From patchwork Fri Feb 17 17:05:28 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jianlin Lv <iecedge@gmail.com>
X-Patchwork-Id: 1744372
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=91.189.94.19; helo=huckleberry.canonical.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20210112 header.b=LE7c34aj;
	dkim-atps=neutral
Received: from huckleberry.canonical.com (huckleberry.canonical.com
 [91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4PJJB91lB4z240c
	for <incoming@patchwork.ozlabs.org>; Sat, 18 Feb 2023 04:06:23 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1pT4BW-0005iL-QW; Fri, 17 Feb 2023 17:06:10 +0000
Received: from mail-il1-f170.google.com ([209.85.166.170])
 by huckleberry.canonical.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <iecedge@gmail.com>) id 1pT4BS-0005gd-Se
 for kernel-team@lists.ubuntu.com; Fri, 17 Feb 2023 17:06:07 +0000
Received: by mail-il1-f170.google.com with SMTP id s14so508276iln.2
 for <kernel-team@lists.ubuntu.com>; Fri, 17 Feb 2023 09:06:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=3YhB0GiddUWConlsD2e0pS5QK5liqwhCUjK8b+AkrSs=;
 b=LE7c34ajBIuLrnUP09c+JlrUByT//5++C3cMCAt6qYcAmI8/vnXYMhVlTXd9nQiBD7
 Uqq4ccTOMsxdFxiAnlJRQLCIKlKCfxixXEFh75gqbsaUZF9M+L8PXkXP3V/qzaYxVdNP
 pl+Y39ADbvqZzyEv6uSmMpJ1fo2YCmnTUWW9QxE1E8F81oEyLXayb8Vuee4fXTwI/BQO
 QNvSmbrTrY7mIe+Bh3L2SZfpAKx+RVU980lipdZJsWX5MAGhsEvP9L97pds7VaG3NcI2
 b+/UFw60yiGdlAafyH2YOu9MKXMBTMJONL1qHW2LyNN184XWiS7yS27rb4Y9egLqAbno
 HErg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=3YhB0GiddUWConlsD2e0pS5QK5liqwhCUjK8b+AkrSs=;
 b=29Fql35+gXfRIwgIq9zIG2RXZlCqlwS/9P7v7KC+R548y2fUTF7f5P0HC+x5mYenre
 kKtT81u/mvrqHEnd208QpKP24kwAZX/Npvg2+tMD5HIqrd5ibP29AQ13XKbD7VDy7RDJ
 QYt/JbHJormfqffuFgFEIV72ajV2o48PbVAn6ePhefIrpa39pfXsWLr3wUyg4ZaCmErU
 0qspAnEvgL+nkLFLq3yMwemyGqYfgp9Hjll+Jnt8t46DBhTP1XhmNsNovl+O0tNK//iS
 BNkQJezw1Z1bqASFXkXkPrzqfQJB5nikUr5oC311RKYrKofLjmdbSSWPybH4T6txi8ll
 0kVg==
X-Gm-Message-State: AO0yUKU9u6fd82DcXsm/XN7eMy+T3vV3cqBqUUlTBLGjWZRHxWPwZ9FR
 rbE+8RFMRAa6utUxAgWWBOBFlLMJjBOiFnoP
X-Google-Smtp-Source: 
 AK7set/2ozdxr7cLJwF1dCFGPW4rB8GMSErH4Qt90ZeUuwcjLkZcgg8qVHWSld+1CtSSjrJReyoskQ==
X-Received: by 2002:a05:6e02:12e3:b0:316:67be:1b9a with SMTP id
 l3-20020a056e0212e300b0031667be1b9amr1801479iln.22.1676653565249;
 Fri, 17 Feb 2023 09:06:05 -0800 (PST)
Received: from ip-172-31-23-7.us-east-2.compute.internal
 (ec2-3-136-116-153.us-east-2.compute.amazonaws.com. [3.136.116.153])
 by smtp.googlemail.com with ESMTPSA id
 h24-20020a02b618000000b003c4f7dd7554sm1622580jam.5.2023.02.17.09.06.04
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 17 Feb 2023 09:06:04 -0800 (PST)
From: Jianlin Lv <iecedge@gmail.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU] [Jammy] [PATCH 1/1] UBUNTU: audit: fix memory leak of
 audit_log_lsm()
Date: Fri, 17 Feb 2023 17:05:28 +0000
Message-Id: 
 <8a97e4dc7f970b13f7a64e79a0b3d76b8fb800f0.1676651944.git.iecedge@gmail.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1676651944.git.iecedge@gmail.com>
References: <cover.1676651944.git.iecedge@gmail.com>
MIME-Version: 1.0
Received-SPF: pass client-ip=209.85.166.170; envelope-from=iecedge@gmail.com;
 helo=mail-il1-f170.google.com
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: jianlv@ebay.com
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

