* [PATCH] selinux: fix memory leak in sel_make_bools
@ 2009-08-13 8:26 Xiaotian Feng
2009-08-13 18:55 ` Paul Moore
2009-08-14 2:02 ` [PATCH V2] " Xiaotian Feng
0 siblings, 2 replies; 8+ messages in thread
From: Xiaotian Feng @ 2009-08-13 8:26 UTC (permalink / raw)
To: jmorris, eparis, sds, paul.moore, serue, linux-security-module
Cc: linux-kernel, Xiaotian Feng
In sel_make_bools, kernel allocates memory for bool_pending_names[i]
with security_get_bools. So if we just free bool_pending_names, those
memories for bool_pending_names[i] will be leaked.
This patch resolves dozens of following kmemleak report after resuming
from suspend:
unreferenced object 0xffff88022e4c7380 (size 32):
comm "init", pid 1, jiffies 4294677173
backtrace:
[<ffffffff810f76b5>] create_object+0x1a2/0x2a9
[<ffffffff810f78bb>] kmemleak_alloc+0x26/0x4b
[<ffffffff810ef3eb>] __kmalloc+0x18f/0x1b8
[<ffffffff811cd511>] security_get_bools+0xd7/0x16f
[<ffffffff811c48c0>] sel_write_load+0x12e/0x62b
[<ffffffff810f9a39>] vfs_write+0xae/0x10b
[<ffffffff810f9b56>] sys_write+0x4a/0x6e
[<ffffffff81011b82>] system_call_fastpath+0x16/0x1b
[<ffffffffffffffff>] 0xffffffffffffffff
Signed-off-by: Xiaotian Feng <dfeng@redhat.com>
---
security/selinux/selinuxfs.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index b4fc506..ab93472 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -979,7 +979,11 @@ static int sel_make_bools(void)
u32 sid;
/* remove any existing files */
- kfree(bool_pending_names);
+ if (bool_pending_names) {
+ for (i = 0; i < bool_num; i++)
+ kfree(bool_pending_names[i]);
+ kfree(bool_pending_names);
+ }
kfree(bool_pending_values);
bool_pending_names = NULL;
bool_pending_values = NULL;
--
1.6.2.5
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] selinux: fix memory leak in sel_make_bools
2009-08-13 8:26 [PATCH] selinux: fix memory leak in sel_make_bools Xiaotian Feng
@ 2009-08-13 18:55 ` Paul Moore
2009-08-14 2:00 ` Danny Feng
2009-08-14 2:02 ` [PATCH V2] " Xiaotian Feng
1 sibling, 1 reply; 8+ messages in thread
From: Paul Moore @ 2009-08-13 18:55 UTC (permalink / raw)
To: Xiaotian Feng
Cc: jmorris, eparis, sds, serue, linux-security-module, linux-kernel
On Thursday 13 August 2009 04:26:16 am Xiaotian Feng wrote:
> In sel_make_bools, kernel allocates memory for bool_pending_names[i]
> with security_get_bools. So if we just free bool_pending_names, those
> memories for bool_pending_names[i] will be leaked.
