Posix ACL object is leaked in several places upon setattr and fsetxattr syscalls
Issue
- Kernel leaks posix acl object on ACL_TYPE_ACCESS operation
[ 708.617544] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
...
# cat /sys/kernel/debug/kmemleak
unreferenced object 0xffff8e77eb8ed740 (size 64):
comm "cp", pid 2020, jiffies 4294846037 (age 1228.415s)
hex dump (first 32 bytes):
01 00 00 00 77 8e ff ff 65 64 5f 75 3a 6f 62 6a ....w...ed_u:obj
03 00 00 00 01 00 07 00 6d 69 6e 5f 04 00 05 00 ........min_....
backtrace:
[<ffffffffbb280c5c>] __kmalloc+0x14c/0x430
[<ffffffffbb32891c>] posix_acl_alloc+0x1c/0x30
[<ffffffffbb3293e2>] posix_acl_from_xattr+0x82/0x190
[<ffffffffc0afc192>] ext4_xattr_set_acl+0x92/0x2e0 [ext4]
[<ffffffffbb2de6eb>] generic_setxattr+0x6b/0x90
[<ffffffffbb2def65>] __vfs_setxattr_noperm+0x65/0x1b0
[<ffffffffbb2df165>] vfs_setxattr+0xb5/0xc0
[<ffffffffbb2df2cc>] setxattr+0x15c/0x1f0
[<ffffffffbb2df7ce>] SyS_fsetxattr+0xce/0x110
[<ffffffffbb88fa92>] system_call_fastpath+0x25/0x2a
[<ffffffffffffffff>] 0xffffffffffffffff
- This leak, for example, appears on each fsetxattr call, thus allowing an arbitrary user to exhaust all the kernel memory.
Environment
- Red Hat Enterprise Linux 7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.