Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp780177imm; Fri, 1 Jun 2018 09:23:20 -0700 (PDT) X-Google-Smtp-Source: ADUXVKJE7W4RkHJiK+HOAIOJgCf5Fx4zI944kWqFmUwoufGy2l7UegNjoCl2q3CxTaIURGDKcMA5 X-Received: by 2002:a17:902:be0b:: with SMTP id r11-v6mr11943158pls.182.1527870199991; Fri, 01 Jun 2018 09:23:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527870199; cv=none; d=google.com; s=arc-20160816; b=nECbI9DdVBhqyecoJ1sZwyjZ7HUq6kNxcyb8kIoum8vRJiKaDheAJ3YO0a5kQ9uSaD QtncdB7L3wTj+CninJda8Hwbr5bnlAe+8fWhj0hLnXchL8ggZIm92unozh3+axbaL7PG HoU2dmef7zkOUMTv4h0/kTxdOMXxZqR08LwfKXdgYUN+yJqOcykYbpUTjbM+jcLxgPF4 yRh9B/TmYj6jskVFv5JJpGOP3/Y4Ee5RU5grfwXuWjsIfFEmfFMQ3Codc7Z1MRbrpLe3 nRnyewoT/ghIMnBQAuDeekHntnlBotGI1d8jsz/cjAYI72OdO4koYnN2nwpbFHsRcwqM y1Jg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=WsQQBIKGOwdi8O0GLvJpBABkKrP8fYTivozmG4e5wOI=; b=umODGuq7D20xfB4hbwXRXHZ/aRrPG80evA5BIO8EdrWTN2ygX3aJsL3YbdlUC4Opuq ZH7SDJFdak+nThCSin0qcerbHMhr7iqoLwJx+FsPrtoO7i1mxGKT7F0rlIUJfOoptA7j OznlfkhbX73jva5GSReKwVPrsHtWwBRQLuwlq4JNaMftsMowkDdUcmXuVVhMCJN72u1n rIrPZ6geZeacLhx7Hs/DSfj4iV4UzN5rrB5AWFD+tCOc7MRvAgX9LO5Ntb7AGloFs5wp FoI0irCzPeUFQ3UOjQHRu7VksPkYkq0EufhQRrf8yUSVSXjaDUFovTJFDj5KxIxYqVRW X1CA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=P4sciPwU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r7-v6si6076098pgn.326.2018.06.01.09.23.05; Fri, 01 Jun 2018 09:23:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=P4sciPwU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752787AbeFAQWf (ORCPT + 99 others); Fri, 1 Jun 2018 12:22:35 -0400 Received: from sonic310-27.consmr.mail.gq1.yahoo.com ([98.137.69.153]:45133 "EHLO sonic310-27.consmr.mail.gq1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752064AbeFAQWb (ORCPT ); Fri, 1 Jun 2018 12:22:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1527870150; bh=WsQQBIKGOwdi8O0GLvJpBABkKrP8fYTivozmG4e5wOI=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=P4sciPwUiOoFUnJTU8LtfpC2KqXclLMfXZdvxIQcZPPkNrKc94nkrl2wJuNQ0xAkTHlrs/uIxZ092blECeKP1x0zW8j2KV01oN3loZ8dCO9NGycQzGzP1U4kAoWEKXqpo/W6aG67bfoZXSRFwY5mtXRIxIu7OKWtUSEKqhSgTlF4A+9mldMKnU73bpRcd2DKvAsjE1tTFiriDY5AVq9z/ig1P1BCNkpTHDRW0PIwzXfFHBHl9mLt4vSzXsPn4Eg4rKIuZbeCjI6tJ/flMxBkoR6ybEdwFJKOuEEyOFg42/C6C+dg+9NEKg755NQn7p4hJOMjcNobujjCsaCTKp0lXw== X-YMail-OSG: nXgaC78VM1nms47RJ7ETpA9V3qhR8OmICRXF4rgQTaqXNyEhsUMWci37qgqZUnQ NgPihj1aiwemZpVuQZoBFk0GV6CjMMVy3U9UBUN4uJ3nFwYVFj1o0j5bUuVgWDpmJr8bZIyQ7He2 h0SjAFOW2ZT2De.gUKA_S87bV6zrdA_VVpZ50IgS32AysgSgH5PgfwrTx449YfUoATKth83b6kb5 zbKGretnvNVmycpK2xABgwBdv0PytmOREis8yd0O6lYvzgRDUHu7KNqsAgCnwM2CCEGXaUu.Ma8W TDbhEC3214VY763h_oEvytn1JZZE1dv53oReTcXZRlb_VDLLqjIm.2RI4A6oN6nqhe9l7M4WuXC1 VGj1GH2Z_bwWFEuSLH9Wf4jm9tza_4vZJf1rzjUqj4oPnmfNeW8nQEMdiE.QwLMuUuzgVL002NF4 It76QpxXSqdoZVBrBQKo4XFswpr1T8oe4t8jHtUU3Je1eHOSm4Rx96oYcrGEsg5Gjg4y9rLHO6Cw LfI6uN8PM6zXHw6L14K30r7f8nrk5LWNSTpFRTpDTbDVfNUIgwdo0vmzpoZzJIhMpbQel6wlUhnq oU1mHRQF4w5CA18oZvLQsr3mv1wL4m2jH9pAFYBuNVeiC4sH0Xi9Fukezot1SKJ4YgzXPrhcUCpA MR_axoEsYgEL8l2tcHGc4EsHa_rNH.AI37YET1MIj_lI- Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.gq1.yahoo.com with HTTP; Fri, 1 Jun 2018 16:22:30 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.105]) ([67.169.65.224]) by smtp401.mail.gq1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 0700ea11002c6f87381bb867acc5a2bd; Fri, 01 Jun 2018 16:22:29 +0000 (UTC) Subject: Re: [PATCH 1/1] Fix