Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp813880imm;
        Fri, 3 Aug 2018 12:02:34 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpdw7FwJxNbQJ7hMWi3Pq7oF5fAB5eFdI3JjO5dzATO4AfS65wEfEKn+IeWlSQjHqZdjE+Wc
X-Received: by 2002:a17:902:7e06:: with SMTP id b6-v6mr4680579plm.230.1533322954751;
        Fri, 03 Aug 2018 12:02:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1533322954; cv=none;
        d=google.com; s=arc-20160816;
        b=Rbe+oMDzgi5nhG5vdTXTibSA0U+TSufeeO+pnKvRrNbtxTnrQu5/gbKYqtyUtLtdB/
         zjzVuY1aKyOZFcJlPMgyiAEXsNIJ9dk1gKjBrgbK4uoOsPxWL9eLACWz4vTsjzu6Xvyq
         SjqP2ozphhwvo3+HKMyihGRQT2dndkpQNmIwjR1x0eCwhi/4M/NujLiq+cc3BlxMQXyT
         dMiqMnP4xU+1kTgHdYCAHOhf9F4/CewzzHZDuuJrwdSYFDQWCLaIPbNEd8wxGy3DLnlV
         go0cUp9WV0NbAJKdZYaSifb/8b4aKoL6TRNkuW0wPjxOQzU0ae7OLdTRklFBQ2LSee+N
         UQLA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature
         :arc-authentication-results;
        bh=cPx2HWtFBioibTR8v5uOLEVigfQFCyE/oiiue74TZrg=;
        b=sXORpUIT9NMmvPbaKI5Ijz8/Bazz4yARAT1XbZ/yleUN1QKjCQdC+WUwVjHZuJ7xAJ
         IQJrkY0usPS0d6UFT7Qmwu7+DGyK6lm8hAmLol4TaHqenmNAlc4QIqvS0tkkIQqIDgqo
         HFagE+hRP81xtmxLS8rObEbymtsopo2sDbxUfXU4PBqYXUH32/kCs7trfTGFq0DdAddQ
         MaCVl0OhwxIMBIK7qw5ecYxWU7ywMF56uw0FnbOiPN10AMI1Sak2UFvtYgLmj+gOM9Tq
         Q0QOFYMr+ItDX5dpelWS7mv5Tn37tqF6sdB4oBnUYDD2+lKx0YGJw/k76MKVt5dv2USr
         LikQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=07zGZCDz;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id p131-v6si5499302pgp.343.2018.08.03.12.02.19;
        Fri, 03 Aug 2018 12:02:34 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=07zGZCDz;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731969AbeHCU7C (ORCPT <rfc822;plaguedbypenguins@gmail.com>
        + 99 others); Fri, 3 Aug 2018 16:59:02 -0400
Received: from mail-lj1-f196.google.com ([209.85.208.196]:45449 "EHLO
        mail-lj1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728324AbeHCU7B (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 3 Aug 2018 16:59:01 -0400
Received: by mail-lj1-f196.google.com with SMTP id w16-v6so5721811ljh.12
        for <linux-kernel@vger.kernel.org>; Fri, 03 Aug 2018 12:01:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paul-moore-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=cPx2HWtFBioibTR8v5uOLEVigfQFCyE/oiiue74TZrg=;
        b=07zGZCDz2BGnY0FdhTHkkxGCKD2NCJly61SHmaTaz67kJmKsyUuCEY7Hba8wYn3qX9
         +m6i7itsH60eQagyN6sIHRTd9hQ73puY8qdNxGhYvbiWrM/plPbONhZYOpxXahWTJsLj
         sV9F07Sx9byFWvmEihoUyaEhRr+RKHDQSW0c/0Xq+8mUWm8NghPfxKCdMVVGRoB7d3PK
         R9cn3LRSuo2nj26CevBNIB0T+TNgh3S3Y/r8A+ns7WK6M/sEH3zdlxTqwAW2lBv/jKql
         a/gAOfdRkJMTD/yMYd1Pejt048vIG01h4O5y2qpNGdvs+uLE6Yz7GerTrcYVaf5UQ2NE
         ClMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=cPx2HWtFBioibTR8v5uOLEVigfQFCyE/oiiue74TZrg=;
        b=r5Uymt0wZ50SjeS7949VxvYNiItFFFyywyGIjVxJyLeQ9Czs2rxHQo6J2dqkQeJks5
         WwJl6YCuFcMtaUH85ncgJDxB+guthd4O5vujmB1sZpLoZUvAdNd/rWqIB9lIRCcCOmQI
         7PyJ2+MJFKGEgixGtLw1yeW3wOZglKAD9myAXViq17UUpJfvTAbN8QtYsUAp8YYrEaOj
         5LDu+1ogABFIDAjXpqvIiMir1wlR5LT1Y3WDohTqz/hlk3bOwIG9VYan+6ZlAx+a+GS/
         is7pJXKF/lW6UshnfkWJglVGMuk9AMBtK7n90okDpRG40QSsvdwpwRwO1f2mQHKtgNI7
         N1Eg==
X-Gm-Message-State: AOUpUlHKqYUZAoELwJ2tcDNPHn79onDkThQlCoCH9VKSmdt+RTmEzLFc
        Q6CPz93IOvNPrVwjFEOUa6+3ueQZk3hzUF7Hik4k
X-Received: by 2002:a2e:2d0a:: with SMTP id t10-v6mr6065652ljt.8.1533322887617;
 Fri, 03 Aug 2018 12:01:27 -0700 (PDT)
MIME-Version: 1.0
References: <E490CD805F7529488761C40FD9D26EF12A72A2C9@dggemm507-mbx.china.huawei.com>
In-Reply-To: <E490CD805F7529488761C40FD9D26EF12A72A2C9@dggemm507-mbx.china.huawei.com>
From:   Paul Moore <paul@paul-moore.com>
Date:   Fri, 3 Aug 2018 15:01:16 -0400
Message-ID: <CAHC9VhS4nwcErVriwBzvvRQTFLZ=U_p8gA7xQnjs1wBKtmSgxQ@mail.gmail.com>
Subject: Re: maybe resource leak in security/selinux/selinuxfs.c
To:     nixiaoming@huawei.com
Cc:     viro@zeniv.linux.org.uk, serge@hallyn.com,
        James Morris <jmorris@namei.org>,
        Eric Paris <eparis@parisplace.org>,
        Stephen Smalley <sds@tycho.nsa.gov>, lizefan@huawei.com,
        miaoxie@huawei.com, linux-kernel@vger.kernel.org,
        linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov,
        linux-fsdevel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Aug 1, 2018 at 5:39 AM Nixiaoming <nixiaoming@huawei.com> wrote:
>
> advisory:
> 1 After creating dentry in d_alloc_name, should I call dput to release resources before the exception exit?
> 2 After calling the new_inode to create an inode, should the inode resource be released before the exception exit?
>
> If the dentry and inode resources need to be actively released, there are multiple resource leaks in security/selinux/selinuxfs.c.

