Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp2118785yba;
        Fri, 19 Apr 2019 12:30:11 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzkaahjnkeeYcoO/hC/Zkh764ZXcixFbbjtvjcsLFA5zk3mSDe2/ng5SeDfzYzKGAdz/0/d
X-Received: by 2002:a63:30c5:: with SMTP id w188mr5564234pgw.76.1555702211026;
        Fri, 19 Apr 2019 12:30:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1555702211; cv=none;
        d=google.com; s=arc-20160816;
        b=Wzu+hpE0k43OlT2BvOBP82Lj2Yx1gfmeWOEEof/tNleAN4ldZpiUWULuBFPAV3TAOs
         bY6J2TR+p2kc99WUOUQHs5oMDPbAbirzE+xC8BFQvTLvO/UaVmRRdcVekHG3sm5Y/UTf
         o9IEMQkAyMzn04MsKxfzUPy2ggOvhhYQroBXmRwEXgNoxLEC61v55HfTauCMc9qFXlb+
         DD+3+92xcEuhEWmQYsNHf1qQ7wmR02f7I91jIb0F/QazEFSsTy+GNzTPMxSJkehqULaJ
         zcOV0Fy4KFGr90vUaX8gFN5Ve0IR6FvprZQUdnKSLXtCMYWV5agcyaC6Gzvguem5ucPF
         yDzg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=f8awkoFgJo+7sK0/t71k/qt5Gg5gyX9rXy3SAgYCU+U=;
        b=KW/cNj51HlQWtUE9qjOyHQj5JEz3aQOCCnyn7yqUPjOgHekWhVlSSgBjtZeNh1bPYy
         jCsef3maNJUF479hitCI/TG5pEnE6Nm5oRcvChH7AwgCLEWMJcbMTEPplnp5BrP8jC/t
         bsBIPeMobovsYUcw/NzbRdqWfxw/gIf6s+xW7TdJwFoQ1EZW1rjTylUNaAaRF+AiJU21
         iqlbFNFVSUqxK+5AHmn7S1qxItfrd2H8YiOFt2nON2z6AaaWJMAm2hFwxrdeKuBs8Kl5
         9uh0WcdnV3ADyAvnfmONLNIoX8DNzlpjBQESwraYYdSRgNNTYPWB3eA63wqEIdLB0IB8
         qrRw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=dSxlCpbL;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id k12si5738878plt.28.2019.04.19.12.29.56;
        Fri, 19 Apr 2019 12:30:11 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=dSxlCpbL;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727398AbfDST2x (ORCPT <rfc822;brice.berna@gmail.com>
        + 99 others); Fri, 19 Apr 2019 15:28:53 -0400
Received: from mail-lf1-f65.google.com ([209.85.167.65]:33555 "EHLO
        mail-lf1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725961AbfDST2x (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 19 Apr 2019 15:28:53 -0400
Received: by mail-lf1-f65.google.com with SMTP id j11so4691111lfm.0
        for <linux-kernel@vger.kernel.org>; Fri, 19 Apr 2019 12:28:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paul-moore-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=f8awkoFgJo+7sK0/t71k/qt5Gg5gyX9rXy3SAgYCU+U=;
        b=dSxlCpbLirYkjVORpxe+f+H6+6jho/uixN8Rws9Ju2GRfPAgh4P3cSj45wsYrHpGdd
         t3ElM5Z4PShUQJtPAQLTOoFw4OAdKyRdoWQgVUFkA4i2x+EHXAukvaRbs01lT2absiwt
         30YE4MRhtZTOsmrLfW4alm/lIypUsLQdZNo6RqtnVIaOi3aNRXZAYZmN+LKxqnBWpryA
         XNAQJAyCazdJO1XUVj0ZXkMqKf+bm8GNmUC3f3H9+nCoFR42tyDSA0K2csZ6cwTw4t7+
         Yfk09FCamdjkN+Zmr25Jgi90G++8EIKITP9uDuWJl9wuZE4zTFUAjc5iQYA/W4b1uoE4
         Ii2g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=f8awkoFgJo+7sK0/t71k/qt5Gg5gyX9rXy3SAgYCU+U=;
        b=LrYOiO1XDS4ruWhdPRXim4quAHSgL+H/2YwZahUrsqgpKHSaBqNta3WlkJVtg9Mkt9
         7HrWGkAwkanQSf8Tb+7hk4iHOBCd+dZR1LBfi2Z4KxNTGrRxLVdoISoNWfOkXT1VIdCH
         MJjpdHuZKRclAy6nsLyejHamszVndyEZRn9RatFY68wrDnzLtXtShDlUU5BC/BOMTL5m
         9PYDppIGrjBaUFJ6yPqluE9B6tEHKD+u3pB/6DLiNFDYgMh4nYvD+CMstx0GhcFDyiJH
         rdbDHJD00mYc+uhGxWSs8hxhVMG0kcFyqfWUHt2YWzmI1X0fu1+6pi/uP2rQvYmULiuc
         NU2A==
X-Gm-Message-State: APjAAAVywPkO7KRVjQun9PbUUy3GD3BHw99woxymxkgoFGROg7TEq4fy
        5o2Rme9AMhR1k6//rjuGYzxhmdRcFSlvBRIWPMaY
X-Received: by 2002:a19:2814:: with SMTP id o20mr3081918lfo.117.1555702130446;
 Fri, 19 Apr 2019 12:28:50 -0700 (PDT)
MIME-Version: 1.0
References: <1555686587-13866-1-git-send-email-wang6495@umn.edu>
In-Reply-To: <1555686587-13866-1-git-send-email-wang6495@umn.edu>
From:   Paul Moore <paul@paul-moore.com>
Date:   Fri, 19 Apr 2019 15:28:39 -0400
Message-ID: <CAHC9VhQNGiw_+KhZPC7DhzS83u3gi+Ch1AKCeZitsFg=98gUDA@mail.gmail.com>
Subject: Re: [PATCH v2] audit: fix a memory leak bug
To:     Wenwen Wang <wang6495@umn.edu>
Cc:     Eric Paris <eparis@redhat.com>,
        "moderated list:AUDIT SUBSYSTEM" <linux-audit@redhat.com>,
        open list <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Apr 19, 2019 at 11:10 AM Wenwen Wang <wang6495@umn.edu> wrote:
>
> In audit_rule_change(), audit_data_to_entry() is firstly invoked to
> translate the payload data to the kernel's rule representation. In
> audit_data_to_entry(), depending on the audit field type, an audit tree may
> be created in audit_make_tree(), which eventually invokes kmalloc() to
> allocate the tree.  Since this tree is a temporary tree, it will be then
> freed in the following execution, e.g., audit_add_rule() if the message
> type is AUDIT_ADD_RULE or audit_del_rule() if the message type is
> AUDIT_DEL_RULE. However, if the message type is neither AUDIT_ADD_RULE nor
> AUDIT_DEL_RULE, i.e., the default case of the switch statement, this
> temporary tree is not freed.
>
> To fix this issue, only allocate the tree when the type is AUDIT_ADD_RULE
> or AUDIT_DEL_RULE.
>
> Signed-off-by: Wenwen Wang <wang6495@umn.edu>
> ---
>  kernel/auditfilter.c | 16 +++++++++++-----
>  1 file changed, 11 insertions(+), 5 deletions(-)

