) {
382 /* cache miss */
383 goto out;
384 }
385
386 /* cache hit */
387 if (atomic_read(&ret->ae.used) != 1)
388 atomic_set(&ret->ae.used, 1);
389out:
390 return ret; 376 return ret;
391} 377}
392 378