>
> This patch resolves dozens of following kmemleak report after resuming
> from suspend:
> unreferenced object 0xffff88022e4c7380 (size 32):
> comm "init", pid 1, jiffies 4294677173
> backtrace:
> [<ffffffff810f76b5>] create_object+0x1a2/0x2a9
> [<ffffffff810f78bb>] kmemleak_alloc+0x26/0x4b
> [<ffffffff810ef3eb>] __kmalloc+0x18f/0x1b8
> [<ffffffff811cd511>] security_get_bools+0xd7/0x16f
> [<ffffffff811c48c0>] sel_write_load+0x12e/0x62b
> [<ffffffff810f9a39>] vfs_write+0xae/0x10b
> [<ffffffff810f9b56>] sys_write+0x4a/0x6e
> [<ffffffff81011b82>] system_call_fastpath+0x16/0x1b
> [<ffffffffffffffff>] 0xffffffffffffffff
>
> Signed-off-by: Xiaotian Feng <dfeng@redhat.com>
> ---
> security/selinux/selinuxfs.c | 6 +++++-
> 1 files changed, 5 insertions(+), 1 deletions(-)
>
> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
> index b4fc506..ab93472 100644
> --- a/security/selinux/selinuxfs.c
> +++ b/security/selinux/selinuxfs.c
> @@ -979,7 +979,11 @@ static int sel_make_bools(void)
> u32 sid;
>
> /* remove any existing files */
> - kfree(bool_pending_names);
> + if (bool_pending_names) {
> + for (i = 0; i < bool_num; i++)
> + kfree(bool_pending_names[i]);
> + kfree(bool_pending_names);
> + }
> kfree(bool_pending_values);
> bool_pending_names = NULL;
> bool_pending_values = NULL;
Since the code seems to rely on 'bool_num' in other places to ensure we don't
walk off the end of the array it is probably safe to omit the 'if
(bool_pending_names) ...' conditional and just rely on the for loop to do the
right thing.
--
paul moore
linux @ hp
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] selinux: fix memory leak in sel_make_bools
2009-08-13 18:55 ` Paul Moore
@ 2009-08-14 2:00 ` Danny Feng
0 siblings, 0 replies; 8+ messages in thread
From: Danny Feng @ 2009-08-14 2:00 UTC (permalink / raw)
To: Paul Moore
Cc: jmorris, eparis, sds, serue, linux-security-module, linux-kernel
On 08/14/2009 02:55 AM, Paul Moore wrote:
> On Thursday 13 August 2009 04:26:16 am Xiaotian Feng wrote:
>> In sel_make_bools, kernel allocates memory for bool_pending_names[i]
>> with security_get_bools. So if we just free bool_pending_names, those
>> memories for bool_pending_names[i] will be leaked.
>>
>> This patch resolves dozens of following kmemleak report after resuming
>> from suspend:
>> unreferenced object 0xffff88022e4c7380 (size 32):
>> comm "init", pid 1, jiffies 4294677173
>> backtrace:
>> [<ffffffff810f76b5>] create_object+0x1a2/0x2a9
>> [<ffffffff810f78bb>] kmemleak_alloc+0x26/0x4b
>> [<ffffffff810ef3eb>] __kmalloc+0x18f/0x1b8
>> [<ffffffff811cd511>] security_get_bools+0xd7/0x16f
>> [<ffffffff811c48c0>] sel_write_load+0x12e/0x62b
>> [<ffffffff810f9a39>] vfs_write+0xae/0x10b
>> [<ffffffff810f9b56>] sys_write+0x4a/0x6e
>> [<ffffffff81011b82>] system_call_fastpath+0x16/0x1b
>> [<ffffffffffffffff>] 0xffffffffffffffff
>>
>> Signed-off-by: Xiaotian Feng<dfeng@redhat.com>
>> ---
>> security/selinux/selinuxfs.c | 6 +++++-
>> 1 files changed, 5 insertions(+), 1 deletions(-)
>>
>> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
>> index b4fc506..ab93472 100644
>> --- a/security/selinux/selinuxfs.c
>> +++ b/security/selinux/selinuxfs.c
>> @@ -979,7 +979,11 @@ static int sel_make_bools(void)
>> u32 sid;
>>
>> /* remove any existing files */
>> - kfree(bool_pending_names);
>> + if (bool_pending_names) {
>> + for (i = 0; i< bool_num; i++)
>> + kfree(bool_pending_names[i]);
>> + kfree(bool_pending_names);
>> + }
>> kfree(bool_pending_values);
>> bool_pending_names = NULL;
>> bool_pending_values = NULL;
>
> Since the code seems to rely on 'bool_num' in other places to ensure we don't
> walk off the end of the array it is probably safe to omit the 'if
> (bool_pending_names) ...' conditional and just rely on the for loop to do the
> right thing.
