Re: Another slab size-32 leak 2.6.16-rc4-mm2
On Thu, 2006-03-02 at 14:39 -0600, Dustin Kirkland wrote:
I'm in-lining a simple patch that solves memory leak and collects
the
required information. Rather than calling audit_ipc_context() which
allocates memory and returns a char * which was being lost, ipcperms()
instead calls audit_ipc_perms(), which wraps audit_ipc_context() thereby
storing the context in an auxiliary IPC audit record. This happens each
and every time ipcperms() is called.
But ipcperms() isn't called on every IPC operation, in particular not
for the ones that apply uid ownership or capability tests rather than
mode checks, e.g. SHM_LOCK/UNLOCK. Compare the coverage of the
security_* hooks in the ipc code against the audit-related hooks. That
is why I suggested making a call to some audit hook for collecting the
IPC object context from every selinux_* IPC hook - that ensures coverage
without requiring additional audit hooks.
--
Stephen Smalley
National Security Agency