Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754312AbZFFXDl (ORCPT ); Sat, 6 Jun 2009 19:03:41 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752430AbZFFXDe (ORCPT ); Sat, 6 Jun 2009 19:03:34 -0400 Received: from mk-filter-2-a-1.mail.uk.tiscali.com ([212.74.100.53]:38663 "EHLO mk-filter-2-a-1.mail.uk.tiscali.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752004AbZFFXDd (ORCPT ); Sat, 6 Jun 2009 19:03:33 -0400 X-Trace: 210661819/mk-filter-2.mail.uk.tiscali.com/B2C/$b2c-THROTTLED-DYNAMIC/b2c-CUSTOMER-DYNAMIC-IP/79.69.119.212/None/hugh.dickins@tiscali.co.uk X-SBRS: None X-RemoteIP: 79.69.119.212 X-IP-MAIL-FROM: hugh.dickins@tiscali.co.uk X-SMTP-AUTH: X-MUA: X-IP-BHB: Once X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AgQGAEaSKkpPRXfU/2dsb2JhbACBT8skgjGBWQU X-IronPort-AV: E=Sophos;i="4.41,316,1241391600"; d="scan'208";a="210661819" Date: Sat, 6 Jun 2009 23:29:45 +0100 (BST) From: Hugh Dickins X-X-Sender: hugh@sister.anvils To: Linus Torvalds cc: Mimi Zohar , Andrew Morton , Mimi Zohar , Serge Hallyn , James Morris , Al Viro , linux-kernel@vger.kernel.org Subject: Re: [PATCH] integrity: fix IMA inode leak In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1898 Lines: 45 On Sat, 6 Jun 2009, Linus Torvalds wrote: > On Sat, 6 Jun 2009, Linus Torvalds wrote: > > On Sat, 6 Jun 2009, Hugh Dickins wrote: > > > > > > CONFIG_IMA=y inode activity leaks iint_cache and radix_tree_node objects > > > until the system runs out of memory. Nowhere is calling ima_inode_free() > > > a.k.a. ima_iint_delete(). Fix that by calling it from destroy_inode(). > > > > Shouldn't we call it from "security_inode_free()" instead? And shouldn't > > it be allocated in "security_inode_alloc()"? That sounds like the correct > > nesting here, since the whole integrity thing is under the security > > module. > > > > Hmm? I wondered the same: quite possibly, but I tend to assume there was reason to do it like that; and thought it best to mirror the security_inode_alloc, ima_inode_alloc with ima_inode_free, security_inode_free for now. (I also disliked the obfuscescent #define ima_iint_delete ima_inode_free in ima_iint.c!) > > Oh well. I applied the patch as-is, since it seems to fix a real issue. Thanks, yes. There is a possibility that it will reveal some warnings from iint_free which were hidden before; but I've not seen them in normal working, and I'd anyway prefer a few warnings to my boxes OOMing. Though it was only by mistake that I had CONFIG_IMA=y in the first place. > > But I do think fs/inode.c shouldn't care about things like that, and have > it internal to security_inode_alloc/free(). But I guess that's a separate > cleanup. The IMA stuff all looks rather bolted in on top; I did fail to persuade Mimi to move the shmem and shm hooks down a level, so for now at least they'll stay as they are. Hugh -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/