From: ebiederm@xmission.com (Eric W. Biederman)
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Michel Lespinasse <walken@google.com>,
Al Viro <viro@zeniv.linux.org.uk>,
Christoph Hellwig <hch@infradead.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Fix for binary_sysctl() memory leak
Date: Sat, 17 Dec 2011 14:14:00 -0800 [thread overview]
Message-ID: <m1iplerglz.fsf@fess.ebiederm.org> (raw)
In-Reply-To: <20111215144411.930dd860.akpm@linux-foundation.org> (Andrew Morton's message of "Thu, 15 Dec 2011 14:44:11 -0800")
Andrew Morton <akpm@linux-foundation.org> writes:
> On Thu, 15 Dec 2011 14:38:58 -0800
> Michel Lespinasse <walken@google.com> wrote:
>
>> On Thu, Dec 15, 2011 at 2:19 PM, Andrew Morton
>> <akpm@linux-foundation.org> wrote:
>> > I think the patch is correct but the description is misleading?
>> >
>> > I see no memory leak here. __Calling __putname() directly simply
>> > bypasses some audit-related stuff.
>>
>> Hmmm, maybe I wasn't explicit enough about it. We are definitely
>> seeing a memory leak without the patch.
>>
>> When auditing is enabled, putname() calls audit_putname *instead* (not
>> in addition) to __putname(). Then, if a syscall is in progress,
>> audit_putname does not release the name - instead, it expects the name
>> to get released when the syscall completes, but that will happen only
>> if audit_getname() was called previously, i.e. if the name was
>> allocated with getname() rather than the naked __getname(). So,
>> __getname() followed by putname() ends up leaking memory.
>>
>
> OK. Please resend with a new changelog?
This seems like a reasonable change to me. I guess I misunderstood
the __getname/putname interaction. I expect I was focusing on the
fact you can only call getname if you have your data in userspace.
> The bug surprises me - it seems that it makes it trivial for userspace
> to cause leaking of mad amounts of kernel memory, which would cause the
> bug to be found and fixed quickly.
>
> Is it a recent regression, or does the bug trigger only in weird
> circumstances, or what?
Calling sysctl(2) is very rare. I don't know if it actually happens
anywhere with a modern userspace except in regression tests.
Effectively we retain sysctl(2) because it doesn't take too much to
maintain.
Michel what caused you to discover this bug? If you are using
sysctl(2) in production code I am a bit worried.
Eric
next prev parent reply other threads:[~2011-12-17 22:36 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-15 2:44 [PATCH] Fix for binary_sysctl() memory leak Michel Lespinasse
2011-12-15 22:19 ` Andrew Morton
2011-12-15 22:38 ` Michel Lespinasse
2011-12-15 22:44 ` Andrew Morton
2011-12-15 22:59 ` Michel Lespinasse
2011-12-15 23:07 ` Michel Lespinasse
2011-12-17 22:14 ` Eric W. Biederman [this message]
2011-12-18 1:23 ` Michel Lespinasse
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1iplerglz.fsf@fess.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=akpm@linux-foundation.org \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=walken@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.