Thanks for point out, I'll resend V2 patch :-)
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH V2] selinux: fix memory leak in sel_make_bools
2009-08-13 8:26 [PATCH] selinux: fix memory leak in sel_make_bools Xiaotian Feng
2009-08-13 18:55 ` Paul Moore
@ 2009-08-14 2:02 ` Xiaotian Feng
2009-08-14 2:36 ` Serge E. Hallyn
2009-08-14 6:06 ` James Morris
1 sibling, 2 replies; 8+ messages in thread
From: Xiaotian Feng @ 2009-08-14 2:02 UTC (permalink / raw)
To: jmorris, eparis, sds, paul.moore, serue, linux-security-module
Cc: linux-kernel, Xiaotian Feng
In sel_make_bools, kernel allocates memory for bool_pending_names[i]
with security_get_bools. So if we just free bool_pending_names, those
memories for bool_pending_names[i] will be leaked.
This patch resolves dozens of following kmemleak report after resuming
from suspend:
unreferenced object 0xffff88022e4c7380 (size 32):
comm "init", pid 1, jiffies 4294677173
backtrace:
[<ffffffff810f76b5>] create_object+0x1a2/0x2a9
[<ffffffff810f78bb>] kmemleak_alloc+0x26/0x4b
[<ffffffff810ef3eb>] __kmalloc+0x18f/0x1b8
[<ffffffff811cd511>] security_get_bools+0xd7/0x16f
[<ffffffff811c48c0>] sel_write_load+0x12e/0x62b
[<ffffffff810f9a39>] vfs_write+0xae/0x10b
[<ffffffff810f9b56>] sys_write+0x4a/0x6e
[<ffffffff81011b82>] system_call_fastpath+0x16/0x1b
[<ffffffffffffffff>] 0xffffffffffffffff
Signed-off-by: Xiaotian Feng <dfeng@redhat.com>
---
security/selinux/selinuxfs.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index b4fc506..1a8a1c2 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -979,6 +979,8 @@ static int sel_make_bools(void)
u32 sid;
/* remove any existing files */
+ for (i = 0; i < bool_num; i++)
+ kfree(bool_pending_names[i]);
kfree(bool_pending_names);
kfree(bool_pending_values);
bool_pending_names = NULL;
--
1.6.2.5
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH V2] selinux: fix memory leak in sel_make_bools
2009-08-14 2:02 ` [PATCH V2] " Xiaotian Feng
@ 2009-08-14 2:36 ` Serge E. Hallyn
2009-08-14 6:06 ` James Morris
1 sibling, 0 replies; 8+ messages in thread
From: Serge E. Hallyn @ 2009-08-14 2:36 UTC (permalink / raw)
To: Xiaotian Feng
Cc: jmorris, eparis, sds, paul.moore, linux-security-module,
linux-kernel
Quoting Xiaotian Feng (dfeng@redhat.com):
> In sel_make_bools, kernel allocates memory for bool_pending_names[i]
> with security_get_bools. So if we just free bool_pending_names, those
> memories for bool_pending_names[i] will be leaked.
