[SRU] [Jammy] [PATCH 1/1] UBUNTU: audit: fix memory leak of audit_log_lsm()

[Jianlin Lv]

BugLink: https://bugs.launchpad.net/bugs/1987430

Got following memory leak reports by kmemleak

unreferenced object 0xffff8baee56b9d08 (size 24):
  comm "grep", pid 5503, jiffies 4297727573 (age 466.572s)
  hex dump (first 24 bytes):
    00 80 b5 a2 ae 8b ff ff 00 74 74 db dd 8b ff ff  .........tt.....
    20 0a 00 00 00 00 00 00                           .......
  backtrace:
    [<00000000b7cc6a2d>] kmem_cache_alloc+0x13f/0x450
    [<0000000024efa20e>] audit_log_start.part.0+0x12d/0x3b0
    [<000000007a98c9a0>] audit_log_start+0x3f/0x60
    [<00000000165c321e>] audit_log_lsm+0x74/0x180
    [<00000000e9cb2cd0>] audit_log_exit+0x4df/0x700
    [<00000000688ae612>] __audit_syscall_exit+0x241/0x2b0
    [<00000000bda00aef>] syscall_exit_work+0x116/0x150
    [<000000008071854f>] syscall_exit_to_user_mode+0x3b/0x50
    [<000000000dd668c7>] do_syscall_64+0x69/0xc0
    [<00000000bef68a32>] entry_SYSCALL_64_after_hwframe+0x44/0xae
unreferenced object 0xffff8baea2b58000 (size 224):
  comm "grep", pid 5503, jiffies 4297727573 (age 466.572s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000b2225191>] kmem_cache_alloc_node+0x14f/0x460
    [<0000000097965326>] __alloc_skb+0x168/0x1d0
    [<00000000400424f6>] audit_log_start.part.0+0x14d/0x3b0
    [<000000007a98c9a0>] audit_log_start+0x3f/0x60
    [<00000000165c321e>] audit_log_lsm+0x74/0x180
    [<00000000e9cb2cd0>] audit_log_exit+0x4df/0x700
    [<00000000688ae612>] __audit_syscall_exit+0x241/0x2b0
    [<00000000bda00aef>] syscall_exit_work+0x116/0x150
    [<000000008071854f>] syscall_exit_to_user_mode+0x3b/0x50
    [<000000000dd668c7>] do_syscall_64+0x69/0xc0
    [<00000000bef68a32>] entry_SYSCALL_64_after_hwframe+0x44/0xae

struct audit_buffer object allocated in audit_log_lsm should be freed if
lsmblob_is_set/security_secid_to_secctx return false or error.

Signed-off-by: Jianlin Lv <iecedge at gmail.com>
---
 kernel/auditsc.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index d37ef7c76f35..693c8c3d294b 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1526,7 +1526,7 @@ void audit_log_lsm(struct lsmblob *blob, bool exiting)
 	if (blob == NULL) {
 		security_task_getsecid_subj(current, &localblob);
 		if (!lsmblob_is_set(&localblob))
-			return;
+			goto end;
 		blob = &localblob;
 	}
 
@@ -1536,7 +1536,7 @@ void audit_log_lsm(struct lsmblob *blob, bool exiting)
 		error = security_secid_to_secctx(blob, &lsmdata, i);
 		if (error && error != -EINVAL) {
 			audit_panic("error in audit_log_lsm");
-			return;
+			goto end;
 		}
 
 		audit_log_format(ab, "%ssubj_%s=%s", sep ? " " : "",
@@ -1546,6 +1546,7 @@ void audit_log_lsm(struct lsmblob *blob, bool exiting)
 		security_release_secctx(&lsmdata);
 	}
 
+end:
 	audit_log_end(ab);
 }
 
-- 
2.25.1