On Wed 22-07-20 15:58:43, Amir Goldstein wrote:
> The audit groups marks mask does not contain any events possible on
> child,so setting the flag FS_EVENT_ON_CHILD in the mask is counter
> productive.
>
> It may lead to the undesired outcome of setting the dentry flag
> DCACHE_FSNOTIFY_PARENT_WATCHED on a directory inode even though it is
> not watching children, because the audit mark contribute the flag
> FS_EVENT_ON_CHILD to the inode's fsnotify_mask and another mark could
> be contributing an event that is possible on child to the inode's mask.
>
> Signed-off-by: Amir Goldstein <amir73il@xxxxxxxxx>
The same as for patch 2/9...
Honza
> ---
> kernel/audit_fsnotify.c | 2 +-
> kernel/audit_watch.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/kernel/audit_fsnotify.c b/kernel/audit_fsnotify.c
> index 30ca239285a3..bd3a6b79316a 100644
> --- a/kernel/audit_fsnotify.c
> +++ b/kernel/audit_fsnotify.c
> @@ -36,7 +36,7 @@ static struct fsnotify_group *audit_fsnotify_group;
>
> /* fsnotify events we care about. */
> #define AUDIT_FS_EVENTS (FS_MOVE | FS_CREATE | FS_DELETE | FS_DELETE_SELF |\
> - FS_MOVE_SELF | FS_EVENT_ON_CHILD)
> + FS_MOVE_SELF)
>
> static void audit_fsnotify_mark_free(struct audit_fsnotify_mark *audit_mark)
> {
> diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
> index 61fd601f1edf..e23d54bcc587 100644
> --- a/kernel/audit_watch.c
> +++ b/kernel/audit_watch.c
> @@ -53,7 +53,7 @@ static struct fsnotify_group *audit_watch_group;
>
> /* fsnotify events we care about. */
> #define AUDIT_FS_WATCH (FS_MOVE | FS_CREATE | FS_DELETE | FS_DELETE_SELF |\
> - FS_MOVE_SELF | FS_EVENT_ON_CHILD | FS_UNMOUNT)
> + FS_MOVE_SELF | FS_UNMOUNT)
>
> static void audit_free_parent(struct audit_parent *parent)
> {
> --
> 2.17.1
>
--
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR
