Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp1041981imm; Thu, 31 May 2018 14:09:25 -0700 (PDT) X-Google-Smtp-Source: ADUXVKKwdVMU172pqUM+Gd93kAb6tNG4wA91qASutaCpTx0eD351vep/oBIynXduKQLIXOJLa275 X-Received: by 2002:a17:902:b28:: with SMTP id 37-v6mr8382600plq.201.1527800965310; Thu, 31 May 2018 14:09:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527800965; cv=none; d=google.com; s=arc-20160816; b=SokG6aDEPjZFiHkBWrbaaRu59XNLL+sPG3ZTuhVq1zk6xH9CEtwq9BE/fTeV7cDEod Qbl/9d3MW0sRrDFxZVSUDshq8hzub2igBo/hG7HQ3weAOMmrpYBen+zK69OMEOnKkgXQ Ax+rBgZdX5/Q/BwdabuuX4iGCVTUZ0Ebzk5bDO+7Cbv3cC0UTKiFussJnycKLQdIgxTF mwzZqGeJPb2PN+0NfLspzdl6bGKpqWyPPh0G4XKMPbmKlcVUeDjVDbJccdpoikZwV4jN ngBUGWoKuEZK78LnjdkAwCsGmv35Y5IsUG0MB7USc1IPKFRYL/JPmg6GQjWz6B66sPon PKag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=cE5lJGmTZN7MtB2bf5hxXeRAWzJURDpYOcyOSNGgHhc=; b=MSBvNAmcfpo2RCgAEoVrMw1EQYK/0zwo8TNtndErNJI9tyaPwRzYChipEr1xW9iEnj pZa9jW2u/PiE/pWCqn0NDcdGhDWioO2yX1HA4BMyzuvQrHITeQ8pzRrty28jDFbvQnPh mq68YNHduNu6KZkakscvcPcXzgSogeK2+Z12/BuVCgA+64sTRIdhowbo5+LoqEx3ez7U w6pNnMLKUU3lkb3pJK9EtYu3iyG6A3AkGsg62rzX1gMErLLdJoRyGy3U7v7hn1V3uva6 hyxW/OmIHAbjlWykhyMpX60ZV4FXOss6Hdan4rNvrYxBY5tNSWARH0Vrd+Kz1cXHKVwJ LQGw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=iSO0ZzEi; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f35-v6si36972311plh.193.2018.05.31.14.09.10; Thu, 31 May 2018 14:09:25 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=iSO0ZzEi; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751193AbeEaVIZ (ORCPT + 99 others); Thu, 31 May 2018 17:08:25 -0400 Received: from sonic301-28.consmr.mail.gq1.yahoo.com ([98.137.64.154]:39657 "EHLO sonic301-28.consmr.mail.gq1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750981AbeEaVIT (ORCPT ); Thu, 31 May 2018 17:08:19 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1527800899; bh=cE5lJGmTZN7MtB2bf5hxXeRAWzJURDpYOcyOSNGgHhc=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=iSO0ZzEiNFre8jn1ghrgFNPO/h37R5C736DZPHOdoO1u/vzuqxjI0hEJwf7aqziajuroAuJmasVicWodF/JHbvjMSsssYbGf13jjoUxUElqSQuVvGz5Inw8+RF0QA2t0kd9DKIhCSq6xvXtqJpnpFycPGPKmYnvAKNmsSp6bdgr/fDjx6OPABh4rC9dbHd1yWbfUaN4ZfEceZldehNqxvOgxVlhuWrP7gXBZDNePhdhot14DLERPcr/oCpbU7qTVafLSg9pDbm7ixNaADg497j+5B9njh1tLChFxCFL0vRld/teWI3oha8Wa/uZM2oD/IjEbYz5svp5EK2WNrhEtfw== X-YMail-OSG: 4m5ehwsVM1nGy80gE4k.U3KM8.rYrkRXLUQcLWFO.VrVESmKF6Vy1FYOJqvEWcz VbDderKsyQXTFtUcguFXGEcXAIqqgTU185p.GFSGx2pgSHJQn5o8xgSVbAf2vHjymvB9C9zxUSWb 0RRVO.WBPVLHkpmimOJ0rA1rOsfvce_Y3P.V1kfLz4C2I0tusBxjZljspXl1.hpEVxsSev7ev0hF 5LYAuQcwrRmP7yfDbm4gsAEXU_40LTU5OzshQ7lmoSoXnK5LjcmB6Qy0dj9nuW7G4b0mF80kRsaP HE.wElxcxsETatluHpWy9t9OUvMjk90YWg8YCO4saSvCpbzBELviMFsS3iVpdgY2A4QRxvQFvTAI 2maEYhXBPjKMPEJFqQ5TTO37w97WDN0K85O.nEKyVsFxa_Ykw2.2LcLI0a5Qki4IRwkEXHI1bkid .rK2SFpg9XMcXnqT_iFPXvXY3XjqeIRgqX_eVkJ4uXPwLjMnAGJZNlXIPQBxAFglnZ5G4NdSu3I6 VXvDOC2l9dzNWih5cSRXG17sbiOM_J9oCwf7cpCXiNeqy58ElJeKXBi8871WnYXDzWfUSyjRP9is XOfLYstXCYE2ZC_LdM_jDghGtO_4kGEf_W7rn.dmMtZoxvBhaYwUzDheFfngwLyG.1SzNfJi_yTq YwhCogwnAvFLb7gIT_T286fj87vJDC.mUx5boBeNsWtHLfG9vNy2cKpt9JPuKWsrGLWOXiiJE7V1 EpVvBISBbBj3CrlFcTalDbTXPArUG70kz28aJ754d Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.gq1.yahoo.com