Fabian Frederick 62659f0b9e sysv, ipc: fix security-layer leaking ... commit 9b24fef9f0410fb5364245d6cc2bd044cc064007 upstream. Commit 53dad6d3a8 ("ipc: fix race with LSMs") updated ipc_rcu_putref() to receive rcu freeing function but used generic ipc_rcu_free() instead of msg_rcu_free() which does security cleaning. Running LTP msgsnd06 with kmemleak gives the following: cat /sys/kernel/debug/kmemleak unreferenced object 0xffff88003c0a11f8 (size 8): comm "msgsnd06", pid 1645, jiffies 4294672526 (age 6.549s) hex dump (first 8 bytes): 1b 00 00 00 01 00 00 00 ........ backtrace: kmemleak_alloc+0x23/0x40 kmem_cache_alloc_trace+0xe1/0x180 selinux_msg_queue_alloc_security+0x3f/0xd0 security_msg_queue_alloc+0x2e/0x40 newque+0x4e/0x150 ipcget+0x159/0x1b0 SyS_msgget+0x39/0x40 entry_SYSCALL_64_fastpath+0x13/0x8f Manfred Spraul suggested to fix sem.c as well and Davidlohr Bueso to only use ipc_rcu_free in case of security allocation failure in newary() Fixes: 53dad6d3a8 ("ipc: fix race with LSMs") Link: http://lkml.kernel.org/r/1470083552-22966-1-git-send-email-fabf@skynet.be Signed-off-by: Fabian Frederick <fabf@skynet.be> Cc: Davidlohr Bueso <dbueso@suse.de> Cc: Manfred Spraul <manfred@colorfullife.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2016-08-16 09:30:50 +02:00
..
compat_mq.c
compat.c
ipc_sysctl.c
Makefile
mq_sysctl.c
mqueue.c
msg.c	sysv, ipc: fix security-layer leaking	2016-08-16 09:30:50 +02:00
msgutil.c	ipc,msg: drop dst nil validation in copy_msg	2015-11-06 17:50:42 -08:00
namespace.c
sem.c	sysv, ipc: fix security-layer leaking	2016-08-16 09:30:50 +02:00
shm.c	ipc/shm: handle removed segments gracefully in shm_mmap()	2016-02-25 12:01:23 -08:00
syscall.c
util.c	Initialize msg/shm IPC objects before doing ipc_addid()	2015-09-30 12:48:40 -04:00
util.h