This looks good, it just needs some minor vertical whitespace fixes (see below).

> diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
> index 63f8b3f..923b858 100644
> --- a/kernel/auditfilter.c
> +++ b/kernel/auditfilter.c
> @@ -1114,22 +1114,28 @@ int audit_rule_change(int type, int seq, void *data, size_t datasz)
>         int err = 0;
>         struct audit_entry *entry;
>
> -       entry = audit_data_to_entry(data, datasz);
> -       if (IS_ERR(entry))
> -               return PTR_ERR(entry);
> -
>         switch (type) {
>         case AUDIT_ADD_RULE:
> +               entry = audit_data_to_entry(data, datasz);
> +               if (IS_ERR(entry))
> +                       return PTR_ERR(entry);
> +

I realize you are taking the blank line from the code above, but we
probably don't need it here.

>                 err = audit_add_rule(entry);
>                 audit_log_rule_change("add_rule", &entry->rule, !err);
>                 break;
> +

Definitely do not add this blank line.

>         case AUDIT_DEL_RULE:
> +               entry = audit_data_to_entry(data, datasz);
> +               if (IS_ERR(entry))
> +                       return PTR_ERR(entry);
> +
>                 err = audit_del_rule(entry);
>                 audit_log_rule_change("remove_rule", &entry->rule, !err);
>                 break;
> +

Same here.

>         default:
> -               err = -EINVAL;
>                 WARN_ON(1);
> +               return -EINVAL;
>         }
>
>         if (err || type == AUDIT_DEL_RULE) {
> --
> 2.7.4

-- 
paul moore
www.paul-moore.com