Re: [PATCH] Fix for binary_sysctl() memory leak

From: Michel Lespinasse
Date: Thu Dec 15 2011 - 17:59:40 EST


On Thu, Dec 15, 2011 at 2:44 PM, Andrew Morton
<akpm@xxxxxxxxxxxxxxxxxxxx> wrote:
> OK.  Please resend with a new changelog?

All right. Will do as a reply to this (I'll add the same explanation
as in my previous email).

> The bug surprises me - it seems that it makes it trivial for userspace
> to cause leaking of mad amounts of kernel memory, which would cause the
> bug to be found and fixed quickly.
>
> Is it a recent regression, or does the bug trigger only in weird
> circumstances, or what?

As far as I can tell, the bug was introduced in v2.6.33-rc1 by commit
26a7034b40ba80f82f64fa251a2cbf49f9971c6a

It's probably not common because people use sysctl mainly at boot
time, and/or don't use the deprecated binary variant of it anymore.
But yes, it is trivial to exploit...

--
Michel "Walken" Lespinasse
A program is never fully debugged until the last user dies.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/