[RHEL8,COMMIT] ms/audit: fix a memleak caused by auditing load module

Submitted by Konstantin Khorenko on June 16, 2020, 11:12 a.m.

Details

Message ID 202006161112.05GBCEW4012934@finist-co8.sw.ru
State New
Headers show

Patch hide | download patch | download mbox

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 3b4fff24eac8..d16878f20d5d 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -881,6 +881,13 @@  static inline void audit_proctitle_free(struct audit_context *context)
 	context->proctitle.len = 0;
 }
 
+static inline void audit_free_module(struct audit_context *context)
+{
+	if (context->type == AUDIT_KERN_MODULE) {
+		kfree(context->module.name);
+		context->module.name = NULL;
+	}
+}
 static inline void audit_free_names(struct audit_context *context)
 {
 	struct audit_names *n, *next;
@@ -964,6 +971,7 @@  int audit_alloc(struct task_struct *tsk)
 
 static inline void audit_free_context(struct audit_context *context)
 {
+	audit_free_module(context);
 	audit_free_names(context);
 	unroll_tree_refs(context, NULL, 0);
 	free_tree_refs(context);
@@ -1281,7 +1289,6 @@  static void show_special(struct audit_context *context, int *call_panic)
 		audit_log_format(ab, "name=");
 		if (context->module.name) {
 			audit_log_untrustedstring(ab, context->module.name);
-			kfree(context->module.name);
 		} else
 			audit_log_format(ab, "(null)");
 
@@ -1583,6 +1590,7 @@  void __audit_syscall_exit(int success, long return_code)
 	if (!list_empty(&context->killed_trees))
 		audit_kill_trees(&context->killed_trees);
 
+	audit_free_module(context);
 	audit_free_names(context);
 	unroll_tree_refs(context, NULL, 0);
 	audit_free_aux(context);