From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753506AbcHAMYf (ORCPT ); Mon, 1 Aug 2016 08:24:35 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:50931 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753352AbcHAMYY (ORCPT ); Mon, 1 Aug 2016 08:24:24 -0400 Date: Mon, 1 Aug 2016 14:24:37 +0200 From: Greg KH To: Fabian Frederick Cc: Davidlohr Bueso , Manfred Spraul , stable@vger.kernel.org, linux-kernel@vger.kernel.org, Andrew Morton Subject: Re: [PATCH V2 linux-next] ipc/msg.c: fix memory leak in do_msgsnd() Message-ID: <20160801122437.GB18162@kroah.com> References: <1470051658-11821-1-git-send-email-fabf@skynet.be> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1470051658-11821-1-git-send-email-fabf@skynet.be> User-Agent: Mutt/1.6.2 (2016-07-01) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 01, 2016 at 01:40:58PM +0200, Fabian Frederick wrote: > Commit 53dad6d3a8e5 > ("ipc: fix race with LSMs") updated ipc_rcu_putref() to receive > rcu freeing function but used generic ipc_rcu_free() instead > of msg_rcu_free() which does security cleaning. > > Running LTP msgsnd06 with kmemleak gives the following: > > cat /sys/kernel/debug/kmemleak > > unreferenced object 0xffff88003c0a11f8 (size 8): > comm "msgsnd06", pid 1645, jiffies 4294672526 (age 6.549s) > hex dump (first 8 bytes): > 1b 00 00 00 01 00 00 00 ........ > backtrace: > [] kmemleak_alloc+0x23/0x40 > [] kmem_cache_alloc_trace+0xe1/0x180 > [] selinux_msg_queue_alloc_security+0x3f/0xd0 > [] security_msg_queue_alloc+0x2e/0x40 > [] newque+0x4e/0x150 > [] ipcget+0x159/0x1b0 > [] SyS_msgget+0x39/0x40 > [] entry_SYSCALL_64_fastpath+0x13/0x8f > [] 0xffffffffffffffff > > Signed-off-by: Fabian Frederick > --- > V2: Update description with original commit and cc stable > (Suggested by Manfred Spraul) > > ipc/msg.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) This is not the correct way to submit patches for inclusion in the stable kernel tree. Please read Documentation/stable_kernel_rules.txt for how to do this properly.