with HTTP; Thu, 31 May 2018 21:08:19 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.105]) ([67.169.65.224]) by smtp417.mail.gq1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID bee2f26c664aa83a165affbb7ac8d02c; Thu, 31 May 2018 21:08:17 +0000 (UTC) Subject: Re: [PATCH 1/1] Fix memory leak in kernfs_security_xattr_set and kernfs_security_xattr_set To: "Eric W. Biederman" Cc: CHANDAN VN , gregkh@linuxfoundation.org, tj@kernel.org, bfields@fieldses.org, jlayton@kernel.org, linux-kernel@vger.kernel.org, linux-nfs@vger.kernel.org, cpgs@samsung.com, sireesha.t@samsung.com, Casey Schaufler References: <1527758911-18610-1-git-send-email-chandan.vn@samsung.com> <87po1ba6hv.fsf@xmission.com> From: Casey Schaufler Message-ID: <9fb8de9d-3a9a-706b-50a9-11e768f72851@schaufler-ca.com> Date: Thu, 31 May 2018 14:08:14 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <87po1ba6hv.fsf@xmission.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/31/2018 1:57 PM, Eric W. Biederman wrote: > Casey Schaufler writes: > >> On 5/31/2018 2:28 AM, CHANDAN VN wrote: >>> From: "sireesha.t" >>> >>> Leak is caused because smack_inode_getsecurity() is allocating memory >>> using kstrdup(). Though the security_release_secctx() is called, it >>> would not free the allocated memory. Calling security_release_secctx is >>> not relevant for this scenario as inode_getsecurity() does not provide a >>> "secctx". >>> >>> Similar fix has been mainlined: >>> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=57e7ba04d422c3d41c8426380303ec9b7533ded9 >>> >>> The fix is to replace the security_release_secctx() with a kfree() >>> >>> Below is the KMEMLEAK dump: >>> unreferenced object 0xffffffc025e11c80 (size 64): >>> comm "systemd-tmpfile", pid 2452, jiffies 4294894464 (age 235587.492s) >>> hex dump (first 32 bytes): >>> 53 79 73 74 65 6d 3a 3a 53 68 61 72 65 64 00 00 System::Shared.. >>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ >>> backtrace: >>> [] __save_stack_trace+0x28/0x34 >>> [] create_object+0x130/0x25c >>> [] kmemleak_alloc+0x30/0x5c >>> [] __kmalloc_track_caller+0x1cc/0x2a8 >>> [] kstrdup+0x3c/0x6c >>> [] smack_inode_getsecurity+0xcc/0xec >>> [] smack_inode_getsecctx+0x24/0x44 >>> [] security_inode_getsecctx+0x50/0x70 >>> [] kernfs_security_xattr_set+0x74/0xe0 >>> [] __vfs_setxattr+0x74/0x90 >>> [] __vfs_setxattr_noperm+0x80/0x1ac >>> [] vfs_setxattr+0x84/0xac >>> [] setxattr+0x114/0x178 >>> [] path_setxattr+0x74/0xb8 >>> [] SyS_lsetxattr+0x10/0x1c >>> [] __sys_trace_return+0x0/0x4 >>> >>> Signed-off-by: sireesha.t >>> Signed-off-by: CHANDAN VN >> Why not: >> >> static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) >> { >> - int len = 0; >> - len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true); >> + int len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, false); >> > The practical difference here is the true vs the false in the call > to smack_inode_getsecurity? That is correct. The author of smack_inode_getsecctx() has a SELinux background and appears to have missed that Smack is careful not to allocate memory and make copies of labels when it doesn't need to. > >> if (len < 0) >> return len; >> > Eric >