path: root/kernel
diff options
authorMichel Lespinasse <>2011-12-19 17:12:06 -0800
committerGreg Kroah-Hartman <>2012-01-06 14:17:02 -0800
commita6c066b0703eeafc61eafdd5addf157ee671bd68 (patch)
tree0f380c9afb999bfec7689fbb1cb7f892fdc73e6a /kernel
parent8b6984422659dd49fdbf9ef3c829bd2bb3798053 (diff)
binary_sysctl(): fix memory leak
commit 3d3c8f93a237b64580c5c5e138edeb1377e98230 upstream. binary_sysctl() calls sysctl_getname() which allocates from names_cache slab usin __getname() The matching function to free the name is __putname(), and not putname() which should be used only to match getname() allocations. This is because when auditing is enabled, putname() calls audit_putname *instead* (not in addition) to __putname(). Then, if a syscall is in progress, audit_putname does not release the name - instead, it expects the name to get released when the syscall completes, but that will happen only if audit_getname() was called previously, i.e. if the name was allocated with getname() rather than the naked __getname(). So, __getname() followed by putname() ends up leaking memory. Signed-off-by: Michel Lespinasse <> Acked-by: Al Viro <> Cc: Christoph Hellwig <> Cc: Eric Paris <> Signed-off-by: Andrew Morton <> Signed-off-by: Linus Torvalds <> Signed-off-by: Greg Kroah-Hartman <>
Diffstat (limited to 'kernel')
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c
index e8bffbe2ba4b..2ce1b3086726 100644
--- a/kernel/sysctl_binary.c
+++ b/kernel/sysctl_binary.c
@@ -1354,7 +1354,7 @@ static ssize_t binary_sysctl(const int *name, int nlen,
- putname(pathname);
+ __putname(pathname);
return result;