[Ocfs2-devel] freeing memory allocated in security_inode_init

All of lore.kernel.org
 help / color / mirror / Atom feed

* [Ocfs2-devel] freeing memory allocated in security_inode_init_security()
@ 2011-05-04 19:18 Mimi Zohar
  2011-05-04 20:09 ` Sunil Mushran
  2011-05-04 20:57 ` Mimi Zohar
  0 siblings, 2 replies; 4+ messages in thread
From: Mimi Zohar @ 2011-05-04 19:18 UTC (permalink / raw)
  To: ocfs2-devel

Hi,

Although it isn't documented in security.c, the LSM
security_inode_init_security() hook allocates memory for xattr name and
value, expecting the caller to release the memory afterwards.

I'm making my way through the different filesystems adding a subsequent
call to evm_inode_post_init_security().  I see the call to
ocfs2_init_security_and_acl() calls ocfs2_init_security_get(), which in
turn calls security_inode_init_security(), but am having a hard time
finding where the name and value are subsequently freed.  Would
appreciate if someone could point it out.

thanks,

Mimi

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [Ocfs2-devel] freeing memory allocated in security_inode_init_security()
  2011-05-04 19:18 [Ocfs2-devel] freeing memory allocated in security_inode_init_security() Mimi Zohar
@ 2011-05-04 20:09 ` Sunil Mushran
  2011-05-30  6:41   ` Tiger Yang
  2011-05-04 20:57 ` Mimi Zohar
  1 sibling, 1 reply; 4+ messages in thread
From: Sunil Mushran @ 2011-05-04 20:09 UTC (permalink / raw)
  To: ocfs2-devel

On 05/04/2011 12:18 PM, Mimi Zohar wrote:
> Although it isn't documented in security.c, the LSM
> security_inode_init_security() hook allocates memory for xattr name and
> value, expecting the caller to release the memory afterwards.
>
> I'm making my way through the different filesystems adding a subsequent
> call to evm_inode_post_init_security().  I see the call to
> ocfs2_init_security_and_acl() calls ocfs2_init_security_get(), which in
> turn calls security_inode_init_security(), but am having a hard time
> finding where the name and value are subsequently freed.  Would
> appreciate if someone could point it out.

I think we have a leak in the reflink code path. mknod and symlink
code paths free the name/value pair.

Tiger, Please could you post a fix.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Ocfs2-devel] freeing memory allocated in security_inode_init_security()
  2011-05-04 19:18 [Ocfs2-devel] freeing memory allocated in security_inode_init_security() Mimi Zohar
  2011-05-04 20:09 ` Sunil Mushran
@ 2011-05-04 20:57 ` Mimi Zohar
  1 sibling, 0 replies; 4+ messages in thread
From: Mimi Zohar @ 2011-05-04 20:57 UTC (permalink / raw)
  To: reiserfs-devel; +Cc: linux-security-module

On Wed, 2011-05-04 at 15:18 -0400, Mimi Zohar wrote:
> Hi,
> 
> Although it isn't documented in security.c, the LSM
> security_inode_init_security() hook allocates memory for xattr name and
> value, expecting the caller to release the memory afterwards.
> 
> I'm making my way through the different filesystems adding a subsequent
> call to evm_inode_post_init_security().  I see the call to
> ocfs2_init_security_and_acl() calls ocfs2_init_security_get(), which in
> turn calls security_inode_init_security(), but am having a hard time
> finding where the name and value are subsequently freed.  Would
> appreciate if someone could point it out.
> 
> thanks,
> 
> Mimi

Although the reiserfs_security_init() comment explicitly states that the
caller must call reiserfs_security_free(), I don't see it being done.

Mimi


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [Ocfs2-devel] freeing memory allocated in security_inode_init_security()
  2011-05-04 20:09 ` Sunil Mushran
@ 2011-05-30  6:41   ` Tiger Yang
  0 siblings, 0 replies; 4+ messages in thread
From: Tiger Yang @ 2011-05-30  6:41 UTC (permalink / raw)
  To: ocfs2-devel

On 05/05/2011 04:09 AM, Sunil Mushran wrote:
> On 05/04/2011 12:18 PM, Mimi Zohar wrote:
>> Although it isn't documented in security.c, the LSM
>> security_inode_init_security() hook allocates memory for xattr name and
>> value, expecting the caller to release the memory afterwards.
>>
>> I'm making my way through the different filesystems adding a subsequent
>> call to evm_inode_post_init_security().  I see the call to
>> ocfs2_init_security_and_acl() calls ocfs2_init_security_get(), which in
>> turn calls security_inode_init_security(), but am having a hard time
>> finding where the name and value are subsequently freed.  Would
>> appreciate if someone could point it out.
>
> I think we have a leak in the reflink code path. mknod and symlink
> code paths free the name/value pair.
>
> Tiger, Please could you post a fix.
Hi, Mimi and Sunil,

I send a patch to fix this memory leak.

Thanks,
tiger

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2011-05-30  6:41 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-05-04 19:18 [Ocfs2-devel] freeing memory allocated in security_inode_init_security() Mimi Zohar
2011-05-04 20:09 ` Sunil Mushran
2011-05-30  6:41   ` Tiger Yang
2011-05-04 20:57 ` Mimi Zohar

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.