From: Casey Schaufler <casey@schaufler-ca.com>
To: Tomasz Stanislawski <t.stanislaws@samsung.com>
Cc: Casey Schaufler <casey@schaufler-ca.com>,
linux-security-module@vger.kernel.org, m.szyprowski@samsung.com,
kyungmin.park@samsung.com, r.krypa@samsung.com,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] security: smack: fix memleak in smk_write_rules_list()
Date: Thu, 01 Aug 2013 13:01:47 -0700 [thread overview]
Message-ID: <51FABEAB.3080600@schaufler-ca.com> (raw)
In-Reply-To: <51C1BB6C.8010105@samsung.com>
On 6/19/2013 7:08 AM, Tomasz Stanislawski wrote:
> >From 8497987bedf8821db3dce47a6205dfce2b0895c5 Mon Sep 17 00:00:00 2001
> From: Tomasz Stanislawski <t.stanislaws@samsung.com>
> Date: Thu, 6 Jun 2013 09:30:50 +0200
> Subject: [PATCH] security: smack: fix memleak in smk_write_rules_list()
>
> The smack_parsed_rule structure is allocated. If a rule is successfully
> installed then the last reference to the object is lost. This patch fixes this
> leak. Moreover smack_parsed_rule is allocated on stack because it no longer
> needed ofter smk_write_rules_list() is finished.
>
> Signed-off-by: Tomasz Stanislawski <t.stanislaws@samsung.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Applied to git://git.gitorious.org/smack-next/kernel.git#smack-for-3.12
Rebasing was required. The change has been tested.
> ---
> security/smack/smackfs.c | 30 ++++++++++--------------------
> 1 file changed, 10 insertions(+), 20 deletions(-)
>
> diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
> index 53a08b8..08aebc2 100644
> --- a/security/smack/smackfs.c
> +++ b/security/smack/smackfs.c
> @@ -446,7 +446,7 @@ static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
> struct mutex *rule_lock, int format)
> {
> struct smack_known *skp;
> - struct smack_parsed_rule *rule;
> + struct smack_parsed_rule rule;
> char *data;
> int datalen;
> int rc = -EINVAL;
> @@ -478,49 +478,39 @@ static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
> goto out;
> }
>
> - rule = kzalloc(sizeof(*rule), GFP_KERNEL);
> - if (rule == NULL) {
> - rc = -ENOMEM;
> - goto out;
> - }
> -
> if (format == SMK_LONG_FMT) {
> /*
> * Be sure the data string is terminated.
> */
> data[count] = '\0';
> - if (smk_parse_long_rule(data, rule, 1, 0))
> - goto out_free_rule;
> + if (smk_parse_long_rule(data, &rule, 1, 0))
> + goto out;
> } else if (format == SMK_CHANGE_FMT) {
> data[count] = '\0';
> - if (smk_parse_long_rule(data, rule, 1, 1))
> - goto out_free_rule;
> + if (smk_parse_long_rule(data, &rule, 1, 1))
> + goto out;
> } else {
> /*
> * More on the minor hack for backward compatibility
> */
> if (count == (SMK_OLOADLEN))
> data[SMK_OLOADLEN] = '-';
> - if (smk_parse_rule(data, rule, 1))
> - goto out_free_rule;
> + if (smk_parse_rule(data, &rule, 1))
> + goto out;
> }
>
>
> if (rule_list == NULL) {
> load = 1;
> - skp = smk_find_entry(rule->smk_subject);
> + skp = smk_find_entry(rule.smk_subject);
> rule_list = &skp->smk_rules;
> rule_lock = &skp->smk_rules_lock;
> }
>
> - rc = smk_set_access(rule, rule_list, rule_lock, load);
> - if (rc == 0) {
> + rc = smk_set_access(&rule, rule_list, rule_lock, load);
> + if (rc == 0)
> rc = count;
> - goto out;
> - }
>
> -out_free_rule:
> - kfree(rule);
> out:
> kfree(data);
> return rc;
prev parent reply other threads:[~2013-08-01 20:01 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-13 15:29 [RFC 0/5] Optimizations for memory handling in smk_write_rules_list() Tomasz Stanislawski
2013-06-13 15:29 ` [RFC 1/5] security: smack: avoid kmalloc allocations while loading a rule string Tomasz Stanislawski
2013-06-15 19:32 ` Casey Schaufler
2013-06-17 11:24 ` Tomasz Stanislawski
2013-06-17 22:38 ` Casey Schaufler
2013-06-13 15:29 ` [RFC 2/5] security: smack: avoid kmalloc() in smk_parse_long_rule() Tomasz Stanislawski
2013-06-15 19:41 ` Casey Schaufler
2013-06-13 15:29 ` [RFC 3/5] security: smack: fix memleak in smk_write_rules_list() Tomasz Stanislawski
2013-06-15 19:54 ` Casey Schaufler
2013-06-13 15:29 ` [RFC 4/5] security: smack: add kmem_cache for smack_rule allocations Tomasz Stanislawski
2013-06-15 20:00 ` Casey Schaufler
2013-06-13 15:29 ` [RFC 5/5] security: smack: add kmem_cache for smack_master_list allocations Tomasz Stanislawski
2013-06-15 20:08 ` Casey Schaufler
2013-06-19 14:08 ` [PATCH] security: smack: fix memleak in smk_write_rules_list() Tomasz Stanislawski
2013-06-28 19:33 ` Casey Schaufler
2013-08-01 20:01 ` Casey Schaufler [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51FABEAB.3080600@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=kyungmin.park@samsung.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=r.krypa@samsung.com \
--cc=t.stanislaws@samsung.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.