fsaudit patch against audit.53 RPM
Timothy R. Chavez
tinytim at us.ibm.com
Mon Jun 6 16:00:01 UTC 2005
On Monday 06 June 2005 10:52, Timothy R. Chavez wrote:
> Hello,
>
> I already see two little bugs in my code in audit_remove_watch.
Er, and auditfs_attach_wdata
> David,
> before you build can you add in the spin_unlock() before the goto?
>
> kernel/auditfs.c: audit_remove_watch()
>
> +
> + spin_lock(&auditfs_lock);
> + real = audit_fetch_watch(nd.last.name, data);
> + if (!real)
> -> spin_unlock(&auditfs_lock);
> goto audit_remove_watch_release;
> - }
> audit_destroy_watch(real);
> + spin_unlock(&auditfs_lock);
>
> And, place before the kfree an audit_watch_put()
>
> kernel/auditsc.c: audit_attach_wdata()
> +
> +auditfs_attach_wdata_fail:
> + hlist_for_each_entry_safe(this, pos, tmp, &ax->watches, node) {
> + hlist_del(&this->node);
> -> audit_watch_put(this);
Er... audit_watch_put(this->watch);
> + kfree(this);
> + }
> +
> + return -ENOMEM
>
>
> This patch includes David's Implicit unpinning patch.
>
> Changelog:
>
> * Removed a fundamental mathematical operation embedded in
> a debugging statement ;)
>
> * Removed the local lock on inode audit data in favor of of a global
> auditfs_lock spinlock
>
> * Added a list of watches that could be associated with any given
> inode in favor of a pointer to just one
>
> * Attempt to remove watches first via the master watchlist and then
> by path lookup
>
> * Remove watch from inode, master watchlist, and local watchlist
> when removing watch via administrator action
>
> * Altered record in kernel/auditsc.c to support watches per inode per
> record
>
> -tim
>
>
>
More information about the Linux-audit
mailing list