Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp787753imm;
        Thu, 31 May 2018 09:23:05 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKJrZJzRGAYepPyGd0yvvSfAH/B8H7z8aS/AD/mOuAA2y5+/VTxbVhJ2527ANBgQJe92OS2i
X-Received: by 2002:a62:ec5b:: with SMTP id k88-v6mr7288793pfh.85.1527783785040;
        Thu, 31 May 2018 09:23:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1527783785; cv=none;
        d=google.com; s=arc-20160816;
        b=VV1wBcAxf61i4GvTOBqMbOT82/IxkisYJOvtyBmtB4yBrX199LIuSZSgVHG03N64yG
         i2Qu++nRrXffH12uekItcvufycJvEoHpyVITq+UKwz0sy/u5/0D+huJUEnL9VFJ7VsnH
         pJNfZ00+Y6zr8gpgCvzDtuHmd1TCndEF/ffNbMYCwTg4Z0a8HmnJoI40KzN59G04wEzB
         553HThFPRbvaLTSvhAIxqXD4WVcXTg0Yiwd9Aj2kOW0YuJluT1hV5IARdYSHthLhLRWc
         6m1dfG/5DAO4tV8QZg6eGLuCMGOK6s7CpOvODagho4ZjeN8p0+o/zBxrjF7TfZa7U9eF
         gZYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-language
         :content-transfer-encoding:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature
         :arc-authentication-results;
        bh=FWlUgMrQIKdisploTdXrkeae763E2IfeSzZ2+7c0pgc=;
        b=QRjlkRoBsz6/6gr+N7Xd0z2OIZSAGVNh+/OJVeSIXYKlSFMXFI8B1IrGuKUwv3t8oe
         iBx3V9DULa8mCRXVgjKnH9sxp9mZoMipvbOEyUi6VMg1T8JxKIvRht0zUQNWnFX18eix
         zF6ob7fjED9P2Fnd+WOHJ1MORPVXmQ1feZSeRiw99ut0MRZe1ckGcZZQSznENTUB8jxn
         d+cqx0zA0cONtGPfpVS/+2IowaaqAljHo/GsxuDBnDjc74WoncXvN01MLriZS9FpfzbS
         gwwNsrK6Lp2iTtpuJm+24c3dlK6KxzN4LGoFdXctjumEkdC8J1/6/FKY9R7HFX13vhRS
         SsTg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@yahoo.com header.s=s2048 header.b=QMO9A2oM;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s23-v6si37965660plr.458.2018.05.31.09.22.50;
        Thu, 31 May 2018 09:23:05 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@yahoo.com header.s=s2048 header.b=QMO9A2oM;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1755656AbeEaQW0 (ORCPT <rfc822;zcyberian@gmail.com> + 99 others);
        Thu, 31 May 2018 12:22:26 -0400
Received: from sonic306-26.consmr.mail.gq1.yahoo.com ([98.137.68.89]:35141
        "EHLO sonic306-26.consmr.mail.gq1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1755625AbeEaQWX (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 31 May 2018 12:22:23 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1527783743; bh=FWlUgMrQIKdisploTdXrkeae763E2IfeSzZ2+7c0pgc=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=QMO9A2oMKSV4ybnacchOnJ1gZHhGyvu/rPPp5hHYgQrESXv2ZF6kuDe0hDpMI9/yThOfxEZ3l74k1hQO2J1fRaeGN3H7WYm/Zc9NC8O+26CG+xwxQbUdsg4gJpv2PnMnjl/46kVe4fgBaml2vjPbNXV5PUaMesMlMZW2MIumAAALp3NZsGtwGMJqGfa+SBb+FBXUGhunzsf9myAYbZg3WPFxnH+AL4J+p10u1I/GSVO12l5V6gInudPA2MuPNbL0kWCKuPgIgQb9u3ICuQQTJNpswv+qJisbMnWVdepMt0cbwXXXziccB34VY5vgeMKIz5kTbR3WNdFG+mfhd9LJ7w==
X-YMail-OSG: 4QD9H7UVM1leSF1nzd4B3LsQ_GyF6b62rjBPUqgXWHWCEIVmehnvYm7illxkI.D
 4AICOMyfutbwba1aLNahbKxkPS6ct23c1cFpN7O101otRJJiAb0MW6Fhno68y66f1d.FWgvUmhJm
 9e7UXCPvBp6mrBEl78idF9xLxKIMVWLGMG7E8wim.PmWotXuZmyLRtO3cUM5J8ldsBM5ygQNsDpz
 iQsn4K9Xvt0LvSU4dqmTbMqmDvbEqMyn2MG6UXqB3FoZAtpV2FQ_GOb_i7rye.SZ2_tUAoyyYayY
 bUWvJCX2YI6IxvDuELg1C1LsXbxCTYydVUaU_ARdyIPUl1eYr4gURdMPV0UdUEqKRNDgrPqfoNsZ
 CdPalXForSmR4kvVbwL0VviA3.eBDwtYCJcbpJ0th48xCj83qgEYbznr4GYhFPOHvJ_iE7Nw3EHh
 ILGQKR8.j3DiDzl_2w4NoIA93SAd6teuFovFjc1.fGH2dpU.nbnkKqzPekStyIN6a5alz4fHtccR
