Re: Another slab size-32 leak 2.6.16-rc4-mm2

Hi folks, I reply to the discussion on the function audit_ipc_context() - as I just subscribed, I do not have the right thread handle. Before looking into the question, I looked at the thread. The function audit_ipc_context(struct kern_ipc_perm *ipcp) you are talking about implements oopses: quite obvious I guess: if (len < 0) goto error_path; [...] ctx = kmalloc(len, GFP_ATOMIC); if (!ctx) goto error_path; [...] error_path: kfree(ctx); audit_panic("error in audit_ipc_context"); You free ctx although it has not been allocated - I do not like that ;-) Other than that, let me see whether I can help you answering the questions. Please tell me if I misunderstand anything: The question for you is whether to keep this function. This function is about to collect labels for IPC functions. If this function is gone, you cannot audit any labels for the IPC functions any more?! If this is the case, then this function needs to stay, because: - syscalls msg*, sem*, shm* (except shmdt) do DAC checks - now, they also perform MAC checks by calling appropriate SELinux hooks (as required by the ST as IPC mechanisms are subject to MAC - I think shmdt now must also be subject to MAC at least), then these syscalls must perform audit - the audit requirement for IPC calls is specified in FAU_GEN.1.1 LSPP in the table: "All decisions on requests for information flow" must be audited - FAU_SAR.3 LSPP requires that subject and object sensitivity labels are to be audited. Ergo, the functionality in question must stay. Ciao Stephan