1 files changed, 19 insertions, 7 deletions

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index e3d19014259b..1ed0f076aadc 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -709,18 +709,16 @@ out:
 }
 
 /**
- * avc_ss_reset - Flush the cache and revalidate migrated permissions.
- * @seqno: policy sequence number
+ * avc_flush - Flush the cache
  */
-int avc_ss_reset(u32 seqno)
+static void avc_flush(void)
 {
-        struct avc_callback_node *c;
-        int i, rc = 0, tmprc;
-        unsigned long flag;
-        struct avc_node *node;
         struct hlist_head *head;
         struct hlist_node *next;
+        struct avc_node *node;
         spinlock_t *lock;
+        unsigned long flag;
+        int i;
 
         for (i = 0; i < AVC_CACHE_SLOTS; i++) {
                 head = &avc_cache.slots[i];
@@ -737,6 +735,18 @@ int avc_ss_reset(u32 seqno)
                 rcu_read_unlock();
                 spin_unlock_irqrestore(lock, flag);
         }
+}
+
+/**
+ * avc_ss_reset - Flush the cache and revalidate migrated permissions.
+ * @seqno: policy sequence number
+ */
+int avc_ss_reset(u32 seqno)
+{
+        struct avc_callback_node *c;
+        int rc = 0, tmprc;
+
+        avc_flush();
 
         for (c = avc_callbacks; c; c = c->next) {
                 if (c->events & AVC_CALLBACK_RESET) {
@@ -858,6 +868,8 @@ u32 avc_policy_seqno(void)
 
 void avc_disable(void)
 {
+        avc_flush();
+        synchronize_rcu();
         if (avc_node_cachep)
                 kmem_cache_destroy(avc_node_cachep);
 }