* [PATCH 0/2] Small memory-leak patchset @ 2007-08-01 15:12 ` Paul Moore 0 siblings, 0 replies; 8+ messages in thread From: Paul Moore @ 2007-08-01 15:12 UTC (permalink / raw) To: netdev, selinux While doing some other work I found some small memory leaks with the way we are using security_secid_to_secctx() in some of the auditing code paths. We also had a redundant NULL pointer check in the SELinux function which frees the leaked memory. This patchset fixes both of these issues. This patchset is backed against Linus' tree from this morning and has been lightly tested. -- paul moore linux security @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 0/2] Small memory-leak patchset @ 2007-08-01 15:12 ` Paul Moore 0 siblings, 0 replies; 8+ messages in thread From: Paul Moore @ 2007-08-01 15:12 UTC (permalink / raw) To: netdev, selinux While doing some other work I found some small memory leaks with the way we are using security_secid_to_secctx() in some of the auditing code paths. We also had a redundant NULL pointer check in the SELinux function which frees the leaked memory. This patchset fixes both of these issues. This patchset is backed against Linus' tree from this morning and has been lightly tested. -- paul moore linux security @ hp ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/2] SELinux: remove redundant pointer checks before calling kfree() 2007-08-01 15:12 ` Paul Moore @ 2007-08-01 15:12 ` Paul Moore -1 siblings, 0 replies; 8+ messages in thread From: Paul Moore @ 2007-08-01 15:12 UTC (permalink / raw) To: netdev, selinux; +Cc: Paul Moore We don't need to check for NULL pointers before calling kfree(). Signed-off-by: Paul Moore <paul.moore@hp.com> --- security/selinux/hooks.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) Index: linux-2.6_secctx-leaks/security/selinux/hooks.c =================================================================== --- linux-2.6_secctx-leaks.orig/security/selinux/hooks.c +++ linux-2.6_secctx-leaks/security/selinux/hooks.c @@ -4658,8 +4658,7 @@ static int selinux_secid_to_secctx(u32 s static void selinux_release_secctx(char *secdata, u32 seclen) { - if (secdata) - kfree(secdata); + kfree(secdata); } #ifdef CONFIG_KEYS -- paul moore linux security @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/2] SELinux: remove redundant pointer checks before calling kfree() @ 2007-08-01 15:12 ` Paul Moore 0 siblings, 0 replies; 8+ messages in thread From: Paul Moore @ 2007-08-01 15:12 UTC (permalink / raw) To: netdev, selinux; +Cc: Paul Moore [-- Attachment #1: selinux-kfree_check --] [-- Type: text/plain, Size: 678 bytes --] We don't need to check for NULL pointers before calling kfree(). Signed-off-by: Paul Moore <paul.moore@hp.com> --- security/selinux/hooks.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) Index: linux-2.6_secctx-leaks/security/selinux/hooks.c =================================================================== --- linux-2.6_secctx-leaks.orig/security/selinux/hooks.c +++ linux-2.6_secctx-leaks/security/selinux/hooks.c @@ -4658,8 +4658,7 @@ static int selinux_secid_to_secctx(u32 s static void selinux_release_secctx(char *secdata, u32 seclen) { - if (secdata) - kfree(secdata); + kfree(secdata); } #ifdef CONFIG_KEYS -- paul moore linux security @ hp ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 2/2] NET: fix memory leaks from security_secid_to_secctx() 2007-08-01 15:12 ` Paul Moore @ 2007-08-01 15:12 ` Paul Moore -1 siblings, 0 replies; 8+ messages in thread From: Paul Moore @ 2007-08-01 15:12 UTC (permalink / raw) To: netdev, selinux; +Cc: Paul Moore The security_secid_to_secctx() function returns memory that must be freed by a call to security_release_secctx() which was not always happening. This patch fixes two of these problems (all that I could find in the kernel source at present). Signed-off-by: Paul Moore <paul.moore@hp.com> --- net/netlabel/netlabel_user.c | 4 +++- net/xfrm/xfrm_policy.c | 5 +++-- 2 files changed, 6 insertions(+), 3 deletions(-) Index: linux-2.6_secctx-leaks/net/netlabel/netlabel_user.c =================================================================== --- linux-2.6_secctx-leaks.orig/net/netlabel/netlabel_user.c +++ linux-2.6_secctx-leaks/net/netlabel/netlabel_user.c @@ -113,8 +113,10 @@ struct audit_buffer *netlbl_audit_start_ if (audit_info->secid != 0 && security_secid_to_secctx(audit_info->secid, &secctx, - &secctx_len) == 0) + &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); + security_release_secctx(secctx, secctx_len); + } return audit_buf; } Index: linux-2.6_secctx-leaks/net/xfrm/xfrm_policy.c =================================================================== --- linux-2.6_secctx-leaks.orig/net/xfrm/xfrm_policy.c +++ linux-2.6_secctx-leaks/net/xfrm/xfrm_policy.c @@ -2195,9 +2195,10 @@ void xfrm_audit_log(uid_t auid, u32 sid, } if (sid != 0 && - security_secid_to_secctx(sid, &secctx, &secctx_len) == 0) + security_secid_to_secctx(sid, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); - else + security_release_secctx(secctx, secctx_len); + } else audit_log_task_context(audit_buf); if (xp) { -- paul moore linux security @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 2/2] NET: fix memory leaks from security_secid_to_secctx() @ 2007-08-01 15:12 ` Paul Moore 0 siblings, 0 replies; 8+ messages in thread From: Paul Moore @ 2007-08-01 15:12 UTC (permalink / raw) To: netdev, selinux; +Cc: Paul Moore [-- Attachment #1: network-audit_ctx_leaks --] [-- Type: text/plain, Size: 1670 bytes --] The security_secid_to_secctx() function returns memory that must be freed by a call to security_release_secctx() which was not always happening. This patch fixes two of these problems (all that I could find in the kernel source at present). Signed-off-by: Paul Moore <paul.moore@hp.com> --- net/netlabel/netlabel_user.c | 4 +++- net/xfrm/xfrm_policy.c | 5 +++-- 2 files changed, 6 insertions(+), 3 deletions(-) Index: linux-2.6_secctx-leaks/net/netlabel/netlabel_user.c =================================================================== --- linux-2.6_secctx-leaks.orig/net/netlabel/netlabel_user.c +++ linux-2.6_secctx-leaks/net/netlabel/netlabel_user.c @@ -113,8 +113,10 @@ struct audit_buffer *netlbl_audit_start_ if (audit_info->secid != 0 && security_secid_to_secctx(audit_info->secid, &secctx, - &secctx_len) == 0) + &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); + security_release_secctx(secctx, secctx_len); + } return audit_buf; } Index: linux-2.6_secctx-leaks/net/xfrm/xfrm_policy.c =================================================================== --- linux-2.6_secctx-leaks.orig/net/xfrm/xfrm_policy.c +++ linux-2.6_secctx-leaks/net/xfrm/xfrm_policy.c @@ -2195,9 +2195,10 @@ void xfrm_audit_log(uid_t auid, u32 sid, } if (sid != 0 && - security_secid_to_secctx(sid, &secctx, &secctx_len) == 0) + security_secid_to_secctx(sid, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); - else + security_release_secctx(secctx, secctx_len); + } else audit_log_task_context(audit_buf); if (xp) { -- paul moore linux security @ hp ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 2/2] NET: fix memory leaks from security_secid_to_secctx() 2007-08-01 15:12 ` Paul Moore @ 2007-08-02 0:05 ` James Morris -1 siblings, 0 replies; 8+ messages in thread From: James Morris @ 2007-08-02 0:05 UTC (permalink / raw) To: Paul Moore; +Cc: netdev, selinux Both patches applied to: git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6.git#for-akpm -- James Morris <jmorris@namei.org> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 2/2] NET: fix memory leaks from security_secid_to_secctx() @ 2007-08-02 0:05 ` James Morris 0 siblings, 0 replies; 8+ messages in thread From: James Morris @ 2007-08-02 0:05 UTC (permalink / raw) To: Paul Moore; +Cc: netdev, selinux Both patches applied to: git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6.git#for-akpm -- James Morris <jmorris@namei.org> ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2007-08-02 0:13 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2007-08-01 15:12 [PATCH 0/2] Small memory-leak patchset Paul Moore 2007-08-01 15:12 ` Paul Moore 2007-08-01 15:12 ` [PATCH 1/2] SELinux: remove redundant pointer checks before calling kfree() Paul Moore 2007-08-01 15:12 ` Paul Moore 2007-08-01 15:12 ` [PATCH 2/2] NET: fix memory leaks from security_secid_to_secctx() Paul Moore 2007-08-01 15:12 ` Paul Moore 2007-08-02 0:05 ` James Morris 2007-08-02 0:05 ` James Morris
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.