On Sun, Sep 22, 2024 at 01:49:01AM +0100, Al Viro wrote: > Another fun bit is that both audit_inode() and audit_inode_child() > may bump the refcount on struct filename. Which can get really fishy > if they get called by helper thread while the originator is exiting the > syscall - putname() from audit_free_names() in originator vs. refcount > increment in helper is Not Nice(tm), what with the refcount not being > atomic. *blink* OK, I really wonder which version had I been reading at the time; refcount is, indeed, atomic these days. Other problems (->aname pointing to other thread's struct audit_names and outliving reuse of those, as well as insane behaviour of audit predicates on symlink(2)) are, unfortunately, quite real - on the current mainline.
