]>
Commit | Line | Data |
---|---|---|
bcb499f1 GKH |
1 | From 93518dd2ebafcc761a8637b2877008cfd748c202 Mon Sep 17 00:00:00 2001 |
2 | From: Masami Ichikawa <masami256@gmail.com> | |
3 | Date: Tue, 21 Feb 2012 07:43:50 +0900 | |
4 | Subject: sysfs: Fix memory leak in sysfs_sd_setsecdata(). | |
5 | ||
6 | From: Masami Ichikawa <masami256@gmail.com> | |
7 | ||
8 | commit 93518dd2ebafcc761a8637b2877008cfd748c202 upstream. | |
9 | ||
10 | This patch fixies follwing two memory leak patterns that reported by kmemleak. | |
11 | sysfs_sd_setsecdata() is called during sys_lsetxattr() operation. | |
12 | It checks sd->s_iattr is NULL or not. Then if it is NULL, it calls | |
13 | sysfs_init_inode_attrs() to allocate memory. | |
14 | That code is this. | |
15 | ||
16 | iattrs = sd->s_iattr; | |
17 | if (!iattrs) | |
18 | iattrs = sysfs_init_inode_attrs(sd); | |
19 | ||
20 | The iattrs recieves sysfs_init_inode_attrs()'s result, but sd->s_iattr | |
21 | doesn't know the address. so it needs to set correct address to | |
22 | sd->s_iattr to free memory in other function. | |
23 | ||
24 | unreferenced object 0xffff880250b73e60 (size 32): | |
25 | comm "systemd", pid 1, jiffies 4294683888 (age 94.553s) | |
26 | hex dump (first 32 bytes): | |
27 | 73 79 73 74 65 6d 5f 75 3a 6f 62 6a 65 63 74 5f system_u:object_ | |
28 | 72 3a 73 79 73 66 73 5f 74 3a 73 30 00 00 00 00 r:sysfs_t:s0.... | |
29 | backtrace: | |
30 | [<ffffffff814cb1d0>] kmemleak_alloc+0x73/0x98 | |
31 | [<ffffffff811270ab>] __kmalloc+0x100/0x12c | |
32 | [<ffffffff8120775a>] context_struct_to_string+0x106/0x210 | |
33 | [<ffffffff81207cc1>] security_sid_to_context_core+0x10b/0x129 | |
34 | [<ffffffff812090ef>] security_sid_to_context+0x10/0x12 | |
35 | [<ffffffff811fb0da>] selinux_inode_getsecurity+0x7d/0xa8 | |
36 | [<ffffffff811fb127>] selinux_inode_getsecctx+0x22/0x2e | |
37 | [<ffffffff811f4d62>] security_inode_getsecctx+0x16/0x18 | |
38 | [<ffffffff81191dad>] sysfs_setxattr+0x96/0x117 | |
39 | [<ffffffff811542f0>] __vfs_setxattr_noperm+0x73/0xd9 | |
40 | [<ffffffff811543d9>] vfs_setxattr+0x83/0xa1 | |
41 | [<ffffffff811544c6>] setxattr+0xcf/0x101 | |
42 | [<ffffffff81154745>] sys_lsetxattr+0x6a/0x8f | |
43 | [<ffffffff814efda9>] system_call_fastpath+0x16/0x1b | |
44 | [<ffffffffffffffff>] 0xffffffffffffffff | |
45 | unreferenced object 0xffff88024163c5a0 (size 96): | |
46 | comm "systemd", pid 1, jiffies 4294683888 (age 94.553s) | |
47 | hex dump (first 32 bytes): | |
48 | 00 00 00 00 ed 41 00 00 00 00 00 00 00 00 00 00 .....A.......... | |
49 | 00 00 00 00 00 00 00 00 0c 64 42 4f 00 00 00 00 .........dBO.... | |
50 | backtrace: | |
51 | [<ffffffff814cb1d0>] kmemleak_alloc+0x73/0x98 | |
52 | [<ffffffff81127402>] kmem_cache_alloc_trace+0xc4/0xee | |
53 | [<ffffffff81191cbe>] sysfs_init_inode_attrs+0x2a/0x83 | |
54 | [<ffffffff81191dd6>] sysfs_setxattr+0xbf/0x117 | |
55 | [<ffffffff811542f0>] __vfs_setxattr_noperm+0x73/0xd9 | |
56 | [<ffffffff811543d9>] vfs_setxattr+0x83/0xa1 | |
57 | [<ffffffff811544c6>] setxattr+0xcf/0x101 | |
58 | [<ffffffff81154745>] sys_lsetxattr+0x6a/0x8f | |
59 | [<ffffffff814efda9>] system_call_fastpath+0x16/0x1b | |
60 | [<ffffffffffffffff>] 0xffffffffffffffff | |
61 | ` | |
62 | ||
63 | Signed-off-by: Masami Ichikawa <masami256@gmail.com> | |
64 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
65 | ||
66 | --- | |
67 | fs/sysfs/inode.c | 11 ++++++----- | |
68 | 1 file changed, 6 insertions(+), 5 deletions(-) | |
69 | ||
70 | --- a/fs/sysfs/inode.c | |
71 | +++ b/fs/sysfs/inode.c | |
72 | @@ -136,12 +136,13 @@ static int sysfs_sd_setsecdata(struct sy | |
73 | void *old_secdata; | |
74 | size_t old_secdata_len; | |
75 | ||
76 | - iattrs = sd->s_iattr; | |
77 | - if (!iattrs) | |
78 | - iattrs = sysfs_init_inode_attrs(sd); | |
79 | - if (!iattrs) | |
80 | - return -ENOMEM; | |
81 | + if (!sd->s_iattr) { | |
82 | + sd->s_iattr = sysfs_init_inode_attrs(sd); | |
83 | + if (!sd->s_iattr) | |
84 | + return -ENOMEM; | |
85 | + } | |
86 | ||
87 | + iattrs = sd->s_iattr; | |
88 | old_secdata = iattrs->ia_secdata; | |
89 | old_secdata_len = iattrs->ia_secdata_len; | |
90 |