summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichel Lespinasse <walken@google.com>2011-12-19 17:12:06 -0800
committerLinus Torvalds <torvalds@linux-foundation.org>2011-12-20 10:25:04 -0800
commit3d3c8f93a237b64580c5c5e138edeb1377e98230 (patch)
tree8c932423a1c5f80320e46dc77f29c668f196d73c
parent0006526d78e93c3684c806bf7cf3f67dfa49c3c8 (diff)
downloadlinux-3.10-3d3c8f93a237b64580c5c5e138edeb1377e98230.tar.gz
linux-3.10-3d3c8f93a237b64580c5c5e138edeb1377e98230.tar.bz2
linux-3.10-3d3c8f93a237b64580c5c5e138edeb1377e98230.zip
binary_sysctl(): fix memory leak
binary_sysctl() calls sysctl_getname() which allocates from names_cache slab usin __getname() The matching function to free the name is __putname(), and not putname() which should be used only to match getname() allocations. This is because when auditing is enabled, putname() calls audit_putname *instead* (not in addition) to __putname(). Then, if a syscall is in progress, audit_putname does not release the name - instead, it expects the name to get released when the syscall completes, but that will happen only if audit_getname() was called previously, i.e. if the name was allocated with getname() rather than the naked __getname(). So, __getname() followed by putname() ends up leaking memory. Signed-off-by: Michel Lespinasse <walken@google.com> Acked-by: Al Viro <viro@zeniv.linux.org.uk> Cc: Christoph Hellwig <hch@infradead.org> Cc: Eric Paris <eparis@redhat.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--kernel/sysctl_binary.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c
index 6318b511afa..a650694883a 100644
--- a/kernel/sysctl_binary.c
+++ b/kernel/sysctl_binary.c
@@ -1354,7 +1354,7 @@ static ssize_t binary_sysctl(const int *name, int nlen,
fput(file);
out_putname:
- putname(pathname);
+ __putname(pathname);
out:
return result;
}