From: Chen Gang <gang.chen@asianux.com>
To: Eric Paris <eparis@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] kernel: auditfilter: looping issue, memory leak if has 2 or more AUDIT_FILTERKEYs
Date: Thu, 11 Apr 2013 22:52:50 +0800 [thread overview]
Message-ID: <5166CE42.2080100@asianux.com> (raw)
In-Reply-To: <5166C9DB.9030606@asianux.com>
On 2013年04月11日 22:34, Chen Gang wrote:
> On 2013年04月11日 21:40, Eric Paris wrote:
>>>> >> > can we add it in audit_free_rule ?
>>>> >> >
>>>> >> > maybe like this:
>>>> >> >
>>>> >> > @@ -75,6 +75,8 @@ static inline void audit_free_rule(struct audit_entry *e)
>>>> >> > /* some rules don't have associated watches */
>>>> >> > if (erule->watch)
>>>> >> > audit_put_watch(erule->watch);
>>>> >> > + if (erule->tree)
>>>> >> > + audit_put_tree(erule->tree);
>>>> >> > if (erule->fields)
>>>> >> > for (i = 0; i < erule->field_count; i++) {
>>>> >> > struct audit_field *f = &erule->fields[i];
>> > Where does the tree information get freed normally? That's the code you need to run down. You don't want to start getting double frees on the non-error case. I'll try to dig into it if Al doesn't. It's easy to show the leak on current kernels.
>> >
oh.. it seems another issues need consider !!
a. in function audit_remove_watch_rule, it does not set NULL for krule->watch.
b. function audit_del_rule and audit_remove_watch_rule need lock protected.
it seems we should call audit_del_rule in audit_free_rule.
audit_del_rule will instead of audit_put_watch and audit_put_tree.
but we need consider whether will cause dead lock !
I will continue to see it.
> I think:
> it is in function audit_del_rule. when del, also set NULL.
> so the deletion in audit_free_rule is safe.
> the process of erule->watch and erule->tree are similar.
>
> please check, thanks.
>
>
>> > while(1)
>> > auditctl -a exit,always -w /etc -F auid=-1
>> >
>> >
>> >
> it is valuable to me, thanks.
>
--
Chen Gang
Asianux Corporation
next prev parent reply other threads:[~2013-04-11 14:53 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-10 9:52 [PATCH] kernel: auditfilter: looping issue, memory leak if has 2 or more AUDIT_FILTERKEYs Chen Gang
2013-04-10 10:18 ` Chen Gang
2013-04-10 10:28 ` Chen Gang
2013-04-10 10:36 ` Chen Gang
2013-04-10 21:38 ` Eric Paris
2013-04-11 1:12 ` Chen Gang
2013-04-10 21:32 ` Eric Paris
2013-04-11 3:43 ` Chen Gang
2013-04-10 20:29 ` Eric Paris
2013-04-11 3:55 ` Chen Gang
2013-04-10 21:19 ` Eric Paris
2013-04-11 4:10 ` Chen Gang
2013-04-11 13:40 ` Eric Paris
2013-04-11 14:34 ` Chen Gang
2013-04-11 14:52 ` Chen Gang [this message]
2013-04-12 9:42 ` Chen Gang
2013-04-16 10:25 ` Chen Gang
2013-04-16 10:38 ` Chen Gang
2013-04-17 2:41 ` Chen Gang
2013-04-17 4:23 ` [PATCH v2] kernel: auditfilter: resource management, tree and watch will memory leak when failure occurs Chen Gang
2013-04-10 20:08 ` [PATCH] kernel: auditfilter: looping issue, memory leak if has 2 or more AUDIT_FILTERKEYs Eric Paris
2013-04-11 3:56 ` Chen Gang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5166CE42.2080100@asianux.com \
--to=gang.chen@asianux.com \
--cc=eparis@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox