Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/security
History
Tetsuo Handa e595ec5385 SELinux: Fix memory leak upon loading policy 
commit 8ed8146028 upstream.

Hello.

I got below leak with linux-3.10.0-54.0.1.el7.x86_64 .

[  681.903890] kmemleak: 5538 new suspected memory leaks (see /sys/kernel/debug/kmemleak)

Below is a patch, but I don't know whether we need special handing for undoing
ebitmap_set_bit() call.
----------
>>From fe97527a90fe95e2239dfbaa7558f0ed559c0992 Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Mon, 6 Jan 2014 16:30:21 +0900
Subject: SELinux: Fix memory leak upon loading policy

Commit 2463c26d "SELinux: put name based create rules in a hashtable" did not
check return value from hashtab_insert() in filename_trans_read(). It leaks
memory if hashtab_insert() returns error.

  unreferenced object 0xffff88005c9160d0 (size 8):
    comm "systemd", pid 1, jiffies 4294688674 (age 235.265s)
    hex dump (first 8 bytes):
      57 0b 00 00 6b 6b 6b a5                          W...kkk.
    backtrace:
      [<ffffffff816604ae>] kmemleak_alloc+0x4e/0xb0
      [<ffffffff811cba5e>] kmem_cache_alloc_trace+0x12e/0x360
      [<ffffffff812aec5d>] policydb_read+0xd1d/0xf70
      [<ffffffff812b345c>] security_load_policy+0x6c/0x500
      [<ffffffff812a623c>] sel_write_load+0xac/0x750
      [<ffffffff811eb680>] vfs_write+0xc0/0x1f0
      [<ffffffff811ec08c>] SyS_write+0x4c/0xa0
      [<ffffffff81690419>] system_call_fastpath+0x16/0x1b
      [<ffffffffffffffff>] 0xffffffffffffffff

However, we should not return EEXIST error to the caller, or the systemd will
show below message and the boot sequence freezes.

  systemd[1]: Failed to load SELinux policy. Freezing.

Change-Id: Ibad84f800864d44b20ec97bb5d59cef524ac2bfa
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-10-29 23:12:26 +08:00
..
apparmor nick kvfree() from apparmor 2014-11-18 15:13:23 -08:00
integrity security: fix ima kconfig warning 2012-02-28 11:01:15 +11:00
keys KEYS: Fix crash when attempt to garbage collect an uninstantiated keyring 2016-10-29 23:12:12 +08:00
selinux SELinux: Fix memory leak upon loading policy 2016-10-29 23:12:26 +08:00
smack consitify do_mount() arguments 2015-07-13 11:17:52 -07:00
tomoyo consitify do_mount() arguments 2015-07-13 11:17:52 -07:00
yama Yama: add PR_SET_PTRACER_ANY 2012-02-16 10:25:18 +11:00
capability.c consitify do_mount() arguments 2015-07-13 11:17:52 -07:00
commoncap.c Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs 2014-10-31 19:46:07 -07:00
device_cgroup.c cgroup: remove cgroup_subsys argument from callbacks 2012-02-02 09:20:22 -08:00
inode.c securityfs: fix object creation races 2012-01-10 10:20:35 -05:00
Kconfig FROMLIST: security,perf: Allow further restriction of perf_event_open 2016-06-20 19:00:29 +00:00
lsm_audit.c security: lsm_audit: add ioctl specific auditing 2015-04-20 09:42:31 -07:00
Makefile security: Yama LSM 2012-02-10 09:18:52 +11:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c consitify do_mount() arguments 2015-07-13 11:17:52 -07:00