From: Li RongQing <lirongqing@baidu.com>
To: paul@paul-moore.com, eparis@redhat.com, linux-audit@redhat.com,
linux-kernel@vger.kernel.org
Subject: [PATCH] audit: fix a memleak caused by auditing load module
Date: Tue, 5 Mar 2019 19:14:26 +0800 [thread overview]
Message-ID: <1551784466-15610-1-git-send-email-lirongqing@baidu.com> (raw)
we should always free context->module.name, since it will be
allocated unconditionally and audit_log_start() can fail with
other reasons, and audit_log_exit maybe not called
unreferenced object 0xffff88af90837d20 (size 8):
comm "modprobe", pid 1036, jiffies 4294704867 (age 3069.138s)
hex dump (first 8 bytes):
69 78 67 62 65 00 ff ff ixgbe...
backtrace:
[<0000000008da28fe>] __audit_log_kern_module+0x33/0x80
[<00000000c1491e61>] load_module+0x64f/0x3850
[<000000007fc9ae3f>] __do_sys_init_module+0x218/0x250
[<0000000000d4a478>] do_syscall_64+0x117/0x400
[<000000004924ded8>] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[<000000007dc331dd>] 0xffffffffffffffff
Fixes: ca86cad7380e3 ("audit: log module name on init_module")
Signed-off-by: Zhang Yu <zhangyu31@baidu.com>
Signed-off-by: Li RongQing <lirongqing@baidu.com>
---
kernel/auditsc.c | 22 ++++++++++++++++++++--
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index b2d1f043f..2bd80375f 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1186,8 +1186,13 @@ static void show_special(struct audit_context *context, int *call_panic)
int i;
ab = audit_log_start(context, GFP_KERNEL, context->type);
- if (!ab)
+ if (!ab) {
+ if (context->type == AUDIT_KERN_MODULE) {
+ kfree(context->module.name);
+ context->module.name = NULL;
+ }
return;
+ }
switch (context->type) {
case AUDIT_SOCKETCALL: {
@@ -1354,8 +1359,15 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
context->personality = tsk->personality;
ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL);
- if (!ab)
+
+ if (!ab) {
+ if (context->type == AUDIT_KERN_MODULE) {
+ kfree(context->module.name);
+ context->module.name = NULL;
+ }
return; /* audit_panic has been called */
+ }
+
audit_log_format(ab, "arch=%x syscall=%d",
context->arch, context->major);
if (context->personality != PER_LINUX)
@@ -1576,6 +1588,12 @@ void __audit_syscall_exit(int success, long return_code)
if (context->in_syscall && context->current_state == AUDIT_RECORD_CONTEXT)
audit_log_exit(context, current);
+ else {
+ if (context->type == AUDIT_KERN_MODULE) {
+ kfree(context->module.name);
+ context->module.name = NULL;
+ }
+ }
context->in_syscall = 0;
context->prio = context->state == AUDIT_RECORD_CONTEXT ? ~0ULL : 0;
--
2.16.2
next reply other threads:[~2019-03-05 11:14 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-05 11:14 Li RongQing [this message]
2019-03-05 14:18 ` [PATCH] audit: fix a memleak caused by auditing load module Paul Moore
2019-03-06 3:23 ` 答复: " Li,Rongqing
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1551784466-15610-1-git-send-email-lirongqing@baidu.com \
--to=lirongqing@baidu.com \
--cc=eparis@redhat.com \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=paul@paul-moore.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).