Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp732453imm; Thu, 31 May 2018 08:27:55 -0700 (PDT) X-Google-Smtp-Source: ADUXVKLY2prgkGK69C0ADVaGFCg8PlVlQ4GeK27eif+ukNfRp5JKiLdwv4K6S0/Qvol6OEOUxTDM X-Received: by 2002:a17:902:9a9:: with SMTP id 38-v6mr7563429pln.114.1527780475629; Thu, 31 May 2018 08:27:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527780475; cv=none; d=google.com; s=arc-20160816; b=gR2lbocYgXuM5bqMoNQvu9HvhC5T0AAwxGEPhMV7jDnQMJccVpFZPc+9nnpsnlGwjk OiqJ0nXf+vvk/r2VH1hFEoLdfge+1tUwWEZgy0BEJs/flyru29tq6BnRoftFr2FQFjSl K8HUo12iDN8vzo0nBnYwBczD0tKuG7KqXfEgZBUJwR4pVqPKLRJOiKtO+ifPi9ORCcDz pAmKZXkKtzD4Gzsg4M5pQXemSp3rz91megkWG09hYJbvjsLnpW2NmAHvhnQHh1jLyflU euWQJKi4zIqHpxBhjCw4vuE66Bbx/g7n7WckhrKr/0yAqr7o2Z4kiyqj8lKWEFGc42k0 +pfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=ITRHD+fJW//oxAbHlpgLNYqU/6Hk3zWKW8ih10CdnFY=; b=iZ4OnrH7JQwKnAcflfL6/X6Kplzsl8r0jNj8zbA7nh3UB1mgVyn6NpHZ2V8f74OQJO e6iSgkav8AAp5KPLMQ41l8nodxdNaC18TqIi0BaJ8j+w5ReRx1ycKl470S6B6FqIc8h6 tsb82YRaK7f+eetUXz8wUkInRiXQFG+40Zam2O4i7Aprd5Z44HkZu1fG6hlcQKsI4Ydo oHYNrbcGeaKLAHggs0J6xq6Uc+vgLTX5PNeBUQ0CzATOs3chRaqCTQkU3dWBEsh43OdA LcTYWvcSejDajIlcTETysGffeJy37dbMyacEjpPd08kODQXYGXdNstxq8xua6ll+O+ZD zxIw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=WKl7zR53; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a19-v6si3783283pfi.353.2018.05.31.08.27.41; Thu, 31 May 2018 08:27:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=WKl7zR53; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755525AbeEaP0g (ORCPT + 99 others); Thu, 31 May 2018 11:26:36 -0400 Received: from sonic301-27.consmr.mail.gq1.yahoo.com ([98.137.64.153]:38277 "EHLO sonic301-27.consmr.mail.gq1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755478AbeEaP0b (ORCPT ); Thu, 31 May 2018 11:26:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1527780389; bh=ITRHD+fJW//oxAbHlpgLNYqU/6Hk3zWKW8ih10CdnFY=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=WKl7zR532Idc4S+fTxFr1wjhP9lRzTkgteVLn0ylQPfGEhEYwpGc77TRcj+QVIOPgDTpOajJ5aWqqrRMa+5bBcHLLeDHtylkKPR/ptnUrKMXhvqZxPauuDSDZ37psF9CDmvSnF23aRNv9GH5l/sgYepZVjDY7K8D741qzT3KMVujn7O1BNfC64wnSBEJmuIq4vkK4pboP1t1Z3SXg7joPbnRVCGyaS3Zwg2sDMd2wMIGQ/G98gAFcuq/ZyaMKdOK761s9kbv8Qc6RUZ0NW8pMRV+GGdzvVuuxrLwsfEDcsq2vsSONal5R7Dj7NGQcXW4z8a3nkvWmtxrOIP0HtIwdQ== X-YMail-OSG: f_xppgwVM1m3ZuLXkLIngZRjWGIXHpL4PJqa4mabZbHb4m_Way6h6koGQp2zo0Z cK5AVzoaEbusj0STy.cT_OQlUf5ZyzVoKjSNGMa1qnVB.8zcu0GQtezVqAt8DqMgmY466Cuj5FI1 6Y_jH1hN9G1cG1OTAddnATLLcO7ZEgvCIwiVqHPogVJvm5I5vUTY_ytepXShwLumrM73R3nIUivw iBplVCgWzPr6mWbPZCi7FGBjtPU1OgaGU5.YkqH47WzlCF6AdSeyOmHd4weeG7E1EYnuND0lDo5d LSzNhKpWVLaukJJUETa17J_qKozePYvKzmMGnsfT0OBeidNSAyalwZ7ZgRMruTvKiJsfFhCTMA9C 165DJSkkq159z7hZC7e1zhf8pby1LcdC4G2yS6Ya84pLxhIlMBvvSkiBjtrONv6GM8jEGm2_2LqQ cADgc.WmMEBxJJkVnJmaq1rt_JQ4dDZKn5r21Qb3ypb7wTxpodrI39l.E2dF_.Dr1O79fuhXyiZw rKzUVT5zmfluWCnh8p.DmNfYqZlRaQTY7CbAviXZc9OafkQje3GoC3kvbL9yJmLUSySlr_LVtsO9 0AG1ABu59n02NzK1AARw5OPqlso6kycxKlFM5IKy5jaR.vglsDv26fBCHoSjJm8DQ76EwwhXzYZb inCW6XYFsQ40PDQnlvTax4zoai.7kTbXGJuLUdedPWV2zR_TVGBYofJSephXnZBRwwTHt18lhEPf VSSfZe26NwmjNAmrZs94mXSXtNcutg1nr0jl_tVh8 Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.gq1.yahoo.com with HTTP; Thu, 31 May 2018 15:26:29 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.105]) ([67.169.65.224]) by smtp428.mail.gq1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 