Re: [PATCH] Fix for binary_sysctl() memory leak

From: Michel Lespinasse
Date: Thu Dec 15 2011 - 17:59:40 EST

Next message: Felipe Balbi: "Re: [PATCH] usb: musb: fix pm_runtime mismatch"
Previous message: David Miller: "Re: pull request: wireless 2011-12-15"
In reply to: Andrew Morton: "Re: [PATCH] Fix for binary_sysctl() memory leak"
Next in thread: Michel Lespinasse: "Re: [PATCH] Fix for binary_sysctl() memory leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Dec 15, 2011 at 2:44 PM, Andrew Morton
<akpm@xxxxxxxxxxxxxxxxxxxx> wrote:
> OK. Please resend with a new changelog?

All right. Will do as a reply to this (I'll add the same explanation
as in my previous email).

> The bug surprises me - it seems that it makes it trivial for userspace
> to cause leaking of mad amounts of kernel memory, which would cause the
> bug to be found and fixed quickly.
>
> Is it a recent regression, or does the bug trigger only in weird
> circumstances, or what?

As far as I can tell, the bug was introduced in v2.6.33-rc1 by commit
26a7034b40ba80f82f64fa251a2cbf49f9971c6a

It's probably not common because people use sysctl mainly at boot
time, and/or don't use the deprecated binary variant of it anymore.
But yes, it is trivial to exploit...

--
Michel "Walken" Lespinasse
A program is never fully debugged until the last user dies.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Felipe Balbi: "Re: [PATCH] usb: musb: fix pm_runtime mismatch"
Previous message: David Miller: "Re: pull request: wireless 2011-12-15"
In reply to: Andrew Morton: "Re: [PATCH] Fix for binary_sysctl() memory leak"
Next in thread: Michel Lespinasse: "Re: [PATCH] Fix for binary_sysctl() memory leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]