Hi George,
> > memory leak from above allocation.
> These do not appear to be leaks. They always get freed in
> do_syscall_trace_leave(), both when the syscalls return -EFAULT and
> when audit is disabled. I verified this with printk's. With the
> check for audit enabled, they no longer get allocated needlessly.
> Unless a syscall can bypass do_syscall_trace_leave(), these look
> like they don't leak.
I think you do have some memory leaks. For example:
> +int audit_mq_open(int oflag, mode_t mode, struct mq_attr __user *u_attr)
> +{
> + struct audit_aux_data_mq_open *ax;
> + struct audit_context *context = current->audit_context;
> +
> + if (!audit_enabled)
> + return 0;
> +
> + if (likely(!context))
> + return 0;
> +
> + ax = kmalloc(sizeof(*ax), GFP_ATOMIC);
> + if (!ax)
> + return -ENOMEM;
> +
> + if (u_attr != NULL) {
> + if (copy_from_user(&ax->attr, u_attr, sizeof(ax->attr)))
> + return -EFAULT;
If this return is taken, the memory allocated above will not be freed
at syscall exit time because the assignment of context->aux was not
made. ax needs to be freed before returning from the error paths.
> + } else
> + memset(&ax->attr, 0, sizeof(ax->attr));
> +
> + ax->oflag = oflag;
> + ax->mode = mode;
> +
> + ax->d.type = AUDIT_MQ_OPEN;
> + ax->d.next = context->aux;
> + context->aux = (void *)ax;
> + return 0;
> +}
There are similar cases in other functions.
-- ljk
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