memory leak in kernfs_security_xattr_set and kernfs_security_xattr_set To: chandan.vn@samsung.com, Tejun Heo Cc: "gregkh@linuxfoundation.org" , "bfields@fieldses.org" , "jlayton@kernel.org" , "linux-kernel@vger.kernel.org" , "linux-nfs@vger.kernel.org" , CPGS , Sireesha Talluri , Chris Wright , "linux-security-module@vger.kernel.org" , Casey Schaufler References: <1ced6bce-92cc-7e0c-fab4-0aaa3d03b82f@schaufler-ca.com> <1527758911-18610-1-git-send-email-chandan.vn@samsung.com> <20180531153943.GR1351649@devbig577.frc2.facebook.com> <4f00f9ae-3302-83b9-c083-d21ade380eb2@schaufler-ca.com> <20180531161107.GV1351649@devbig577.frc2.facebook.com> <20180601085609epcms5p5fefac0156a4816e9e48751211ab595ee@epcms5p5> From: Casey Schaufler Message-ID: <02d9878e-65bf-5de8-9658-cf0f692f358c@schaufler-ca.com> Date: Fri, 1 Jun 2018 09:22:28 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <20180601085609epcms5p5fefac0156a4816e9e48751211ab595ee@epcms5p5> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/1/2018 1:56 AM, CHANDAN VN wrote: > Hi >   > >> On 5/31/2018 9:11 AM, Tejun Heo wrote: >>  On Thu, May 31, 2018 at 09:04:25AM -0700, Casey Schaufler wrote: >>>>  On 5/31/2018 8:39 AM, Tejun Heo wrote: >>>>>  (cc'ing more security folks and copying whole body) >>>>> >>>>>  So, I'm sure the patch fixes the memory leak but API wise it looks >>>>>  super confusing.  Can security folks chime in here?  Is this the right >>>>>  fix? >>>>>  security_inode_getsecctx() provides a security context. Technically, >>>>>  this is a data blob, although both provider provide a null terminated >>>>>  string. security_inode_getsecurity(), on the other hand, provides a >>>>>  string to match an attribute name. The former releases the security >>>>>  context with security_release_secctx(), where the later releases the >>>>>  string with kfree(). >>>>> >>>>>  When the Smack hook smack_inode_getsecctx() was added in 2009 >>>>>  for use by labeled NFS the alloc value passed to >>>>  smack_inode_getsecurity() was set incorrectly. This wasn't a >>>>  major issue, since labeled NFS is a fringe case. When kernfs >>>>  started using the hook, it became the issue you discovered. >>>> >>>>  The reason that we have all this confusion is that SELinux >>>>  generates security contexts as needed, while Smack keeps them >>>>  around all the time. Releasing an SELinux context frees memory, >>>>  while releasing a Smack context is a null operation. >>>  Any chance this detail can be hidden behind security api?  This looks >>>  pretty error-prone, no? >   >>> It *is* hidden behind the security API. The problem is strictly >>> within the Smack code, where the implementer of smack_inode_getsecctx() >>> made an error. > I agree that the fix can be done simply by using "false" for > smack_inode_getsecurity(), but what happens with kernfs_node_setsecdata() > and smack_inode_notifysecctx(). kernfs_node_setsecdata() is probably ignorable > but smack_inode_notifysecctx() is sending the "ctx" to smack_inode_setsecurity() > and since "ctx" would be NULL because we used "false", smack_inode_setsecurity() > becomes dummy. Thank you for pointing this out. You're right, there's more at issue here than changing the alloc flag will fix. I think that calling smack_inode_getsecurity() from smack_inode_getsecctx() is making the code more complicated than it needs to be. I will have a patch shortly.