[PATCH] audit: grab a reference to context->pwd when it's cached
Peter Moody
pmoody at google.com
Thu Aug 16 01:41:57 UTC 2012
On Wed, Aug 15, 2012 at 6:26 PM, Alexander Viro <aviro at redhat.com> wrote:
> On Wed, Aug 15, 2012 at 06:13:33PM -0700, Peter Moody wrote:
>> On certain systems, in certain pathalogical cases, current's cwd can
>> be deleted while we're still processing a syscall. This should prevent
>> the system from evicting the inode while we're still referencing it.
>>
>> This seems to fix the bug I reported here:
>> https://www.redhat.com/archives/linux-audit/2012-August/msg00017.html
>
> Sigh... The bug is real, but I really don't like the fix. Among other
> things, it's going to cause cacheline bouncing from hell and not everyone
> runs with audit sensibly disabled... Let me think for a while and see
> if I can come up with something less unpleasant, OK?
Works for me. I have a set of machines that I can very easily test a fix on.
Cheers,
peter
--
Peter Moody Google 1.650.253.7306
Security Engineer pgp:0xC3410038
More information about the Linux-audit
mailing list