audit.66 kernel

Fri Jun 24 15:05:52 UTC 2005

On Wed, 2005-06-22 at 18:15 -0400, Steve Grubb wrote:
> Jun 22 18:08:58 localhost kernel: EIP is at auditfs_attach_wdata
> +0x2c6/0x401

OK, I think I have it. It was an error in my attempt to handle watches
going away while we're in auditfs_attach_wdata().

If that happens we start again at the beginning of the inode's watch
list, and jump back in to the main loop as soon as we find a watch which
hadn't already been dealt with.

But in the case where there _were_ no more watches to be dealt with, we
should break out of the main loop immediately. We were falling through
and ending up on the hlist_for_each_entry() loop with watch == NULL. It
was oopsing when it tried to fetch watch->w_watched.next.

Testing with this... will build audit.$next without the printk.

--- linux-2.6.9/kernel/auditsc.c	2005-06-24 15:20:38.000000000 +0100
+++ linux-2.6.9/kernel/auditsc.c	2005-06-24 15:51:32.000000000 +0100
@@ -1365,6 +1365,9 @@ void auditfs_attach_wdata(struct inode *
 				   pick up where we left off. */
 				goto restart;
 			}
+			/* We'd actually covered every watch that still exists. */
+			printk("Fell off end. Would die. Shan't\n");
+			break;
 		}
 		audit_watch_put(watch);
 	}


-- 
dwmw2


