fsaudit patch against audit.53 RPM

[Timothy R. Chavez]

Hello,

I already see two little bugs in my code in audit_remove_watch.  David,
before you build can you add in the spin_unlock() before the goto?

kernel/auditfs.c: audit_remove_watch()

+
+       spin_lock(&auditfs_lock);
+       real = audit_fetch_watch(nd.last.name, data);
+       if (!real)
->		spin_unlock(&auditfs_lock);
                goto audit_remove_watch_release;
-       }
        audit_destroy_watch(real);
+       spin_unlock(&auditfs_lock);

And, place before the kfree an audit_watch_put()

kernel/auditsc.c: audit_attach_wdata()
+
+auditfs_attach_wdata_fail:
+       hlist_for_each_entry_safe(this, pos, tmp, &ax->watches, node) {
+               hlist_del(&this->node);
->		 audit_watch_put(this);
+               kfree(this);
+       }
+
+       return -ENOMEM


This patch includes David's Implicit unpinning patch.

Changelog:

* Removed a fundamental mathematical operation embedded in
a debugging statement ;)

* Removed the local lock on inode audit data in favor of of a global
auditfs_lock spinlock

* Added a list of watches that could be associated with any given
inode in favor of a pointer to just one

* Attempt to remove watches first via the master watchlist and then
by path lookup

* Remove watch from inode, master watchlist, and local watchlist 
when removing watch via administrator action

* Altered record in kernel/auditsc.c to support watches per inode per
record

-tim


-------------- next part --------------
A non-text attachment was scrubbed...
Name: auditfs~53+.patch
Type: text/x-diff
Size: 29891 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050606/ef85c77d/attachment.bin>