audit.47 filesystem problems (reported by Rob Myers)

[Timothy R. Chavez]

Ok,

Let me be clear on the two problems Rob Myers has brought up.

Problem 1:

When shutting down the system one gets the following VFS notification: 
"VFS: Busy inodes after unmount...."

Diagnosis:

I believe this has to do with the fact that when we set watches, we pin the 
dentry in memory.  When we pin the dentry in memory, we effectively pin the 
inode associated with it in memory as well.  When we unmount a file system 
with watches in it, whether we're shutting down or not, because we still have 
a reference to the dentry, we should see this VFS notification.

Solution:

This could be tricky.  Ideally we want to unpin all pinned dentries right 
before a umount.  This could get ugly, right?

The other solution is to just assume the administrator is only ever going to 
umount a watched file system when they shut down and that we should then, 
from user space, remove all watches prior to shut down.

Problem 2:

An OOPS when referencing a NULL pointer when watching /var/audit/audit.log in 
an SMP environment which has not yet been reproduced.

Diagnosis:

Because this has not be reproducible and we're in an SMP environment its 
probably safe to say there is a race.  Because the OOPs occurred from within 
permission() and we're dealing with file system watches it is safe to assume 
that the race occurred somewhere in or under audit_notify_watch().

Solution:

None yet.  I'll be looking into this right now


Do I have a clear understanding of the situation?

-tim