>
> This patch resolves dozens of following kmemleak report after resuming
> from suspend:
> unreferenced object 0xffff88022e4c7380 (size 32):
> comm "init", pid 1, jiffies 4294677173
> backtrace:
> [<ffffffff810f76b5>] create_object+0x1a2/0x2a9
> [<ffffffff810f78bb>] kmemleak_alloc+0x26/0x4b
> [<ffffffff810ef3eb>] __kmalloc+0x18f/0x1b8
> [<ffffffff811cd511>] security_get_bools+0xd7/0x16f
> [<ffffffff811c48c0>] sel_write_load+0x12e/0x62b
> [<ffffffff810f9a39>] vfs_write+0xae/0x10b
> [<ffffffff810f9b56>] sys_write+0x4a/0x6e
> [<ffffffff81011b82>] system_call_fastpath+0x16/0x1b
> [<ffffffffffffffff>] 0xffffffffffffffff
>
> Signed-off-by: Xiaotian Feng <dfeng@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
> ---
> security/selinux/selinuxfs.c | 2 ++
> 1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
> index b4fc506..1a8a1c2 100644
> --- a/security/selinux/selinuxfs.c
> +++ b/security/selinux/selinuxfs.c
> @@ -979,6 +979,8 @@ static int sel_make_bools(void)
> u32 sid;
>
> /* remove any existing files */
> + for (i = 0; i < bool_num; i++)
> + kfree(bool_pending_names[i]);
> kfree(bool_pending_names);
> kfree(bool_pending_values);
> bool_pending_names = NULL;
> --
> 1.6.2.5
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH V2] selinux: fix memory leak in sel_make_bools
2009-08-14 2:02 ` [PATCH V2] " Xiaotian Feng
2009-08-14 2:36 ` Serge E. Hallyn
@ 2009-08-14 6:06 ` James Morris
2010-02-08 10:59 ` Xiaotian Feng
1 sibling, 1 reply; 8+ messages in thread
From: James Morris @ 2009-08-14 6:06 UTC (permalink / raw)
To: Xiaotian Feng
Cc: eparis, sds, paul.moore, serue, linux-security-module,
linux-kernel
On Fri, 14 Aug 2009, Xiaotian Feng wrote:
> In sel_make_bools, kernel allocates memory for bool_pending_names[i]
> with security_get_bools. So if we just free bool_pending_names, those
> memories for bool_pending_names[i] will be leaked.
Thanks, applied and pushed to Linus.
--
James Morris
<jmorris@namei.org>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH V2] selinux: fix memory leak in sel_make_bools
2009-08-14 6:06 ` James Morris
@ 2010-02-08 10:59 ` Xiaotian Feng
2010-02-08 21:24 ` James Morris
0 siblings, 1 reply; 8+ messages in thread
From: Xiaotian Feng @ 2010-02-08 10:59 UTC (permalink / raw)
To: James Morris
Cc: eparis, sds, paul.moore, serue, linux-security-module,
linux-kernel
On 08/14/2009 02:06 PM, James Morris wrote:
> On Fri, 14 Aug 2009, Xiaotian Feng wrote:
>
>> In sel_make_bools, kernel allocates memory for bool_pending_names[i]
>> with security_get_bools. So if we just free bool_pending_names, those
>> memories for bool_pending_names[i] will be leaked.
>
> Thanks, applied and pushed to Linus.
This patch is missing or dropped? I'm not seeing this patch until
2.6.33-rc7, thanks.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH V2] selinux: fix memory leak in sel_make_bools
2010-02-08 10:59 ` Xiaotian Feng
@ 2010-02-08 21:24 ` James Morris
0 siblings, 0 replies; 8+ messages in thread
From: James Morris @ 2010-02-08 21:24 UTC (permalink / raw)
To: Xiaotian Feng
Cc: eparis, sds, paul.moore, serue, linux-security-module,
linux-kernel
On Mon, 8 Feb 2010, Xiaotian Feng wrote:
> On 08/14/2009 02:06 PM, James Morris wrote:
> > On Fri, 14 Aug 2009, Xiaotian Feng wrote:
> >
> > > In sel_make_bools, kernel allocates memory for bool_pending_names[i]
> > > with security_get_bools. So if we just free bool_pending_names, those
> > > memories for bool_pending_names[i] will be leaked.
> >
> > Thanks, applied and pushed to Linus.
> This patch is missing or dropped? I'm not seeing this patch until 2.6.33-rc7,
> thanks.
Not sure what happened to that -- I pushed it to Linus, but it's not in
the tree for some reason. Now applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next
--
James Morris
<jmorris@namei.org>
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2010-02-08 21:24 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-08-13 8:26 [PATCH] selinux: fix memory leak in sel_make_bools Xiaotian Feng
2009-08-13 18:55 ` Paul Moore
2009-08-14 2:00 ` Danny Feng
2009-08-14 2:02 ` [PATCH V2] " Xiaotian Feng
2009-08-14 2:36 ` Serge E. Hallyn
2009-08-14 6:06 ` James Morris
2010-02-08 10:59 ` Xiaotian Feng
2010-02-08 21:24 ` James Morris
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox