From nobody Tue Dec 2 00:44:59 2025 Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 950E236D4FF for ; Mon, 24 Nov 2025 18:37:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764009459; cv=none; b=VG6GaGfUwD4R62vhvO6UZMRM9jAT0bX7kd4xljysNoVff4tLyloXY8hekuk450JGv0JAMzleBXuAsRG7O9gM/S02FCZ6FGETFBup2cHW9Ixi0oyfiKQsV9Gwz4V0aXZ3btcCTPVp/VqwcpZRShFH2yffDO/12juiLva1jB+B47M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764009459; c=relaxed/simple; bh=CoKqk2ox68rAkfL6WcvWcU0ppTTx3kVUqaDxfPjfA/I=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=r5g+fmHDr5vsIChPvJhWHJ/mz380t5u3c4bE/Iyn/oSRrWw6sxFiD1Ao/AGHhvviwPUF3qxeuqAc0y/MJPglWBOOweVHm5YU/XQVumctD9qdtYu5XFbUwU3m7z25zzluywN2J6fSoV2jFbAwDKF5Tp14qj1Bcw6Gs2ZmdzbsP8o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=asu.edu; spf=pass smtp.mailfrom=asu.edu; dkim=pass (2048-bit key) header.d=asu.edu header.i=@asu.edu header.b=i+hkFhl6; arc=none smtp.client-ip=209.85.214.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=asu.edu Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=asu.edu Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=asu.edu header.i=@asu.edu header.b="i+hkFhl6" Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-29555415c5fso51176975ad.1 for ; Mon, 24 Nov 2025 10:37:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=asu.edu; s=google; t=1764009457; x=1764614257; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=kZw+juK+q7h47aLeilETPpW6rwxwgU7rCBYNuJmpRWY=; b=i+hkFhl6NQiZ0mqQtB34oI9+2wuhFjIjuD8DmiBdsv/2YwA/SsyBAuIkywoiMkZ8a6 dpWWKDemueYEXMElPYYYP+YK5PZ7ZBNi056g2FFee/Y689OxYCYqRSh+i2cl9yQkiySU i5Tgk3nuNhwTLR35ZJqCzY5B8YSRhFpuOAAsy3OC+Rf5XsGfzasHYBQjhm1qvcTlZvu6 iOH1CrC79HkP7t29MSKq+Te4klh9++UUnKuZ92JIjbObT7eha/gob68vAs2dz2/y6bkD TDC55yCb9dEkxb4BCofYg9N/NmCpFpSBTuxvv4gS0Uw5Ca0+WApPm5lmTDd5oSS1MxQl QMwA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764009457; x=1764614257; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=kZw+juK+q7h47aLeilETPpW6rwxwgU7rCBYNuJmpRWY=; b=AxUX7LJnjfeuzvqgaVA5hplJ9TZQl2L/FiDvXMdq3pr5Yp2C+JqRWmhmi7c2WkBJdJ aYEZ4EGltKsctYz/GsFLrZGqrCZ9+gP+fbxpaQ831ghtIdCGyQbxZyaaMoKApFfsGxsa 6ZU0E94mmyU0daVgnMIRVrNxM7mekp/K8llocS2dxvScX6HGLJY/nCO2ilVued585IFM sIijboie5ADQdJv1ssFeQM1taTzPhmuo6ZiDCPUQkgBMOFrYY6jMN4F52HzrRiRTkY8g JN+4eG3/Fl9uWO7qjGiSXMMIcM48yCpJyxS385mf1f16oospD1f8GJr9Y2mvyZrtbwx6 QmCA== X-Forwarded-Encrypted: i=1; AJvYcCVF/1/dcBo8Krz8GdlTNMbucv4CVr/31SqEjaZJ6aHEIXO/4hIyFzpz7O/GmB+2Ovz8ebF6892/+p+AcG0=@vger.kernel.org X-Gm-Message-State: AOJu0YxBFPucOpzCTxrhSfmE0uBFr4XHwl2cEpvjQFi3ADUlPsjCdBgp ZvWOrwP4c3nv8nxBPgGIki6eByalbZ+u6GXi5O9ZFziHP5yh1CCVTryYWsELHenBmg== X-Gm-Gg: ASbGncvx9D0z3S/uC9wKnrXTb4VDxNB/OWIlFPhlptB8+TEplirg2ssqbjCqTzlCy+C DyXw8vZ+uRg49dfGVyahs3z7n/CoghVQM29CIv+ws5wqZXvX/5m6USjrGKbvDucX7EaNjyRVEK8 763uCcYeifAHRKLhCqr3UTfXXRIP+YfjLcfGSixCcn0hjO9RstM0yZcVokjLFRVWgM1dGHyJJlv pXQQtTPxuuwwwHyHalD3b/Ev1TKaMp5fuorzAcu/BzFjsNqCMzY/Anld/BsnP7mJyw8PunWR++I GpVZSZ8VwsvE7EgaKtFwMjQjY7Us4XiHv0BnemBTAKTffY1gW9N3uba1KC8VzvEUGGbxw46NU6K DMRacFOPUTTlq8LeCr4IM9zKv2gmorUHaUzp7HUxxsNwbvqFEZE/7NpTSTWrVtxTAxn4FMlE6L+ +0JbkW/2SXFMk4Tqg5mKmDnj1zHEtmR+pw4kuVEK24vKLO2rss+NWaf9fMaw+s X-Google-Smtp-Source: AGHT+IGn5EqjwzRfiB2VpWr4Noy/hVhotgpKu+WJtkYJoWQIS/Bu7xHJE1k506YAzSZi0VmArj8d+w== X-Received: by 2002:a05:701b:2916:b0:11b:9386:8264 with SMTP id a92af1059eb24-11c9d86340dmr5199622c88.41.1764009456624; Mon, 24 Nov 2025 10:37:36 -0800 (PST) Received: from will-mint.dhcp.asu.edu (209-147-139-190.nat.asu.edu. [209.147.139.190]) by smtp.googlemail.com with ESMTPSA id a92af1059eb24-11c93de6d5csm49114829c88.4.2025.11.24.10.37.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 24 Nov 2025 10:37:36 -0800 (PST) From: Will Rosenberg To: Cc: Will Rosenberg , Oliver Rosenberg , Greg Kroah-Hartman , Tejun Heo , Paul Moore , Casey Schaufler , Ondrej Mosnacek , linux-kernel@vger.kernel.org Subject: [PATCH v3] kernfs: fix memory leak of kernfs_iattrs in __kernfs_new_node Date: Mon, 24 Nov 2025 11:37:33 -0700 Message-Id: <20251124183733.1943956-1-whrosenb@asu.edu> X-Mailer: git-send-email 2.34.1 In-Reply-To: <2025112442-favorite-draw-76b0@gregkh> References: <2025112442-favorite-draw-76b0@gregkh> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" There exists a memory leak of kernfs_iattrs contained as an element of kernfs_node allocated in __kernfs_new_node(). __kernfs_setattr() allocates kernfs_iattrs as a sub-object, and the LSM security check incorrectly errors out and does not free the kernfs_iattrs sub-object. Make an additional error out case that properly frees kernfs_iattrs if security_kernfs_init_security() fails. Fixes: e19dfdc83b60 ("kernfs: initialize security of newly created nodes") Co-developed-by: Oliver Rosenberg Signed-off-by: Oliver Rosenberg Signed-off-by: Will Rosenberg --- Notes: V1 -> V2: meant as a RESEND, but the commit message and notes were also= made more succinct. Patch remained unchanged. v1 was not sent to LKML by m= istake. V2 -> V3: Update Fixes tag in commit message. Patch remains unchanged. fs/kernfs/dir.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/kernfs/dir.c b/fs/kernfs/dir.c index a670ba3e565e..5a40bfee7055 100644 --- a/fs/kernfs/dir.c +++ b/fs/kernfs/dir.c @@ -675,11 +675,13 @@ static struct kernfs_node *__kernfs_new_node(struct k= ernfs_root *root, if (parent) { ret =3D security_kernfs_init_security(parent, kn); if (ret) - goto err_out3; + goto err_out4; } =20 return kn; =20 + err_out4: + kfree(kn->iattr); err_out3: spin_lock(&root->kernfs_idr_lock); idr_remove(&root->ino_idr, (u32)kernfs_ino(kn)); base-commit: dcb6fa37fd7bc9c3d2b066329b0d27dedf8becaa --=20 2.34.1