On Mon 10-04-17 17:31:26, Jan Kara wrote:
> On Thu 06-04-17 07:51:48, Paul Moore wrote:
> > On Wed, Apr 5, 2017 at 3:38 AM, Jan Kara <jack@xxxxxxx> wrote:
> > > On Tue 04-04-17 16:47:11, Paul Moore wrote:
> > >> On Mon, Apr 3, 2017 at 11:33 AM, Jan Kara <jack@xxxxxxx> wrote:
> > >> > Currently audit code uses checking of mark->inode to verify whether mark
> > >> > is still alive. Switch that to checking mark flags as that is more
> > >> > logical and current way will become unreliable in future.
> > >> >
> > >> > Reviewed-by: Miklos Szeredi <mszeredi@xxxxxxxxxx>
> > >> > Signed-off-by: Jan Kara <jack@xxxxxxx>
> > >> > ---
> > >> > kernel/audit_tree.c | 4 ++--
> > >> > 1 file changed, 2 insertions(+), 2 deletions(-)
> > >>
> > >> Should audit_tree.c:insert_hash() also be updated in a similar manner?
> > >
> > > Do you mean the part which has become chunk_to_key()? ...
> >
> > No, I was talking about the if conditional near the top of the
> > function that checks to see if the fsnotify_mark's inode is non-NULL;
> > it seems like you would also want to convert that to a
> > FSNOTIFY_MARK_FLAG_ATTACHED, yes?
>
> Ah, that one. Yes, that can certainly become a FSNOTIFY_MARK_FLAG_ATTACHED
> check although I cannot currently come up with a situation where it would
> matter. But it looks safer that way so I'll change that check as you
> suggest.
Attached is the resulting patch.
Honza
--
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR
>From 43471d15df0e7c40ca4df1513fc1dcf5765396ac Mon Sep 17 00:00:00 2001
From: Jan Kara <jack@xxxxxxx>
Date: Mon, 3 Apr 2017 16:47:58 +0200
Subject: [PATCH] audit_tree: Use mark flags to check whether mark is alive
Currently audit code uses checking of mark->inode to verify whether mark
is still alive. Switch that to checking mark flags as that is more
logical and current way will become unreliable in future.
Reviewed-by: Miklos Szeredi <mszeredi@xxxxxxxxxx>
Signed-off-by: Jan Kara <jack@xxxxxxx>
---
kernel/audit_tree.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
index 11c7ac441624..51451245936a 100644
--- a/kernel/audit_tree.c
+++ b/kernel/audit_tree.c
@@ -190,7 +190,7 @@ static void insert_hash(struct audit_chunk *chunk)
unsigned long key = chunk_to_key(chunk);
struct list_head *list;
- if (!key)
+ if (!(chunk->mark.flags & FSNOTIFY_MARK_FLAG_ATTACHED))
return;
list = chunk_hash(key);
list_add_rcu(&chunk->hash, list);
@@ -248,7 +248,7 @@ static void untag_chunk(struct node *p)
mutex_lock(&entry->group->mark_mutex);
spin_lock(&entry->lock);
- if (chunk->dead || !entry->inode) {
+ if (chunk->dead || !(entry->flags & FSNOTIFY_MARK_FLAG_ATTACHED)) {
spin_unlock(&entry->lock);
mutex_unlock(&entry->group->mark_mutex);
if (new)
@@ -408,7 +408,7 @@ static int tag_chunk(struct inode *inode, struct audit_tree *tree)
mutex_lock(&old_entry->group->mark_mutex);
spin_lock(&old_entry->lock);
- if (!old_entry->inode) {
+ if (!(old_entry->flags & FSNOTIFY_MARK_FLAG_ATTACHED)) {
/* old_entry is being shot, lets just lie */
spin_unlock(&old_entry->lock);
mutex_unlock(&old_entry->group->mark_mutex);
--
2.12.0
