Re: RFC: kernel memory leak fix for af_unix datagram getpeersec
On 26/07/06, Catherine Zhang [EMAIL PROTECTED] wrote: Enclosed please find the new fix for the memory leak problem, incorporating suggestions from Stephen and James. FYI, Michal confirmed that, with this patch, kmemleak no longer reports leaks in the context_struct_to_string() function in security/selinux/ss/services.c. Many thanks to Michal for testing this (and his constant feedback into kmemleak). -- Catalin - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: RFC: kernel memory leak fix for af_unix datagram getpeersec
Hi, Catalin and Michal, Many thanks for your help in fnding and testing the patch! Catherine Catalin Marinas [EMAIL PROTECTED] wrote on 07/27/2006 05:00:23 AM: On 26/07/06, Catherine Zhang [EMAIL PROTECTED] wrote: Enclosed please find the new fix for the memory leak problem, incorporating suggestions from Stephen and James. FYI, Michal confirmed that, with this patch, kmemleak no longer reports leaks in the context_struct_to_string() function in security/selinux/ss/services.c. Many thanks to Michal for testing this (and his constant feedback into kmemleak). -- Catalin - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: RFC: kernel memory leak fix for af_unix datagram getpeersec
On Wed, 2006-07-26 at 16:19 -0400, Catherine Zhang wrote: diff -puN include/net/scm.h~af_unix-datagram-getpeersec-ml-fix include/net/scm.h --- linux-2.6.18-rc2/include/net/scm.h~af_unix-datagram-getpeersec-ml-fix 2006-07-22 21:28:21.0 -0400 +++ linux-2.6.18-rc2-cxzhang/include/net/scm.h2006-07-24 11:19:54.0 -0400 @@ -3,6 +3,7 @@ #include linux/limits.h #include linux/net.h +#include linux/security.h /* Well, we should have at least one descriptor open * to accept passed FDs 8) @@ -20,8 +21,7 @@ struct scm_cookie struct ucredcreds; /* Skb credentials */ struct scm_fp_list *fp;/* Passed files */ #ifdef CONFIG_SECURITY_NETWORK - char*secdata; /* Security context */ - u32 seclen; /* Security length */ + u32 sid;/* Passed security ID */ I think that secid is what has been chosen for security identifiers outside of the core SELinux code to to avoid confusion with session identifiers. Lingering references to sid or ctxid are going to be converted to secid. diff -puN net/unix/af_unix.c~af_unix-datagram-getpeersec-ml-fix net/unix/af_unix.c --- linux-2.6.18-rc2/net/unix/af_unix.c~af_unix-datagram-getpeersec-ml-fix 2006-07-22 23:01:26.0 -0400 +++ linux-2.6.18-rc2-cxzhang/net/unix/af_unix.c 2006-07-22 23:14:15.0 -0400 @@ -1323,8 +1299,9 @@ static int unix_dgram_sendmsg(struct kio memcpy(UNIXCREDS(skb), siocb-scm-creds, sizeof(struct ucred)); if (siocb-scm-fp) unix_attach_fds(siocb-scm, skb); - - unix_get_peersec_dgram(skb); +#ifdef CONFIG_SECURITY_NETWORK + memcpy(UNIXSID(skb), siocb-scm-sid, sizeof(u32)); +#endif /* CONFIG_SECURITY_NETWORK */ You want to retain the static inlines, and just update their contents, not replace them with embedded #ifdefs. And this could be a direct assignment, right? -- Stephen Smalley National Security Agency - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: RFC: kernel memory leak fix for af_unix datagram getpeersec
From: Stephen Smalley [EMAIL PROTECTED] Date: Wed, 26 Jul 2006 16:50:40 -0400 diff -puN net/unix/af_unix.c~af_unix-datagram-getpeersec-ml-fix net/unix/af_unix.c --- linux-2.6.18-rc2/net/unix/af_unix.c~af_unix-datagram-getpeersec-ml-fix 2006-07-22 23:01:26.0 -0400 +++ linux-2.6.18-rc2-cxzhang/net/unix/af_unix.c 2006-07-22 23:14:15.0 -0400 @@ -1323,8 +1299,9 @@ static int unix_dgram_sendmsg(struct kio memcpy(UNIXCREDS(skb), siocb-scm-creds, sizeof(struct ucred)); if (siocb-scm-fp) unix_attach_fds(siocb-scm, skb); - - unix_get_peersec_dgram(skb); +#ifdef CONFIG_SECURITY_NETWORK + memcpy(UNIXSID(skb), siocb-scm-sid, sizeof(u32)); +#endif /* CONFIG_SECURITY_NETWORK */ You want to retain the static inlines, and just update their contents, not replace them with embedded #ifdefs. And this could be a direct assignment, right? This is my feeling too. - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html