From: Davidlohr Bueso <dave@stgolabs.net>
To: Fabian Frederick <fabf@skynet.be>
Cc: Davidlohr Bueso <dbueso@suse.de>,
Manfred Spraul <manfred@colorfullife.com>,
stable@vger.kernel.org, linux-kernel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH V2 linux-next] ipc/msg.c: fix memory leak in do_msgsnd()
Date: Mon, 1 Aug 2016 11:57:50 -0700 [thread overview]
Message-ID: <20160801185750.GC31421@linux-80c1.suse> (raw)
In-Reply-To: <1470051658-11821-1-git-send-email-fabf@skynet.be>
On Mon, 01 Aug 2016, Fabian Frederick wrote:
>Commit 53dad6d3a8e5
>("ipc: fix race with LSMs") updated ipc_rcu_putref() to receive
>rcu freeing function but used generic ipc_rcu_free() instead
>of msg_rcu_free() which does security cleaning.
>
>Running LTP msgsnd06 with kmemleak gives the following:
>
>cat /sys/kernel/debug/kmemleak
>
>unreferenced object 0xffff88003c0a11f8 (size 8):
> comm "msgsnd06", pid 1645, jiffies 4294672526 (age 6.549s)
> hex dump (first 8 bytes):
> 1b 00 00 00 01 00 00 00 ........
> backtrace:
> [<ffffffff818e2c43>] kmemleak_alloc+0x23/0x40
> [<ffffffff81177f31>] kmem_cache_alloc_trace+0xe1/0x180
> [<ffffffff812d42af>] selinux_msg_queue_alloc_security+0x3f/0xd0
> [<ffffffff812cc6be>] security_msg_queue_alloc+0x2e/0x40
> [<ffffffff812b94ee>] newque+0x4e/0x150
> [<ffffffff812b8cb9>] ipcget+0x159/0x1b0
> [<ffffffff812b98d9>] SyS_msgget+0x39/0x40
> [<ffffffff818e7bdb>] entry_SYSCALL_64_fastpath+0x13/0x8f
> [<ffffffffffffffff>] 0xffffffffffffffff
>
>Signed-off-by: Fabian Frederick <fabf@skynet.be>
>---
>V2: Update description with original commit and cc stable
>(Suggested by Manfred Spraul)
Ideally we would have the fix for sem.c in the same patch, under, ie:
"sysv, ipc: fix security-layer leaking"
Just like with shm and msg, the only caller of ipc_rcu_free() should be a
failed security allocation in newary().
Thanks,
Davidlohr
prev parent reply other threads:[~2016-08-01 18:58 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-01 11:40 [PATCH V2 linux-next] ipc/msg.c: fix memory leak in do_msgsnd() Fabian Frederick
2016-08-01 12:24 ` Greg KH
2016-08-01 19:10 ` Davidlohr Bueso
2016-08-01 18:57 ` Davidlohr Bueso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160801185750.GC31421@linux-80c1.suse \
--to=dave@stgolabs.net \
--cc=akpm@linux-foundation.org \
--cc=dbueso@suse.de \
--cc=fabf@skynet.be \
--cc=linux-kernel@vger.kernel.org \
--cc=manfred@colorfullife.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.