ACK/Cmnt: [SRU] [Jammy] [PATCH 0/1] UBUNTU: audit: fix memory leak of audit_log_lsm()
Tim Gardner
tim.gardner at canonical.com
Wed Feb 22 13:28:23 UTC 2023
On 2/22/23 12:25 AM, Jianlin Lv wrote:
> On Wed, Feb 22, 2023 at 12:18 AM Tim Gardner <tim.gardner at canonical.com> wrote:
>>
>> On 2/17/23 10:05 AM, Jianlin Lv wrote:
>>> BugLink: https://bugs.launchpad.net/bugs/1987430
>>>
>>> [Impact]
>>>
>>> Under upgrading server to Ubuntu 22.04 with kernel 5.15.0-XX, memory
>>> started to ramp up slowly that growth ~1 GB a day.
>>>
>>> [Fix]
>>>
>>> The memory leak is an allocated struct audit_buffer object in
>>> audit_log_lsm() that to record LSM attributes.
>>> Free audit buffer before audit_log_lsm() return.
>>>
>>> [Test Plan]
>>>
>>> 1.Disable apparmor module by append apparmor=0 to grub
>>>
>>> 2.Start auditd service with following audit rule:
>>> -a exit,always -F arch=b64 -S execve
>>> -a exit,always -F arch=b32 -S execve
>>>
>>> 3.Using Kmemleak to check if memory leak has occurred
>>> $ cat /sys/kernel/debug/kmemleak
>>> or Keep watching for changes in slabinfo
>>> $ watch "sudo cat /proc/slabinfo | grep kmalloc-2k"
>>>
>>> Jianlin Lv (1):
>>> UBUNTU: audit: fix memory leak of audit_log_lsm()
>>>
>>> kernel/auditsc.c | 5 +++--
>>> 1 file changed, 3 insertions(+), 2 deletions(-)
>>>
>> Acked-by: Tim Gardner <tim.gardner at canonical.com>
>>
>> Have you reported this upstream ?
>>
>> We could carry this patch, but it needs SAUCE: in the subject which can
>> be added when the patch is applied.
>
> This issue is introduced by 85ff537962 (UBUNTU: SAUCE: Audit: Add new
> record for multiple process LSM attributes). The corresponding upstream
> patches have not landed in the Linux kernel mainline.
> In this case, Should I commit patches v2 with SAUCE?
>
That shouldn't be necessary.
>> --
>> -----------
>> Tim Gardner
>> Canonical, Inc
>>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list