 qoVR1bJKoYN6g_QlY7TdrNrmesriBDIygL30RwrDPE8z03CtVUO9rJuYEb1oU5saUlZ3mDNINUln
 492wB88RR7fTdi9rhrsQLw0g1y5qBziXaHOJ90iKDAtfl8u39BBDn8erToanuLyCdCNAfW.QXonQ
 arlaFX7zg2g5FFLgohIc459n5Q8pTpobDirTKbKEZSZk-
Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.gq1.yahoo.com with HTTP; Thu, 31 May 2018 16:22:23 +0000
Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.105]) ([67.169.65.224])
          by smtp402.mail.gq1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 0bfe2f741319e6d9c332b5325cc54f5e;
          Thu, 31 May 2018 16:22:21 +0000 (UTC)
Subject: Re: [PATCH 1/1] Fix memory leak in kernfs_security_xattr_set and
 kernfs_security_xattr_set
To:     Tejun Heo <tj@kernel.org>
Cc:     CHANDAN VN <chandan.vn@samsung.com>, gregkh@linuxfoundation.org,
        bfields@fieldses.org, jlayton@kernel.org,
        linux-kernel@vger.kernel.org, linux-nfs@vger.kernel.org,
        cpgs@samsung.com, sireesha.t@samsung.com,
        Chris Wright <chrisw@sous-sol.org>,
        linux-security-module@vger.kernel.org,
        Casey Schaufler <casey@schaufler-ca.com>
References: <CGME20180531092848epcas1p24b638ccd6da00f1e039bdb64de7e1a5b@epcas1p2.samsung.com>
 <1527758911-18610-1-git-send-email-chandan.vn@samsung.com>
 <20180531153943.GR1351649@devbig577.frc2.facebook.com>
 <4f00f9ae-3302-83b9-c083-d21ade380eb2@schaufler-ca.com>
 <20180531161107.GV1351649@devbig577.frc2.facebook.com>
From:   Casey Schaufler <casey@schaufler-ca.com>
Message-ID: <1ced6bce-92cc-7e0c-fab4-0aaa3d03b82f@schaufler-ca.com>
Date:   Thu, 31 May 2018 09:22:18 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <20180531161107.GV1351649@devbig577.frc2.facebook.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 5/31/2018 9:11 AM, Tejun Heo wrote:
> On Thu, May 31, 2018 at 09:04:25AM -0700, Casey Schaufler wrote:
>> On 5/31/2018 8:39 AM, Tejun Heo wrote:
>>> (cc'ing more security folks and copying whole body)
>>>
>>> So, I'm sure the patch fixes the memory leak but API wise it looks
>>> super confusing.  Can security folks chime in here?  Is this the right
>>> fix?
>> security_inode_getsecctx() provides a security context. Technically,
>> this is a data blob, although both provider provide a null terminated
>> string. security_inode_getsecurity(), on the other hand, provides a
>> string to match an attribute name. The former releases the security
>> context with security_release_secctx(), where the later releases the
>> string with kfree().
>>
>> When the Smack hook smack_inode_getsecctx() was added in 2009
>> for use by labeled NFS the alloc value passed to
>> smack_inode_getsecurity() was set incorrectly. This wasn't a
>> major issue, since labeled NFS is a fringe case. When kernfs
>> started using the hook, it became the issue you discovered.
>>
>> The reason that we have all this confusion is that SELinux
>> generates security contexts as needed, while Smack keeps them
>> around all the time. Releasing an SELinux context frees memory,
>> while releasing a Smack context is a null operation.
> Any chance this detail can be hidden behind security api?  This looks
> pretty error-prone, no?

It *is* hidden behind the security API. The problem is strictly
within the Smack code, where the implementer of smack_inode_getsecctx()
made an error.

>
> Thanks.
>