| From 3d3c8f93a237b64580c5c5e138edeb1377e98230 Mon Sep 17 00:00:00 2001 |
| From: Michel Lespinasse <walken@google.com> |
| Date: Mon, 19 Dec 2011 17:12:06 -0800 |
| Subject: binary_sysctl(): fix memory leak |
| |
| From: Michel Lespinasse <walken@google.com> |
| |
| commit 3d3c8f93a237b64580c5c5e138edeb1377e98230 upstream. |
| |
| binary_sysctl() calls sysctl_getname() which allocates from names_cache |
| slab usin __getname() |
| |
| The matching function to free the name is __putname(), and not putname() |
| which should be used only to match getname() allocations. |
| |
| This is because when auditing is enabled, putname() calls audit_putname |
| *instead* (not in addition) to __putname(). Then, if a syscall is in |
| progress, audit_putname does not release the name - instead, it expects |
| the name to get released when the syscall completes, but that will happen |
| only if audit_getname() was called previously, i.e. if the name was |
| allocated with getname() rather than the naked __getname(). So, |
| __getname() followed by putname() ends up leaking memory. |
| |
| Signed-off-by: Michel Lespinasse <walken@google.com> |
| Acked-by: Al Viro <viro@zeniv.linux.org.uk> |
| Cc: Christoph Hellwig <hch@infradead.org> |
| Cc: Eric Paris <eparis@redhat.com> |
| Signed-off-by: Andrew Morton <akpm@linux-foundation.org> |
| Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| kernel/sysctl_binary.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- a/kernel/sysctl_binary.c |
| +++ b/kernel/sysctl_binary.c |
| @@ -1354,7 +1354,7 @@ static ssize_t binary_sysctl(const int * |
| |
| fput(file); |
| out_putname: |
| - putname(pathname); |
| + __putname(pathname); |
| out: |
| return result; |
| } |