From: Casey Schaufler <casey@schaufler-ca.com>
To: Tomasz Stanislawski <t.stanislaws@samsung.com>
Cc: linux-security-module@vger.kernel.org, m.szyprowski@samsung.com,
kyungmin.park@samsung.com, r.krypa@samsung.com,
linux-kernel@vger.kernel.org,
Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [RFC 3/5] security: smack: fix memleak in smk_write_rules_list()
Date: Sat, 15 Jun 2013 12:54:27 -0700 [thread overview]
Message-ID: <51BCC673.10302@schaufler-ca.com> (raw)
In-Reply-To: <1371137352-31273-4-git-send-email-t.stanislaws@samsung.com>
On 6/13/2013 8:29 AM, Tomasz Stanislawski wrote:
> The smack_parsed_rule structure is allocated. If a rule is successfully
> installed then the last reference to the object is lost. This patch fixes this
> leak. Moreover smack_parsed_rule is allocated on stack because it no longer
> needed ofter smk_write_rules_list() is finished.
>
> Signed-off-by: Tomasz Stanislawski <t.stanislaws@samsung.com>
It looks like this was introduced with the change-rule support.
Prior to that, the rule passed into smk_set_access() was added
to the rule list if it was new. The change-rule support added a
new structure and missed the fact the rule was already allocated.
The patch needs to be rebased so that it does not depend on the
changes from patches 1 and 2 of the set.
> ---
> security/smack/smackfs.c | 30 ++++++++++--------------------
> 1 file changed, 10 insertions(+), 20 deletions(-)
>
> diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
> index 46f111e..e8c57f3 100644
> --- a/security/smack/smackfs.c
> +++ b/security/smack/smackfs.c
> @@ -447,7 +447,7 @@ static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
> struct mutex *rule_lock, int format)
> {
> struct smack_known *skp;
> - struct smack_parsed_rule *rule;
> + struct smack_parsed_rule rule;
> char data[SMK_LOAD2LEN + 1];
> int rc = -EINVAL;
> int load = 0;
> @@ -475,49 +475,39 @@ static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
> goto out;
> }
>
> - rule = kzalloc(sizeof(*rule), GFP_KERNEL);
> - if (rule == NULL) {
> - rc = -ENOMEM;
> - goto out;
> - }
> -
> if (format == SMK_LONG_FMT) {
> /*
> * Be sure the data string is terminated.
> */
> data[count] = '\0';
> - if (smk_parse_long_rule(data, rule, 1, 0))
> - goto out_free_rule;
> + if (smk_parse_long_rule(data, &rule, 1, 0))
> + goto out;
> } else if (format == SMK_CHANGE_FMT) {
> data[count] = '\0';
> - if (smk_parse_long_rule(data, rule, 1, 1))
> - goto out_free_rule;
> + if (smk_parse_long_rule(data, &rule, 1, 1))
> + goto out;
> } else {
> /*
> * More on the minor hack for backward compatibility
> */
> if (count == (SMK_OLOADLEN))
> data[SMK_OLOADLEN] = '-';
> - if (smk_parse_rule(data, rule, 1))
> - goto out_free_rule;
> + if (smk_parse_rule(data, &rule, 1))
> + goto out;
> }
>
>
> if (rule_list == NULL) {
> load = 1;
> - skp = smk_find_entry(rule->smk_subject);
> + skp = smk_find_entry(rule.smk_subject);
> rule_list = &skp->smk_rules;
> rule_lock = &skp->smk_rules_lock;
> }
>
> - rc = smk_set_access(rule, rule_list, rule_lock, load);
> - if (rc == 0) {
> + rc = smk_set_access(&rule, rule_list, rule_lock, load);
> + if (rc == 0)
> rc = count;
> - goto out;
> - }
>
> -out_free_rule:
> - kfree(rule);
> out:
> return rc;
> }
next prev parent reply other threads:[~2013-06-15 19:54 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-13 15:29 [RFC 0/5] Optimizations for memory handling in smk_write_rules_list() Tomasz Stanislawski
2013-06-13 15:29 ` [RFC 1/5] security: smack: avoid kmalloc allocations while loading a rule string Tomasz Stanislawski
2013-06-15 19:32 ` Casey Schaufler
2013-06-17 11:24 ` Tomasz Stanislawski
2013-06-17 22:38 ` Casey Schaufler
2013-06-13 15:29 ` [RFC 2/5] security: smack: avoid kmalloc() in smk_parse_long_rule() Tomasz Stanislawski
2013-06-15 19:41 ` Casey Schaufler
2013-06-13 15:29 ` [RFC 3/5] security: smack: fix memleak in smk_write_rules_list() Tomasz Stanislawski
2013-06-15 19:54 ` Casey Schaufler [this message]
2013-06-13 15:29 ` [RFC 4/5] security: smack: add kmem_cache for smack_rule allocations Tomasz Stanislawski
2013-06-15 20:00 ` Casey Schaufler
2013-06-13 15:29 ` [RFC 5/5] security: smack: add kmem_cache for smack_master_list allocations Tomasz Stanislawski
2013-06-15 20:08 ` Casey Schaufler
2013-06-19 14:08 ` [PATCH] security: smack: fix memleak in smk_write_rules_list() Tomasz Stanislawski
2013-06-28 19:33 ` Casey Schaufler
2013-08-01 20:01 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51BCC673.10302@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=kyungmin.park@samsung.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=r.krypa@samsung.com \
--cc=t.stanislaws@samsung.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.