Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp746040imm; Thu, 31 May 2018 08:41:35 -0700 (PDT) X-Google-Smtp-Source: ADUXVKI8iJDjap0Ts3ndQDiR45wf4mpjXe33leHJFRIJ35cdlzrj2cOJy6GVOsfTS2O0esynq33q X-Received: by 2002:a65:498e:: with SMTP id r14-v6mr5790397pgs.78.1527781295850; Thu, 31 May 2018 08:41:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527781295; cv=none; d=google.com; s=arc-20160816; b=i3W6O0oEv4iCi8KoPOH/bVSoVYOoQCnULZF3NuM1oCxOdc4a1LhsmuytSkaqaHyUnF OpscAh7LNgUoh7TC8uqh12xwKjPCv2X4BIE0OCjt9YTsSQloLFGpsaWvOaV05Itv26Im jnYTVo1akpyuL20Yd/TRXR7ySw0aRuidhAnKPuSKrw/Udn49jU4NvdoFhl0z0t9WqMZp xATCnQOVpib3oCBZfJkJotOQ1V5ugySXpQUPYXx6+GIb5yj+TR9s4AjKO/Mkdq+29GpK VmbRXL+Q6wlY1RTYI//1ghBFhHaQ9P7T4NdGl7LmveFN45gQwYggrOm7ydFjGxq1KNFN EwoA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=c5cjafRVzdr41HipxzR9Y2EDcAT7NGOqHAflx6QrBxs=; b=I8M4pspyipu0mXApv2nA4bdaNOXS4EEuNRcSFG8Tmz4DvT9+B4V/cDaqF8E8SCFGch 0ha7vZHZQQilVeli+NERjw/VyblHMADEDS9wQm2TQeHbPLXLLrWn2oP2+cEYJdWe/cHx hHQSunmzdAohk9Wq/DBl+WFfN2Syd9zr8+dYt2syzY608HJRXd/3OdFTA8A+JOUl5/et rt0rwY1i+0pJ/xdSOSY9DvAKPJKdC2X8SdTsGhN6oGvDmOTwFa1cSkxrQznahjORSI4B r7GJCbZfInzDKCaDHN8R/wcR19WvwocS9AZhzAmR//tvqWgPv+AxqVqu6vCkMP1mP40C 9xrg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=BX1H14mr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 77-v6si36835116pfz.334.2018.05.31.08.41.21; Thu, 31 May 2018 08:41:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=BX1H14mr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755524AbeEaPjt (ORCPT + 99 others); Thu, 31 May 2018 11:39:49 -0400 Received: from mail-yw0-f194.google.com ([209.85.161.194]:42355 "EHLO mail-yw0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755417AbeEaPjr (ORCPT ); Thu, 31 May 2018 11:39:47 -0400 Received: by mail-yw0-f194.google.com with SMTP id q7-v6so7307429ywd.9; Thu, 31 May 2018 08:39:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=c5cjafRVzdr41HipxzR9Y2EDcAT7NGOqHAflx6QrBxs=; b=BX1H14mrI9Mga22GV4VsLDOS3Req++LkBdYkl83tIyCpmlPUECnjLT2lVuRGGi/nYy Iao8NaUkkcozoP92YIqs+jn0viG1O7eNAqA1OBCJVo06LyHpkI4eKKvmWhi82WJojdr3 whxwSNNbU34KQLOIsVrtRm+9qMEfIxxyoc9Q5xPfM/bRnAgI/Y0P4khwo80NEKCQvhMr EaPdJWpuBghGcBj/tw0HStHUQtkpsyvjsIBX5Lu093hS5pEUqIB8qujppu2MspilDg6R 4PLqvB3KvCrAkpunDNlz1HGvyZfDW+cpXhQ5JlThpO+tl1LVnCm8y54E1ouUO0rYeAKf g2gw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=c5cjafRVzdr41HipxzR9Y2EDcAT7NGOqHAflx6QrBxs=; b=TCFl3it3HjrZf1Z9dXJHiehieU+4IT9E8XVvCFF0lJygYu3lYhsIOp+NRCioRZgoZk NvAJ72MWBj6/o143nA7LueSqNyyt6F+5aAitvAVhtW4UNC6hOQW/l114jHdWpgrY+Icy anP91T+wWV71QeBZYmsdMgYrls688N3jCy877mTOAEi00tOR+esuId2ng38MxJZiZJoH 4fddCqFTKnjNsqicaH/0Bh3L5T1cZdMXWBaKyHp+2Et3JKuQGsamQzBvWMfed9AAz2pW DaDUDfdX+MPvG3QgR+lHJ4HE+Mj2JBbuoBLIoniZcILUODMfcWqJf2eRwPd9ZWhDFOkN OfFg== X-Gm-Message-State: ALKqPwed/J4DlAIqy0y/6GC+F+nRRXuhMhABJuQ4QKryWc+i05NcKYRH Tx2zCQAE23JX0M3/F7/Wwm8= X-Received: by 2002:a81:5804:: with SMTP id m4-v6mr4052344ywb.312.1527781186567; Thu, 31 May 2018 08:39:46 -0700 (PDT) Received: from localhost ([2620:10d:c091:200::3:bd3d]) by smtp.gmail.com with ESMTPSA id f132-v6sm10252087ywa.76.2018.05.31.08.39.