MIRRORS/linux-imx
1
0
Fork 0
mirror of https://github.com/nxp-imx/linux-imx.git synced 2026-04-24 07:29:54 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
89f00a62a4
linux-imx/ipc
History
Fabian Frederick a19e67e83a sysv, ipc: fix security-layer leaking 
commit 9b24fef9f0 upstream.

Commit 53dad6d3a8 ("ipc: fix race with LSMs") updated ipc_rcu_putref()
to receive rcu freeing function but used generic ipc_rcu_free() instead
of msg_rcu_free() which does security cleaning.

Running LTP msgsnd06 with kmemleak gives the following:

  cat /sys/kernel/debug/kmemleak

  unreferenced object 0xffff88003c0a11f8 (size 8):
    comm "msgsnd06", pid 1645, jiffies 4294672526 (age 6.549s)
    hex dump (first 8 bytes):
      1b 00 00 00 01 00 00 00                          ........
    backtrace:
      kmemleak_alloc+0x23/0x40
      kmem_cache_alloc_trace+0xe1/0x180
      selinux_msg_queue_alloc_security+0x3f/0xd0
      security_msg_queue_alloc+0x2e/0x40
      newque+0x4e/0x150
      ipcget+0x159/0x1b0
      SyS_msgget+0x39/0x40
      entry_SYSCALL_64_fastpath+0x13/0x8f

Manfred Spraul suggested to fix sem.c as well and Davidlohr Bueso to
only use ipc_rcu_free in case of security allocation failure in newary()

Fixes: 53dad6d3a8 ("ipc: fix race with LSMs")
Link: http://lkml.kernel.org/r/1470083552-22966-1-git-send-email-fabf@skynet.be
Signed-off-by: Fabian Frederick <fabf@skynet.be>
Cc: Davidlohr Bueso <dbueso@suse.de>
Cc: Manfred Spraul <manfred@colorfullife.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
2016-08-19 09:51:07 +02:00
..
compat_mq.c ipc: initialize structure memory to zero for compat functions 2010-10-27 18:03:13 -07:00
compat.c ipc/compat_sys_msgrcv: change msgtyp type from long to compat_long_t 2015-02-02 15:59:30 +01:00
ipc_sysctl.c ipc: always handle a new value of auto_msgmni 2014-11-19 18:38:25 +01:00
ipcns_notifier.c ipc: do not use a negative value to re-enable msgmni automatic recomputing 2008-07-25 10:53:42 -07:00
Makefile Add generic sys_ipc wrapper 2010-03-12 15:52:32 -08:00
mq_sysctl.c ipc,mqueue: remove limits for the amount of system-wide queues 2014-03-05 17:13:53 +01:00
mqueue.c ipc: modify message queue accounting to not take kernel data structures into account 2015-08-25 16:56:55 +02:00
msg.c sysv, ipc: fix security-layer leaking 2016-08-19 09:51:07 +02:00
msgutil.c ipc, msg: fix message length check for negative values 2013-12-04 11:05:22 -08:00
namespace.c ipc: drop ipc_lock_by_ptr 2013-09-11 15:59:44 -07:00
sem.c sysv, ipc: fix security-layer leaking 2016-08-19 09:51:07 +02:00
shm.c Initialize msg/shm IPC objects before doing ipc_addid() 2015-10-28 16:37:58 +01:00
syscall.c get rid of union semop in sys_semctl(2) arguments 2013-03-05 15:14:16 -05:00
util.c Initialize msg/shm IPC objects before doing ipc_addid() 2015-10-28 16:37:58 +01:00
util.h ipc, msg: fix message length check for negative values 2013-12-04 11:05:22 -08:00