Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp2118785yba; Fri, 19 Apr 2019 12:30:11 -0700 (PDT) X-Google-Smtp-Source: APXvYqzkaahjnkeeYcoO/hC/Zkh764ZXcixFbbjtvjcsLFA5zk3mSDe2/ng5SeDfzYzKGAdz/0/d X-Received: by 2002:a63:30c5:: with SMTP id w188mr5564234pgw.76.1555702211026; Fri, 19 Apr 2019 12:30:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555702211; cv=none; d=google.com; s=arc-20160816; b=Wzu+hpE0k43OlT2BvOBP82Lj2Yx1gfmeWOEEof/tNleAN4ldZpiUWULuBFPAV3TAOs bY6J2TR+p2kc99WUOUQHs5oMDPbAbirzE+xC8BFQvTLvO/UaVmRRdcVekHG3sm5Y/UTf o9IEMQkAyMzn04MsKxfzUPy2ggOvhhYQroBXmRwEXgNoxLEC61v55HfTauCMc9qFXlb+ DD+3+92xcEuhEWmQYsNHf1qQ7wmR02f7I91jIb0F/QazEFSsTy+GNzTPMxSJkehqULaJ zcOV0Fy4KFGr90vUaX8gFN5Ve0IR6FvprZQUdnKSLXtCMYWV5agcyaC6Gzvguem5ucPF yDzg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=f8awkoFgJo+7sK0/t71k/qt5Gg5gyX9rXy3SAgYCU+U=; b=KW/cNj51HlQWtUE9qjOyHQj5JEz3aQOCCnyn7yqUPjOgHekWhVlSSgBjtZeNh1bPYy jCsef3maNJUF479hitCI/TG5pEnE6Nm5oRcvChH7AwgCLEWMJcbMTEPplnp5BrP8jC/t bsBIPeMobovsYUcw/NzbRdqWfxw/gIf6s+xW7TdJwFoQ1EZW1rjTylUNaAaRF+AiJU21 iqlbFNFVSUqxK+5AHmn7S1qxItfrd2H8YiOFt2nON2z6AaaWJMAm2hFwxrdeKuBs8Kl5 9uh0WcdnV3ADyAvnfmONLNIoX8DNzlpjBQESwraYYdSRgNNTYPWB3eA63wqEIdLB0IB8 qrRw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=dSxlCpbL; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k12si5738878plt.28.2019.04.19.12.29.56; Fri, 19 Apr 2019 12:30:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=dSxlCpbL; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727398AbfDST2x (ORCPT + 99 others); Fri, 19 Apr 2019 15:28:53 -0400 Received: from mail-lf1-f65.google.com ([209.85.167.65]:33555 "EHLO mail-lf1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725961AbfDST2x (ORCPT ); Fri, 19 Apr 2019 15:28:53 -0400 Received: by mail-lf1-f65.google.com with SMTP id j11so4691111lfm.0 for ; Fri, 19 Apr 2019 12:28:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=f8awkoFgJo+7sK0/t71k/qt5Gg5gyX9rXy3SAgYCU+U=; b=dSxlCpbLirYkjVORpxe+f+H6+6jho/uixN8Rws9Ju2GRfPAgh4P3cSj45wsYrHpGdd t3ElM5Z4PShUQJtPAQLTOoFw4OAdKyRdoWQgVUFkA4i2x+EHXAukvaRbs01lT2absiwt 30YE4MRhtZTOsmrLfW4alm/lIypUsLQdZNo6RqtnVIaOi3aNRXZAYZmN+LKxqnBWpryA XNAQJAyCazdJO1XUVj0ZXkMqKf+bm8GNmUC3f3H9+nCoFR42tyDSA0K2csZ6cwTw4t7+ Yfk09FCamdjkN+Zmr25Jgi90G++8EIKITP9uDuWJl9wuZE4zTFUAjc5iQYA/W4b1uoE4 Ii2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=f8awkoFgJo+7sK0/t71k/qt5Gg5gyX9rXy3SAgYCU+U=; b=LrYOiO1XDS4ruWhdPRXim4quAHSgL+H/2YwZahUrsqgpKHSaBqNta3WlkJVtg9Mkt9 7HrWGkAwkanQSf8Tb+7hk4iHOBCd+dZR1LBfi2Z4KxNTGrRxLVdoISoNWfOkXT1VIdCH MJjpdHuZKRclAy6nsLyejHamszVndyEZRn9RatFY68wrDnzLtXtShDlUU5BC/BOMTL5m 9PYDppIGrjBaUFJ6yPqluE9B6tEHKD+u3pB/6DLiNFDYgMh4nYvD+CMstx0GhcFDyiJH rdbDHJD00mYc+uhGxWSs8hxhVMG0kcFyqfWUHt2YWzmI1X0fu1+6pi/uP2rQvYmULiuc NU2A== X-Gm-Message-State: APjAAAVywPkO7KRVjQun9PbUUy3GD3BHw99woxymxkgoFGROg7TEq4fy 5o2Rme9AMhR1k6//rjuGYzxhmdRcFSlvBRIWPMaY X-Received: by 2002:a19:2814:: with SMTP id o20mr3081918lfo.117.1555702130446; Fri, 19 Apr 2019 12:28:50 -0700 (PDT) MIME-Version: 1.0 References: <1555686587-13866-1-git-send-email-wang6495@umn.edu> In-Reply-To: <1555686587-13866-1-git-send-email-wang6495@umn.edu> From: Paul Moore Date: Fri, 19 Apr 2019 15:28:39 -0400 Message-ID: Subject: Re: [PATCH v2] audit: fix a memory leak bug To: Wenwen Wang Cc: Eric Paris , "moderated list:AUDIT SUBSYSTEM" , open list Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Apr 19, 2019 at 11:10 AM Wenwen Wang wrote: > > In audit_rule_change(), audit_data_to_entry() is firstly invoked to > translate the payload data to the kernel's rule representation. In > audit_data_to_entry(), depending on the audit field type, an audit tree may > be created in audit_make_tree(), which eventually invokes kmalloc() to > allocate the tree. Since this tree is a temporary tree, it will be then > freed in the following execution, e.g., audit_add_rule() if the message > type is AUDIT_ADD_RULE or audit_del_rule() if the message type is > AUDIT_DEL_RULE. However, if the message type is neither AUDIT_ADD_RULE nor > AUDIT_DEL_RULE, i.e., the default case of the switch statement, this > temporary tree is not freed. > > To fix this issue, only allocate the tree when the type is AUDIT_ADD_RULE > or AUDIT_DEL_RULE. > > Signed-off-by: Wenwen Wang > --- > kernel/auditfilter.c | 16 +++++++++++----- > 1 file changed, 11 insertions(+), 5 deletions(-) This looks good, it just needs some minor vertical whitespace fixes (see below). > diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c > index 63f8b3f..923b858 100644 > --- a/kernel/auditfilter.c > +++ b/kernel/auditfilter.c > @@ -1114,22 +1114,28 @@ int audit_rule_change(int type, int seq, void *data, size_t datasz) > int err = 0; > struct audit_entry *entry; > > - entry = audit_data_to_entry(data, datasz); > - if (IS_ERR(entry)) > - return PTR_ERR(entry); > - > switch (type) { > case AUDIT_ADD_RULE: > + entry = audit_data_to_entry(data, datasz); > + if (IS_ERR(entry)) > + return PTR_ERR(entry); > + I realize you are taking the blank line from the code above, but we probably don't need it here. > err = audit_add_rule(entry); > audit_log_rule_change("add_rule", &entry->rule, !err); > break; > + Definitely do not add this blank line. > case AUDIT_DEL_RULE: > + entry = audit_data_to_entry(data, datasz); > + if (IS_ERR(entry)) > + return PTR_ERR(entry); > + > err = audit_del_rule(entry); > audit_log_rule_change("remove_rule", &entry->rule, !err); > break; > + Same here. > default: > - err = -EINVAL; > WARN_ON(1); > + return -EINVAL; > } > > if (err || type == AUDIT_DEL_RULE) { > -- > 2.7.4 -- paul moore www.paul-moore.com