"Serge E. Hallyn" <serue@xxxxxxxxxx> writes: > Quoting Eric W. Biederman (ebiederm@xxxxxxxxxxxx): >> >> While refreshing my sysfs patches I noticed a leak in the secdata >> implementation. We don't free the secdata when we free the >> sysfs dirent. >> >> This is a bug in 2.6.32-rc5 that we really should close. >> >> Signed-off-by: Eric W. Biederman <ebiederm@xxxxxxxxxxxxxxxxxx> > > I'm surprised no kmemleak or anything has found this - but I guess > not many sites hand-set custom selinux contexts on sysfs? I don't expect so since you couldn't customize it in 2.6.31. This is brand new code, and this corner case was just overlooked in the review. Eric > Acked-by: Serge Hallyn <serue@xxxxxxxxxx> > >> --- >> >> fs/sysfs/dir.c | 4 ++++ >> 1 files changed, 4 insertions(+), 0 deletions(-) >> >> diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c >> index 5fad489..e020183 100644 >> --- a/fs/sysfs/dir.c >> +++ b/fs/sysfs/dir.c >> @@ -21,6 +21,7 @@ >> #include <linux/completion.h> >> #include <linux/mutex.h> >> #include <linux/slab.h> >> +#include <linux/security.h> >> #include "sysfs.h" >> >> DEFINE_MUTEX(sysfs_mutex); >> @@ -285,6 +286,9 @@ void release_sysfs_dirent(struct sysfs_dirent * sd) >> sysfs_put(sd->s_symlink.target_sd); >> if (sysfs_type(sd) & SYSFS_COPY_NAME) >> kfree(sd->s_name); >> + if (sd->s_iattr && sd->s_iattr->ia_secdata) >> + security_release_secctx(sd->s_iattr->ia_secdata, >> + sd->s_iattr->ia_secdata_len); >> kfree(sd->s_iattr); >> sysfs_free_ino(sd->s_ino); >> kmem_cache_free(sysfs_dir_cachep, sd); >> -- >> 1.6.5.2.143.g8cc62 >> >> -- >> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