Hello.  Sorry for the delay in responding, comments inline ...

> Example:
> Linux master branch v4.18-rc5
> The function sel_make_avc_files in security/selinux/selinuxfs.c.
>
> 1566 static int sel_make_avc_files(struct dentry *dir)
> .......
> 1580     for (i = 0; i < ARRAY_SIZE(files); i++) {
> 1581         struct inode *inode;
> 1582         struct dentry *dentry;
> 1583
> 1584         dentry = d_alloc_name(dir, files[i].name);
> 1585         if (!dentry)
> /*Resource leak: when i!=0, the release action of dentry and inode resources is missing*/

I don't understand the leak in this case?  If d_alloc_name() fails on
a partially constructed /sys/fs/selinux/avc directory the previously
allocated dentry/inodes are not lost or leaked, d_alloc_name()
attached them to the parent dentry.

> 1586             return -ENOMEM;
> 1587
> 1588         inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode);
> 1589         if (!inode)
> /*Resource leak: missing dput(dentry)*/
> /*Resource leak: when i!=0, the release action of dentry and inode resources is missing*/

Yes, in this case it does look like we are missing a call to dput().
Would you like to submit a patch to fix this as well as the others in
selinuxfs.c?

> 1590             return -ENOMEM;
> 1591
> 1592         inode->i_fop = files[i].ops;
> 1593         inode->i_ino = ++fsi->last_ino;
> 1594         d_add(dentry, inode);
> 1595     }
> 1596
> 1597     return 0;
> 1598 }
>
> There are similar resource leaking functions:
> Sel_make_bools
> Sel_make_avc_files
> Sel_make_initcon_files
> Sel_make_perm_files
> Sel_make_class_dir_entries
> Sel_make_policycap
> Sel_fill_super
> Sel_make_policy_nodes
> Sel_make_classes

-- 
paul moore
www.paul-moore.com