Re: [PATCH 1/1] Fix memory leak in kernfs_security_xattr_set and kernfs_security_xattr_set

From: Casey Schaufler
Date: Fri Jun 01 2018 - 12:41:55 EST


On 6/1/2018 9:29 AM, CHANDAN VN wrote:
>>> ÂIÂagreeÂthatÂtheÂfixÂcanÂbeÂdoneÂsimplyÂbyÂusingÂ"false"ÂforÂ
>>> Âsmack_inode_getsecurity(),ÂbutÂwhatÂhappensÂwithÂkernfs_node_setsecdata()
>>> ÂandÂsmack_inode_notifysecctx().Âkernfs_node_setsecdata()ÂisÂprobablyÂignorable
>>> ÂbutÂsmack_inode_notifysecctx()ÂisÂsendingÂtheÂ"ctx"ÂtoÂsmack_inode_setsecurity()
>>> ÂandÂsinceÂ"ctx"ÂwouldÂbeÂNULLÂbecauseÂweÂusedÂ"false",Âsmack_inode_setsecurity()
>>> ÂbecomesÂdummy.
> Â
>> ThankÂyouÂforÂpointingÂthisÂout.ÂYou'reÂright,Âthere'sÂmore
>> atÂissueÂhereÂthanÂchangingÂtheÂallocÂflagÂwillÂfix.ÂIÂthink
>> thatÂcallingÂsmack_inode_getsecurity()ÂfromÂsmack_inode_getsecctx()
>> isÂmakingÂtheÂcodeÂmoreÂcomplicatedÂthanÂitÂneedsÂtoÂbe.ÂIÂwill
>> haveÂaÂpatchÂshortly.
> If you think the patch would take time or is complicated, I suggest that the kfree() fix should go
> to fix the leaks for now.

Heavens no! The patch is very simple. I'm building a kernel with
it now, and should have it tested and posted within a few hours.
The implementation of smack_inode_getsecctx() that's there is
understandable, but wrong. There's a much better way to do the
job.