Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp631614imm; Wed, 1 Aug 2018 02:40:18 -0700 (PDT) X-Google-Smtp-Source: AAOMgpd4IneKLrj/N2094SkTZAQHKYWQoxkToorYd7maIlDa3XBMtlrmBwPiZlVne2Fq2q9+bVbj X-Received: by 2002:a63:5815:: with SMTP id m21-v6mr23374300pgb.78.1533116418805; Wed, 01 Aug 2018 02:40:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533116418; cv=none; d=google.com; s=arc-20160816; b=eskB9miWTGZCDMiK5q8wEcDfCewqp03fmELonSA4Fl8Dd6/uR13nQaxt70TrOihHc/ WFFQoj/subeIIL6xFK4atxTKuC44Ihi8lwsq9UkOpkXBYSjeVWAoAoUnJRmluDjWE3Y+ +BDzoTehTrgwQ/8NExZxpW+Q/Mp/ozYAWlfZVitqpKLHwsQfTfjHdTJPK8xt+WkF6NG5 tI/lp2Pb0Rneh2Xh68xaeYwTdvwPrjwh/hFmA8F3sS4qmL4bApxnhxLfW0yLzR7gc0xc PS6Suigz8M/YpVchUsWjFwA0kbokcN8GhKycT1AmqKLBHWXGYt+IvWpZIB3/NXeHLko6 RaCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :content-language:accept-language:message-id:date:thread-index :thread-topic:subject:cc:to:from:arc-authentication-results; bh=SJMHzDKSA5TJBsl6E0wDtxZXcOTu76WnW3sEmVOiCxk=; b=pegp9/A8ZLeKzEc+HV5mMhww9SrVAZXpH9Lmc4vadb5auErBz94RbsNmSI28r8xb7J UmlkwkQxZwh3jZWqBr9HoOEU3IwRIlFCkMrXLLhHmwvRRNGB2TQOHgSXFeH03lJAVhtQ XlNcoGZk1CLRxUheKolh4jv66Tzh+TAS0WaEiAYlK2zS5xHJeibkxsMxWzYiGG/HB0Dx naFXu2C5+C8Mmh33CVJUMDdbWt+rh7GXctgkU6080fbaqhv47y0Ey9coFVq6qFpN0h2s VmkpI2JN0uV8rufef2I6o0Qpjed1chJN/3MY4lANl1md5OskQ3fWZPxaPQDS6TklTK7V upoQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t89-v6si16765302pfe.59.2018.08.01.02.40.02; Wed, 01 Aug 2018 02:40:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389266AbeHALXY convert rfc822-to-8bit (ORCPT + 99 others); Wed, 1 Aug 2018 07:23:24 -0400 Received: from szxga01-in.huawei.com ([45.249.212.187]:6397 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2389005AbeHALXY (ORCPT ); Wed, 1 Aug 2018 07:23:24 -0400 Received: from DGGEMM406-HUB.china.huawei.com (unknown [172.30.72.55]) by Forcepoint Email with ESMTP id D9391BAF972FC; Wed, 1 Aug 2018 17:24:03 +0800 (CST) Received: from DGGEMM423-HUB.china.huawei.com (10.1.198.40) by DGGEMM406-HUB.china.huawei.com (10.3.20.214) with Microsoft SMTP Server (TLS) id 14.3.382.0; Wed, 1 Aug 2018 17:24:04 +0800 Received: from DGGEMM507-MBX.china.huawei.com ([169.254.1.75]) by dggemm423-hub.china.huawei.com ([10.1.198.40]) with mapi id 14.03.0382.000; Wed, 1 Aug 2018 17:23:57 +0800 From: Nixiaoming To: "viro@zeniv.linux.org.uk" , "serge@hallyn.com" , "jmorris@namei.org" , "eparis@parisplace.org" , "sds@tycho.nsa.gov" , "paul@paul-moore.com" , Lizefan , "miaoxie (A)" CC: "linux-kernel@vger.kernel.org" , "linux-security-module@vger.kernel.org" , "selinux@tycho.nsa.gov" , "linux-fsdevel@vger.kernel.org" Subject: maybe resource leak in security/selinux/selinuxfs.c Thread-Topic: maybe resource leak in security/selinux/selinuxfs.c Thread-Index: AdQpeVHZ6C+RBxudSMK/r1O5xUSIwQ== Date: Wed, 1 Aug 2018 09:23:57 +0000 Message-ID: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.57.88.168] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8BIT MIME-Version: 1.0 X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org advisory: 1 After creating dentry in d_alloc_name, should I call dput to release resources before the exception exit? 2 After calling the new_inode to create an inode, should the inode resource be released before the exception exit? If the dentry and inode resources need to be actively released, there are multiple resource leaks in security/selinux/selinuxfs.c. Example: Linux master branch v4.18-rc5 The function sel_make_avc_files in security/selinux/selinuxfs.c. 1566 static int sel_make_avc_files(struct dentry *dir) ....... 1580 for (i = 0; i < ARRAY_SIZE(files); i++) { 1581 struct inode *inode; 1582 struct dentry *dentry; 1583 1584 dentry = d_alloc_name(dir, files[i].name); 1585 if (!dentry) /*Resource leak: when i!=0, the release action of dentry and inode resources is missing*/ 1586 return -ENOMEM; 1587 1588 inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode); 1589 if (!inode) /*Resource leak: missing dput(dentry)*/ /*Resource leak: when i!=0, the release action of dentry and inode resources is missing*/ 1590 return -ENOMEM; 1591 1592 inode->i_fop = files[i].ops; 1593 inode->i_ino = ++fsi->last_ino; 1594 d_add(dentry, inode); 1595 } 1596 1597 return 0; 1598 } There are similar resource leaking functions: Sel_make_bools Sel_make_avc_files Sel_make_initcon_files Sel_make_perm_files Sel_make_class_dir_entries Sel_make_policycap Sel_fill_super Sel_make_policy_nodes Sel_make_classes