rpms/kernel/devel linux-2.6-ima-leak.patch, NONE, 1.1 kernel.spec, 1.1742, 1.1743 allow-disabling-ima.diff, 1.1, NONE
Eric Paris
eparis at fedoraproject.org
Wed Aug 26 19:33:53 UTC 2009
- Previous message: rpms/dhcp/devel dhcp.spec,1.271,1.272
- Next message: rpms/podsleuth/devel podsleuth-0.6.4-sg3_utils.patch, NONE, 1.1 .cvsignore, 1.4, 1.5 podsleuth.spec, 1.10, 1.11 sources, 1.4, 1.5 podsleuth-0.6.0-sg3_utils.patch, 1.1, NONE update-model-info-fix-artwork-bug-r64_68.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: eparis
Update of /cvs/pkgs/rpms/kernel/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv25551
Modified Files:
kernel.spec
Added Files:
linux-2.6-ima-leak.patch
Removed Files:
allow-disabling-ima.diff
Log Message:
* Wed Aug 26 2009 Eric Paris <eparis at redhat.com>
- fix iint_cache leak in IMA code
drop the ima=0 patch
linux-2.6-ima-leak.patch:
ima_main.c | 4 ++++
1 file changed, 4 insertions(+)
--- NEW FILE linux-2.6-ima-leak.patch ---
commit 3e1957da0c6adb57113cfc50bb0f59196e4fc5da
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 26 14:51:50 2009 -0400
IMA: iint put in ima_counts_get and put
ima_counts_get() calls ima_iint_find_insert_get() which takes a reference
to the iint in question, but does not put that reference at the end of the
function. This can lead to a nasty memory leak. Easy enough to reproduce:
#include <sys/mman.h>
#include <stdio.h>
int main (void)
{
int i;
void *ptr;
for (i=0; i < 100000; i++) {
ptr = mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_SHARED|MAP_ANONYMOUS, -1, 0);
if (ptr == MAP_FAILED)
return 2;
munmap(ptr, 4096);
}
return 0;
}
Signed-off-by: Eric Paris <eparis at redhat.com>
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 101c512..4732f5e 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -262,6 +262,8 @@ void ima_counts_put(struct path *path, int mask)
else if (mask & (MAY_READ | MAY_EXEC))
iint->readcount--;
mutex_unlock(&iint->mutex);
+
+ kref_put(&iint->refcount, iint_free);
}
/*
@@ -291,6 +293,8 @@ void ima_counts_get(struct file *file)
if (file->f_mode & FMODE_WRITE)
iint->writecount++;
mutex_unlock(&iint->mutex);
+
+ kref_put(&iint->refcount, iint_free);
}
EXPORT_SYMBOL_GPL(ima_counts_get);
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/kernel.spec,v
retrieving revision 1.1742
retrieving revision 1.1743
diff -u -p -r1.1742 -r1.1743
--- kernel.spec 26 Aug 2009 19:25:56 -0000 1.1742
+++ kernel.spec 26 Aug 2009 19:33:53 -0000 1.1743
@@ -727,7 +727,8 @@ Patch12011: linux-2.6-block-silently-err
# fix xen boot
Patch12020: xen-fb-probe-fix.patch
-Patch90000: allow-disabling-ima.diff
+#fix ima iint_cache leak
+Patch13000: linux-2.6-ima-leak.patch
%endif
@@ -1345,7 +1346,7 @@ ApplyPatch linux-2.6-silence-acpi-blackl
# fix xen boot
ApplyPatch xen-fb-probe-fix.patch
-ApplyPatch allow-disabling-ima.diff
+ApplyPatch linux-2.6-ima-leak.patch
# END OF PATCH APPLICATIONS
@@ -2013,6 +2014,10 @@ fi
# and build.
%changelog
+* Wed Aug 26 2009 Eric Paris <eparis at redhat.com>
+- fix iint_cache leak in IMA code
+ drop the ima=0 patch
+
* Wed Aug 26 2009 Justin M. Forbes <jforbes at redhat.com>
- Fix munlock with KSM (#516909)
- Re-enable KSM
--- allow-disabling-ima.diff DELETED ---
- Previous message: rpms/dhcp/devel dhcp.spec,1.271,1.272
- Next message: rpms/podsleuth/devel podsleuth-0.6.4-sg3_utils.patch, NONE, 1.1 .cvsignore, 1.4, 1.5 podsleuth.spec, 1.10, 1.11 sources, 1.4, 1.5 podsleuth-0.6.0-sg3_utils.patch, 1.1, NONE update-model-info-fix-artwork-bug-r64_68.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list