diff options
author | Michel Lespinasse <walken@google.com> | 2011-12-20 05:12:06 +0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2011-12-20 22:25:04 +0400 |
commit | 3d3c8f93a237b64580c5c5e138edeb1377e98230 (patch) | |
tree | 8c932423a1c5f80320e46dc77f29c668f196d73c /drivers | |
parent | 0006526d78e93c3684c806bf7cf3f67dfa49c3c8 (diff) | |
download | linux-3d3c8f93a237b64580c5c5e138edeb1377e98230.tar.xz |
binary_sysctl(): fix memory leak
binary_sysctl() calls sysctl_getname() which allocates from names_cache
slab usin __getname()
The matching function to free the name is __putname(), and not putname()
which should be used only to match getname() allocations.
This is because when auditing is enabled, putname() calls audit_putname
*instead* (not in addition) to __putname(). Then, if a syscall is in
progress, audit_putname does not release the name - instead, it expects
the name to get released when the syscall completes, but that will happen
only if audit_getname() was called previously, i.e. if the name was
allocated with getname() rather than the naked __getname(). So,
__getname() followed by putname() ends up leaking memory.
Signed-off-by: Michel Lespinasse <walken@google.com>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Eric Paris <eparis@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'drivers')
0 files changed, 0 insertions, 0 deletions