[PATCH 12/14] audit: Simplify locking around untag_chunk()

Richard Guy Briggs rgb at redhat.com
Thu Oct 18 12:27:40 UTC 2018 

On 2018-10-17 12:15, Jan Kara wrote:
> untag_chunk() has to be called with hash_lock, it drops it and
> reacquires it when returning. The unlocking of hash_lock is thus hidden
> from the callers of untag_chunk() with is rather error prone. Reorganize
> the code so that untag_chunk() is called without hash_lock, only with
> mark reference preventing the chunk from going away.
> 
> Since this requires some more code in the caller of untag_chunk() to
> assure forward progress, factor out loop pruning tree from all chunks
> into a common helper function.
> 
> Signed-off-by: Jan Kara <jack at suse.cz>
> ---
>  kernel/audit_tree.c | 75 ++++++++++++++++++++++++++++-------------------------
>  1 file changed, 40 insertions(+), 35 deletions(-)
> 
> diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
> index 145e8c92dd31..5deb4e1ed648 100644
> --- a/kernel/audit_tree.c
> +++ b/kernel/audit_tree.c
> @@ -332,27 +332,19 @@ static int chunk_count_trees(struct audit_chunk *chunk)
>  	return ret;
>  }
>  
> -static void untag_chunk(struct node *p)
> +static void untag_chunk(struct audit_chunk *chunk, struct fsnotify_mark *entry)
>  {
> -	struct audit_chunk *chunk = find_chunk(p);
> -	struct fsnotify_mark *entry = chunk->mark;
> -	struct audit_chunk *new = NULL;
> +	struct audit_chunk *new;
>  	int size;
>  
> -	remove_chunk_node(chunk, p);
> -	fsnotify_get_mark(entry);
> -	spin_unlock(&hash_lock);
> -
> -	mutex_lock(&entry->group->mark_mutex);
> +	mutex_lock(&audit_tree_group->mark_mutex);
>  	/*
>  	 * mark_mutex protects mark from getting detached and thus also from
>  	 * mark->connector->obj getting NULL.
>  	 */
>  	if (chunk->dead || !(entry->flags & FSNOTIFY_MARK_FLAG_ATTACHED)) {
> -		mutex_unlock(&entry->group->mark_mutex);
> -		if (new)
> -			fsnotify_put_mark(new->mark);
> -		goto out;
> +		mutex_unlock(&audit_tree_group->mark_mutex);
> +		return;

This isn't an error, but more a question of style.  Since the end of the
function has been simplified, this could just be "goto out_mutex", or
remove the one remaining "goto out_mutex" after the next patch and do
the same as here since other exits aren't so clean.

>  	}
>  
>  	size = chunk_count_trees(chunk);
> @@ -363,9 +355,9 @@ static void untag_chunk(struct node *p)
>  		list_del_rcu(&chunk->hash);
>  		spin_unlock(&hash_lock);
>  		fsnotify_detach_mark(entry);
> -		mutex_unlock(&entry->group->mark_mutex);
> +		mutex_unlock(&audit_tree_group->mark_mutex);
>  		fsnotify_free_mark(entry);
> -		goto out;
> +		return;
>  	}
>  
>  	new = alloc_chunk(size);
> @@ -387,16 +379,13 @@ static void untag_chunk(struct node *p)
>  	replace_chunk(new, chunk);
>  	spin_unlock(&hash_lock);
>  	fsnotify_detach_mark(entry);
> -	mutex_unlock(&entry->group->mark_mutex);
> +	mutex_unlock(&audit_tree_group->mark_mutex);
>  	fsnotify_free_mark(entry);
>  	fsnotify_put_mark(new->mark);	/* drop initial reference */
> -	goto out;
> +	return;
>  
>  out_mutex:
> -	mutex_unlock(&entry->group->mark_mutex);
> -out:
> -	fsnotify_put_mark(entry);
> -	spin_lock(&hash_lock);
> +	mutex_unlock(&audit_tree_group->mark_mutex);
>  }
>  
>  /* Call with group->mark_mutex held, releases it */
> @@ -579,22 +568,45 @@ static void kill_rules(struct audit_tree *tree)
>  }
>  
>  /*
> - * finish killing struct audit_tree
> + * Remove tree from chunks. If 'tagged' is set, remove tree only from tagged
> + * chunks. The function expects tagged chunks are all at the beginning of the
> + * chunks list.
>   */
> -static void prune_one(struct audit_tree *victim)
> +static void prune_tree_chunks(struct audit_tree *victim, bool tagged)
>  {
>  	spin_lock(&hash_lock);
>  	while (!list_empty(&victim->chunks)) {
>  		struct node *p;
> +		struct audit_chunk *chunk;
> +		struct fsnotify_mark *mark;
> +
> +		p = list_first_entry(&victim->chunks, struct node, list);
> +		/* have we run out of marked? */
> +		if (tagged && !(p->index & (1U<<31)))
> +			break;
> +		chunk = find_chunk(p);
> +		mark = chunk->mark;
> +		remove_chunk_node(chunk, p);
> +		fsnotify_get_mark(mark);
> +		spin_unlock(&hash_lock);
>  
> -		p = list_entry(victim->chunks.next, struct node, list);
> +		untag_chunk(chunk, mark);
> +		fsnotify_put_mark(mark);
>  
> -		untag_chunk(p);
> +		spin_lock(&hash_lock);
>  	}
>  	spin_unlock(&hash_lock);
>  	put_tree(victim);
>  }
>  
> +/*
> + * finish killing struct audit_tree
> + */
> +static void prune_one(struct audit_tree *victim)
> +{
> +	prune_tree_chunks(victim, false);
> +}
> +
>  /* trim the uncommitted chunks from tree */
>  
>  static void trim_marked(struct audit_tree *tree)
> @@ -614,18 +626,11 @@ static void trim_marked(struct audit_tree *tree)
>  			list_add(p, &tree->chunks);
>  		}
>  	}
> +	spin_unlock(&hash_lock);
>  
> -	while (!list_empty(&tree->chunks)) {
> -		struct node *node;
> -
> -		node = list_entry(tree->chunks.next, struct node, list);
> -
> -		/* have we run out of marked? */
> -		if (!(node->index & (1U<<31)))
> -			break;
> +	prune_tree_chunks(tree, true);
>  
> -		untag_chunk(node);
> -	}
> +	spin_lock(&hash_lock);
>  	if (!tree->root && !tree->goner) {
>  		tree->goner = 1;
>  		spin_unlock(&hash_lock);
> -- 
> 2.16.4
> 

- RGB

--
Richard Guy Briggs <rgb at redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635

More information about the Linux-audit mailing list