• Paul Moore's avatar
    cipso,calipso: resolve a number of problems with the DOI refcounts · ad5d07f4
    Paul Moore authored
    The current CIPSO and CALIPSO refcounting scheme for the DOI
    definitions is a bit flawed in that we:
    
    1. Don't correctly match gets/puts in netlbl_cipsov4_list().
    2. Decrement the refcount on each attempt to remove the DOI from the
       DOI list, only removing it from the list once the refcount drops
       to zero.
    
    This patch fixes these problems by adding the missing "puts" to
    netlbl_cipsov4_list() and introduces a more conventional, i.e.
    not-buggy, refcounting mechanism to the DOI definitions.  Upon the
    addition of a DOI to the DOI list, it is initialized with a refcount
    of one, removing a DOI from the list removes it from the list and
    drops the refcount by one; "gets" and "puts" behave as expected with
    respect to refcounts, increasing and decreasing the DOI's refcount by
    one.
    
    Fixes: b1edeb10 ("netlabel: Replace protocol/NetLabel linking with refrerence counts")
    Fixes: d7cce015 ("netlabel: Add support for removing a CALIPSO DOI.")
    Reported-by: syzbot+9ec037722d2603a9f52e@syzkaller.appspotmail.com
    Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    ad5d07f4
calipso.c 37.8 KB