BugLink: https://bugs.launchpad.net/bugs/1987430

Got following memory leak reports by kmemleak

unreferenced object 0xffff8baee56b9d08 (size 24):
  comm "grep", pid 5503, jiffies 4297727573 (age 466.572s)
  hex dump (first 24 bytes):
    00 80 b5 a2 ae 8b ff ff 00 74 74 db dd 8b ff ff  .........tt.....
    20 0a 00 00 00 00 00 00                           .......
  backtrace:
    [<00000000b7cc6a2d>] kmem_cache_alloc+0x13f/0x450
    [<0000000024efa20e>] audit_log_start.part.0+0x12d/0x3b0
    [<000000007a98c9a0>] audit_log_start+0x3f/0x60
    [<00000000165c321e>] audit_log_lsm+0x74/0x180
    [<00000000e9cb2cd0>] audit_log_exit+0x4df/0x700
    [<00000000688ae612>] __audit_syscall_exit+0x241/0x2b0
    [<00000000bda00aef>] syscall_exit_work+0x116/0x150
    [<000000008071854f>] syscall_exit_to_user_mode+0x3b/0x50
    [<000000000dd668c7>] do_syscall_64+0x69/0xc0
    [<00000000bef68a32>] entry_SYSCALL_64_after_hwframe+0x44/0xae
unreferenced object 0xffff8baea2b58000 (size 224):
  comm "grep", pid 5503, jiffies 4297727573 (age 466.572s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000b2225191>] kmem_cache_alloc_node+0x14f/0x460
    [<0000000097965326>] __alloc_skb+0x168/0x1d0
    [<00000000400424f6>] audit_log_start.part.0+0x14d/0x3b0
    [<000000007a98c9a0>] audit_log_start+0x3f/0x60
    [<00000000165c321e>] audit_log_lsm+0x74/0x180
    [<00000000e9cb2cd0>] audit_log_exit+0x4df/0x700
    [<00000000688ae612>] __audit_syscall_exit+0x241/0x2b0
    [<00000000bda00aef>] syscall_exit_work+0x116/0x150
    [<000000008071854f>] syscall_exit_to_user_mode+0x3b/0x50
    [<000000000dd668c7>] do_syscall_64+0x69/0xc0
    [<00000000bef68a32>] entry_SYSCALL_64_after_hwframe+0x44/0xae

struct audit_buffer object allocated in audit_log_lsm should be freed if
lsmblob_is_set/security_secid_to_secctx return false or error.

Signed-off-by: Jianlin Lv <iecedge@gmail.com>
---
 kernel/auditsc.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index d37ef7c76f35..693c8c3d294b 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1526,7 +1526,7 @@ void audit_log_lsm(struct lsmblob *blob, bool exiting)
 	if (blob == NULL) {
 		security_task_getsecid_subj(current, &localblob);
 		if (!lsmblob_is_set(&localblob))
-			return;
+			goto end;
 		blob = &localblob;
 	}
 
@@ -1536,7 +1536,7 @@ void audit_log_lsm(struct lsmblob *blob, bool exiting)
 		error = security_secid_to_secctx(blob, &lsmdata, i);
 		if (error && error != -EINVAL) {
 			audit_panic("error in audit_log_lsm");
-			return;
+			goto end;
 		}
 
 		audit_log_format(ab, "%ssubj_%s=%s", sep ? " " : "",
@@ -1546,6 +1546,7 @@ void audit_log_lsm(struct lsmblob *blob, bool exiting)
 		security_release_secctx(&lsmdata);
 	}
 
+end:
 	audit_log_end(ab);
 }