lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 6 Jun 2009 23:29:45 +0100 (BST)
From:	Hugh Dickins <hugh.dickins@...cali.co.uk>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
cc:	Mimi Zohar <zohar@...ibm.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Mimi Zohar <zohar@...ux.vnet.ibm.com>,
	Serge Hallyn <serue@...ibm.com>,
	James Morris <jmorris@...ei.org>,
	Al Viro <viro@...iv.linux.org.uk>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] integrity: fix IMA inode leak

On Sat, 6 Jun 2009, Linus Torvalds wrote:
> On Sat, 6 Jun 2009, Linus Torvalds wrote:
> > On Sat, 6 Jun 2009, Hugh Dickins wrote:
> > >
> > > CONFIG_IMA=y inode activity leaks iint_cache and radix_tree_node objects
> > > until the system runs out of memory.  Nowhere is calling ima_inode_free()
> > > a.k.a. ima_iint_delete().  Fix that by calling it from destroy_inode().
> > 
> > Shouldn't we call it from "security_inode_free()" instead? And shouldn't 
> > it be allocated in "security_inode_alloc()"? That sounds like the correct 
> > nesting here, since the whole integrity thing is under the security 
> > module.
> > 
> > Hmm?

I wondered the same: quite possibly, but I tend to assume there was reason
to do it like that; and thought it best to mirror the security_inode_alloc,
ima_inode_alloc with ima_inode_free, security_inode_free for now.

(I also disliked the obfuscescent #define ima_iint_delete ima_inode_free
in ima_iint.c!)

> 
> Oh well. I applied the patch as-is, since it seems to fix a real issue. 

Thanks, yes.  There is a possibility that it will reveal some warnings
from iint_free which were hidden before; but I've not seen them in normal
working, and I'd anyway prefer a few warnings to my boxes OOMing.  Though
it was only by mistake that I had CONFIG_IMA=y in the first place.

> 
> But I do think fs/inode.c shouldn't care about things like that, and have 
> it internal to security_inode_alloc/free(). But I guess that's a separate 
> cleanup.

The IMA stuff all looks rather bolted in on top; I did fail to persuade
Mimi to move the shmem and shm hooks down a level, so for now at least
they'll stay as they are.

Hugh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