6102bafdea0d066ca69fae4462d156aa; Thu, 31 May 2018 15:26:25 +0000 (UTC) Subject: Re: [PATCH 1/1] Fix memory leak in kernfs_security_xattr_set and kernfs_security_xattr_set To: CHANDAN VN , gregkh@linuxfoundation.org, tj@kernel.org, bfields@fieldses.org, jlayton@kernel.org, linux-kernel@vger.kernel.org, linux-nfs@vger.kernel.org Cc: cpgs@samsung.com, sireesha.t@samsung.com, Casey Schaufler References: <1527758911-18610-1-git-send-email-chandan.vn@samsung.com> From: Casey Schaufler Message-ID: Date: Thu, 31 May 2018 08:26:23 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <1527758911-18610-1-git-send-email-chandan.vn@samsung.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/31/2018 2:28 AM, CHANDAN VN wrote: > From: "sireesha.t" > > Leak is caused because smack_inode_getsecurity() is allocating memory > using kstrdup(). Though the security_release_secctx() is called, it > would not free the allocated memory. Calling security_release_secctx is > not relevant for this scenario as inode_getsecurity() does not provide a > "secctx". > > Similar fix has been mainlined: > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=57e7ba04d422c3d41c8426380303ec9b7533ded9 > > The fix is to replace the security_release_secctx() with a kfree() > > Below is the KMEMLEAK dump: > unreferenced object 0xffffffc025e11c80 (size 64): > comm "systemd-tmpfile", pid 2452, jiffies 4294894464 (age 235587.492s) > hex dump (first 32 bytes): > 53 79 73 74 65 6d 3a 3a 53 68 61 72 65 64 00 00 System::Shared.. > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > backtrace: > [] __save_stack_trace+0x28/0x34 > [] create_object+0x130/0x25c > [] kmemleak_alloc+0x30/0x5c > [] __kmalloc_track_caller+0x1cc/0x2a8 > [] kstrdup+0x3c/0x6c > [] smack_inode_getsecurity+0xcc/0xec > [] smack_inode_getsecctx+0x24/0x44 > [] security_inode_getsecctx+0x50/0x70 > [] kernfs_security_xattr_set+0x74/0xe0 > [] __vfs_setxattr+0x74/0x90 > [] __vfs_setxattr_noperm+0x80/0x1ac > [] vfs_setxattr+0x84/0xac > [] setxattr+0x114/0x178 > [] path_setxattr+0x74/0xb8 > [] SyS_lsetxattr+0x10/0x1c > [] __sys_trace_return+0x0/0x4 > > Signed-off-by: sireesha.t > Signed-off-by: CHANDAN VN Why not: static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) { - int len = 0; - len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true); + int len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, false); if (len < 0) return len; > --- > fs/kernfs/inode.c | 3 ++- > fs/nfsd/nfs4xdr.c | 2 +- > 2 files changed, 3 insertions(+), 2 deletions(-) > > diff --git a/fs/kernfs/inode.c b/fs/kernfs/inode.c > index a343039..53befb8 100644 > --- a/fs/kernfs/inode.c > +++ b/fs/kernfs/inode.c > @@ -369,7 +369,8 @@ static int kernfs_security_xattr_set(const struct xattr_handler *handler, > mutex_unlock(&kernfs_mutex); > > if (secdata) > - security_release_secctx(secdata, secdata_len); > + kfree(secdata); > + > return error; > } > > diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c > index aaa88c1..1e0dbe9 100644 > --- a/fs/nfsd/nfs4xdr.c > +++ b/fs/nfsd/nfs4xdr.c > @@ -2911,7 +2911,7 @@ static int get_parent_attributes(struct svc_export *exp, struct kstat *stat) > out: > #ifdef CONFIG_NFSD_V4_SECURITY_LABEL > if (context) > - security_release_secctx(context, contextlen); > + kfree(context); > #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ > kfree(acl); > if (tempfh) {