From: Mimi Zohar <zohar@linux.ibm.com>
To: Paul Moore <paul@paul-moore.com>, "Serge E. Hallyn" <serge@hallyn.com>
Cc: linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org
Subject: Re: [RFC PATCH] lsm,fs: fix vfs_getxattr_alloc() return type and caller error paths
Date: Fri, 18 Nov 2022 13:29:50 -0500 [thread overview]
Message-ID: <9989ecccca46cbbecd12ae8ecdfc693ea115a09a.camel@linux.ibm.com> (raw)
In-Reply-To: <CAHC9VhSNGSpdYWf_6if+Q+8BZvR-zYYxBMmoYhRNH9rWpn7=AA@mail.gmail.com>
On Fri, 2022-11-18 at 08:44 -0500, Paul Moore wrote:
> On Thu, Nov 17, 2022 at 8:54 PM Serge E. Hallyn <serge@hallyn.com> wrote:
> > On Wed, Nov 09, 2022 at 11:36:14PM -0500, Paul Moore wrote:
> > > The vfs_getxattr_alloc() function currently returns a ssize_t value
> > > despite the fact that it only uses int values internally for return
> > > values. Fix this by converting vfs_getxattr_alloc() to return an
> > > int type and adjust the callers as necessary. As part of these
> > > caller modifications, some of the callers are fixed to properly free
> > > the xattr value buffer on both success and failure to ensure that
> > > memory is not leaked in the failure case.
>
> > > Signed-off-by: Paul Moore <paul@paul-moore.com>
> >
> > Reviewed-by: Serge Hallyn <serge@hallyn.com>
> >
> > Do I understand right that the change to process_measurement()
> > will avoid an unnecessary call to krealloc() if the xattr has
> > not changed size between the two calls to ima_read_xattr()?
> > If something more than that is going on there, it might be
> > worth pointing out in the commit message.
>
> Yes, that was the intent, trying to avoid extra calls to krealloc().
>
> Mimi, have you had a chance to look at this patch yet? In addition to
> cleaning up the vfs_getxattr_alloc() function it resolves some issues
> with IMA (memory leaks), but as you're the IMA expert I really need
> your review on this ...b
All the other vfs_{get/set/list}xattr functions return ssize_t. Why
should vfs_getxattr_alloc() be any different?
The only time there could be a memory leak is when the
vfs_getxattr_alloc() caller provides a buffer which isn't large enough.
The one example in IMA/EVM is the call to evm_calc_hmac_or_hash(),
which is freeing the memory.
Perhaps I'm missing something, but from an IMA/EVM perspective, I see a
style change (common exit), but not any memory leak fixes. I'm fine
with the style change.
--
thanks,
Mimi
next prev parent reply other threads:[~2022-11-18 18:30 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-10 4:36 [RFC PATCH] lsm,fs: fix vfs_getxattr_alloc() return type and caller error paths Paul Moore
2022-11-10 4:51 ` Paul Moore
2022-11-18 1:54 ` Serge E. Hallyn
2022-11-18 13:44 ` Paul Moore
2022-11-18 18:29 ` Mimi Zohar [this message]
2022-11-18 18:44 ` Paul Moore
2022-11-18 19:09 ` Mimi Zohar
2022-11-18 22:20 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9989ecccca46cbbecd12ae8ecdfc693ea115a09a.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.