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 31 May 2018 08:39:45 -0700 (PDT) Date: Thu, 31 May 2018 08:39:43 -0700 From: Tejun Heo To: CHANDAN VN Cc: gregkh@linuxfoundation.org, bfields@fieldses.org, jlayton@kernel.org, linux-kernel@vger.kernel.org, linux-nfs@vger.kernel.org, casey@schaufler-ca.com, cpgs@samsung.com, sireesha.t@samsung.com, Chris Wright , linux-security-module@vger.kernel.org Subject: Re: [PATCH 1/1] Fix memory leak in kernfs_security_xattr_set and kernfs_security_xattr_set Message-ID: <20180531153943.GR1351649@devbig577.frc2.facebook.com> References: <1527758911-18610-1-git-send-email-chandan.vn@samsung.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1527758911-18610-1-git-send-email-chandan.vn@samsung.com> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org (cc'ing more security folks and copying whole body) So, I'm sure the patch fixes the memory leak but API wise it looks super confusing. Can security folks chime in here? Is this the right fix? Thanks. On Thu, May 31, 2018 at 02:58:31PM +0530, CHANDAN VN wrote: > From: "sireesha.t" > > Leak is caused because smack_inode_getsecurity() is allocating memory > using kstrdup(). Though the security_release_secctx() is called, it > would not free the allocated memory. Calling security_release_secctx is > not relevant for this scenario as inode_getsecurity() does not provide a > "secctx". > > Similar fix has been mainlined: > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=57e7ba04d422c3d41c8426380303ec9b7533ded9 > > The fix is to replace the security_release_secctx() with a kfree() > > Below is the KMEMLEAK dump: > unreferenced object 0xffffffc025e11c80 (size 64): > comm "systemd-tmpfile", pid 2452, jiffies 4294894464 (age 235587.492s) > hex dump (first 32 bytes): > 53 79 73 74 65 6d 3a 3a 53 68 61 72 65 64 00 00 System::Shared.. > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > backtrace: > [] __save_stack_trace+0x28/0x34 > [] create_object+0x130/0x25c > [] kmemleak_alloc+0x30/0x5c > [] __kmalloc_track_caller+0x1cc/0x2a8 > [] kstrdup+0x3c/0x6c > [] smack_inode_getsecurity+0xcc/0xec > [] smack_inode_getsecctx+0x24/0x44 > [] security_inode_getsecctx+0x50/0x70 > [] kernfs_security_xattr_set+0x74/0xe0 > [] __vfs_setxattr+0x74/0x90 > [] __vfs_setxattr_noperm+0x80/0x1ac > [] vfs_setxattr+0x84/0xac > [] setxattr+0x114/0x178 > [] path_setxattr+0x74/0xb8 > [] SyS_lsetxattr+0x10/0x1c > [] __sys_trace_return+0x0/0x4 > > Signed-off-by: sireesha.t > Signed-off-by: CHANDAN VN > --- > fs/kernfs/inode.c | 3 ++- > fs/nfsd/nfs4xdr.c | 2 +- > 2 files changed, 3 insertions(+), 2 deletions(-) > > diff --git a/fs/kernfs/inode.c b/fs/kernfs/inode.c > index a343039..53befb8 100644 > --- a/fs/kernfs/inode.c > +++ b/fs/kernfs/inode.c > @@ -369,7 +369,8 @@ static int kernfs_security_xattr_set(const struct xattr_handler *handler, > mutex_unlock(&kernfs_mutex); > > if (secdata) > - security_release_secctx(secdata, secdata_len); > + kfree(secdata); > + > return error; > } > > diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c > index aaa88c1..1e0dbe9 100644 > --- a/fs/nfsd/nfs4xdr.c > +++ b/fs/nfsd/nfs4xdr.c > @@ -2911,7 +2911,7 @@ static int get_parent_attributes(struct svc_export *exp, struct kstat *stat) > out: > #ifdef CONFIG_NFSD_V4_SECURITY_LABEL > if (context) > - security_release_secctx(context, contextlen); > + kfree(context); > #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ > kfree(acl); > if (tempfh) { > -- > 1.9.1 > -- tejun