Thanks for the information. I'll pull this on top of 2.3.0p1. Does tomoyo-tools have a git repository?
Ritesh
On 03/02/2011 01:15 PM, Tetsuo Handa wrote:
> Memory leak was found in TOMOYO 2.3 which is included in 2.6.36 and later.
>
> In tomoyo_check_open_permission() which checks permissions upon file open,
> TOMOYO was by error recalculating already calculated pathname when checking
> allow_rewrite permission.
>
> int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
> struct path *path, const int flag)
> {
> const u8 acc_mode = ACC_MODE(flag);
> int error = -ENOMEM;
> struct tomoyo_path_info buf;
> struct tomoyo_request_info r;
> int idx;
>
> if (!path->mnt ||
> (path->dentry->d_inode && S_ISDIR(path->dentry->d_inode->i_mode)))
> return 0;
> buf.name = NULL;
> r.mode = TOMOYO_CONFIG_DISABLED;
> idx = tomoyo_read_lock();
> if (!tomoyo_get_realpath(&buf, path))
> goto out;
> error = 0;
> /*
> * If the filename is specified by "deny_rewrite" keyword,
> * we need to check "allow_rewrite" permission when the filename is not
> * opened for append mode or the filename is truncated at open time.
> */
> if ((acc_mode & MAY_WRITE) && !(flag & O_APPEND)
> && tomoyo_init_request_info(&r, domain, TOMOYO_MAC_FILE_REWRITE)
> != TOMOYO_CONFIG_DISABLED) {
> if (!tomoyo_get_realpath(&buf, path)) {
> error = -ENOMEM;
> goto out;
> }
> if (tomoyo_no_rewrite_file(&buf))
> error = tomoyo_path_permission(&r, TOMOYO_TYPE_REWRITE,
> &buf);
> }
> (...snipped...)
> }
>
> As a result, memory will leak whenever a file is opened for writing without
> O_APPEND flag. Also, performance will degrade because TOMOYO is calculating
> pathname regardless of profile configuration (i.e. calculates pathname even
> for CONFIG={ mode=disabled } case.)
>
> To fix the leak and degrade, please apply below patch and recompile and
> reboot.
>
> ---
> security/tomoyo/file.c | 5 +----
> 1 file changed, 1 insertion(+), 4 deletions(-)
>
> --- linux-2.6.38-rc7.orig/security/tomoyo/file.c
> +++ linux-2.6.38-rc7/security/tomoyo/file.c
> @@ -927,7 +927,7 @@ int tomoyo_check_open_permission(struct
> struct path *path, const int flag)
> {
> const u8 acc_mode = ACC_MODE(flag);
> - int error = -ENOMEM;
> + int error = 0;
> struct tomoyo_path_info buf;
> struct tomoyo_request_info r;
> int idx;
> @@ -938,9 +938,6 @@ int tomoyo_check_open_permission(struct
> buf.name = NULL;
> r.mode = TOMOYO_CONFIG_DISABLED;
> idx = tomoyo_read_lock();
> - if (!tomoyo_get_realpath(&buf, path))
> - goto out;
> - error = 0;
> /*
> * If the filename is specified by "deny_rewrite" keyword,
> * we need to check "allow_rewrite" permission when the filename is not
>
> If you cannot reboot soon, you can append below entries to
> /etc/tomoyo/profile.conf and /sys/kernel/security/tomoyo/profile
> (i.e. disable allow_rewrite permission checking) in order to avoid the leak.
>
> 0-CONFIG::file::rewrite={ mode=disabled }
> 1-CONFIG::file::rewrite={ mode=disabled }
> 2-CONFIG::file::rewrite={ mode=disabled }
> 3-CONFIG::file::rewrite={ mode=disabled }
>
> Regards.
>
> _______________________________________________
> tomoyo-users-en mailing list
> [email protected]
> http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
--
Ritesh Raj Sarraf
RESEARCHUT - http://www.researchut.com
"Necessity is the mother of invention."
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tomoyo-users-en mailing list [email protected] http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
