Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp2405980yba; Mon, 22 Apr 2019 06:18:48 -0700 (PDT) X-Google-Smtp-Source: APXvYqz0Fr/csq8DybFULmstT8eYgOCQjwwJZvzYeDQLDCcD/ef/OPVo8F68FJj9yVF+EUhS2MX1 X-Received: by 2002:a62:209c:: with SMTP id m28mr20134993pfj.233.1555939128507; Mon, 22 Apr 2019 06:18:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555939128; cv=none; d=google.com; s=arc-20160816; b=bOIwXOMALYEa6u4UouAc0xZtNq9pmJbDglZh24VKMYIZpU20wiJFF70TBs0tB0RLRl 6P/mDJLws5WTfoGo404U7GJxncXsLo68qKxOPf1ZtDt7MTCpcqXRV83Lya/1ihFa8w0p g/bv5Mg6e0JDnsXU9UseY6Io7FQMLO1eHlRGj83gOCbv8wRR5Myk50sVtRaseFHWmytU u7pmheVl7KWPUy7PvQ5MzCmw8L70RcoQ9CpWgoFcqK0vlA6md05dujuAQpldmdLOy/8W IfVJbqC/QwqELIYb9zSpJ0KZBhc9BQwP9vKXrbhYpmTvrL7KJb1CKZLWVTt3NOeACv5f aUpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=wY//leCwOzJE8mZNj/zuuSuqEp4v6D0ieJjge+86xD8=; b=Q6PDT2UG4ZhRyZ1kxEide30kaVuWaa2HvUhica07Rvq4OyckLiH6HGyHX+MWXHJJ+F egAR3kxtRyJQ3sRb/YQ2wrvEUA46VyxkQU3ka2uE6eUlfTTfTeFuKCRW+NmXd9RkOS96 vPTXkM3jGrQUzzfYOqf9GjpM+Hs24qf5J9Sup1Ka7ombrBUcAYusH/avsdyp7O4q8wur CNT6eppBGNlx+4rHX3B5jhOHMx++uEETdGyRMwPEmLF65SD61RVEkgBMHymCkLifDxaS hARpXhQW02mWemOL0Xp7QuVgoTFvcUTAlRO/JBfMIWF1zHvlk3peJMXFLhIGL3cyon3N iZAw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z11si13092027plk.81.2019.04.22.06.18.32; Mon, 22 Apr 2019 06:18:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726852AbfDVNQV (ORCPT + 99 others); Mon, 22 Apr 2019 09:16:21 -0400 Received: from mx1.redhat.com ([209.132.183.28]:51114 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726057AbfDVNQV (ORCPT ); Mon, 22 Apr 2019 09:16:21 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2A8AF307D848; Mon, 22 Apr 2019 13:16:21 +0000 (UTC) Received: from madcap2.tricolour.ca (ovpn-112-16.phx2.redhat.com [10.3.112.16]) by smtp.corp.redhat.com (Postfix) with ESMTPS id ECFC02706A; Mon, 22 Apr 2019 13:16:15 +0000 (UTC) Date: Mon, 22 Apr 2019 09:16:13 -0400 From: Richard Guy Briggs To: Wenwen Wang Cc: "moderated list:AUDIT SUBSYSTEM" , open list Subject: Re: [PATCH v3] audit: fix a memory leak bug Message-ID: <20190422131613.ivnshztep4e772xq@madcap2.tricolour.ca> References: <1555724969-15300-1-git-send-email-wang6495@umn.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1555724969-15300-1-git-send-email-wang6495@umn.edu> User-Agent: NeoMutt/20180716 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Mon, 22 Apr 2019 13:16:21 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019-04-19 20:49, Wenwen Wang wrote: > In audit_rule_change(), audit_data_to_entry() is firstly invoked to > translate the payload data to the kernel's rule representation. In > audit_data_to_entry(), depending on the audit field type, an audit tree may > be created in audit_make_tree(), which eventually invokes kmalloc() to > allocate the tree. Since this tree is a temporary tree, it will be then > freed in the following execution, e.g., audit_add_rule() if the message > type is AUDIT_ADD_RULE or audit_del_rule() if the message type is > AUDIT_DEL_RULE. However, if the message type is neither AUDIT_ADD_RULE nor > AUDIT_DEL_RULE, i.e., the default case of the switch statement, this > temporary tree is not freed. > > To fix this issue, only allocate the tree when the type is AUDIT_ADD_RULE > or AUDIT_DEL_RULE. > > Signed-off-by: Wenwen Wang Looks good to me. Reviewed-by: Richard Guy Briggs > --- > kernel/auditfilter.c | 12 +++++++----- > 1 file changed, 7 insertions(+), 5 deletions(-) > > diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c > index 63f8b3f..3ac71c4 100644 > --- a/kernel/auditfilter.c > +++ b/kernel/auditfilter.c > @@ -1114,22 +1114,24 @@ int audit_rule_change(int type, int seq, void *data, size_t datasz) > int err = 0; > struct audit_entry *entry; > > - entry = audit_data_to_entry(data, datasz); > - if (IS_ERR(entry)) > - return PTR_ERR(entry); > - > switch (type) { > case AUDIT_ADD_RULE: > + entry = audit_data_to_entry(data, datasz); > + if (IS_ERR(entry)) > + return PTR_ERR(entry); > err = audit_add_rule(entry); > audit_log_rule_change("add_rule", &entry->rule, !err); > break; > case AUDIT_DEL_RULE: > + entry = audit_data_to_entry(data, datasz); > + if (IS_ERR(entry)) > + return PTR_ERR(entry); > err = audit_del_rule(entry); > audit_log_rule_change("remove_rule", &entry->rule, !err); > break; > default: > - err = -EINVAL; > WARN_ON(1); > + return -EINVAL; > } > > if (err || type == AUDIT_DEL_RULE) { > -- > 2.7.4 > > -- > Linux-audit mailing list > Linux-audit@redhat.com > https://www.redhat.com/mailman/listinfo/linux-audit - RGB -- Richard Guy Briggs Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635