audit.50 kernel
David Woodhouse
dwmw2 at infradead.org
Thu May 26 14:56:01 UTC 2005
On Thu, 2005-05-26 at 10:40 -0400, Steve Grubb wrote:
> 0xc0141fc8 is in audit_update_watch (kernel/auditfs.c:542).
Hm. That's the first time we deference the inode's audit data after
calling audit_inode_data() to fetch it from the hash table. For some
reason it's not being found.
Can you build you a kernel with this in, or should I build it?
--- linux-2.6.9/kernel/auditfs.c~ 2005-05-26 12:50:13.000000000 +0100
+++ linux-2.6.9/kernel/auditfs.c 2005-05-26 15:51:51.000000000 +0100
@@ -75,6 +75,16 @@ struct audit_inode_data *inode_audit_dat
if (*list && (*list)->inode == inode)
ret = *list;
+ if (!ret) {
+ /* Hm. At the moment, we should never see an inode which doesn't have audit data */
+ printk("Hm. No audit data for inode %p. Hash bucket for hash %d follows...\n", inode, h);
+ list = &auditfs_hash_table[h];
+ while (*list) {
+ printk("ino=%p data=%p\n", (*list)->inode, *list);
+ list = &(*list->next_hash);
+ }
+ }
+
spin_unlock(&auditfs_hash_lock);
return ret;
}
@@ -525,6 +535,11 @@ void audit_update_watch(struct dentry *d
return;
data = inode_audit_data(dentry->d_inode);
+ if (!data) {
+ printk(KERN_WARNING "Hmmm. No audit data for inode #%lu at %p. name %s\n",
+ dentry->d_inode->i_ino, dentry->d_inode, dentry->d_name.name);
+ return;
+ }
parent = inode_audit_data(dentry->d_parent->d_inode);
wentry = audit_wentry_fetch_lock(dentry->d_name.name, parent);
--
dwmw2
More information about the Linux-audit
mailing list