I believe this was already found and fixed: https://lkml.org/lkml/2012/7/25/259 Which was pulled by Linus in: 3134f37e931d75931bdf6d4eacd82a3fd26eca7c -Eric On Wed, 2012-08-01 at 18:11 +0200, Miklos Szeredi wrote: > Hi Peter, > > Thanks for the report. > > Here's a patch. I haven't tested it but I'm pretty confident that it > fixes the bug. > > Thanks, > Miklos > > > Subject: vfs: fix audit_inode on negative dentry > From: Miklos Szeredi <mszeredi@xxxxxxx> > > Peter Moody reported an oops in audit_copy_inode() and bisected it to commit > 7157486541 (vfs: do_last(): common slow lookup). > > The problem is that audit_inode() in do_last() is called with a negative dentry. > > Previously the non-O_CREAT case didn't call audit_inode() here, but now both > O_CREAT and non-O_CREAT opens are handled by the same code. > > I really have no idea why this audit_inode() is needed here at all but am afaid > to remove this for fear of breaking audit somehow. So just fix this case by > checking for a negative dentry. > > Reported-by: Peter Moody <pmoody@xxxxxxxxxx> > Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxx> > CC: stable@xxxxxxxxxxxxxxx > --- > fs/namei.c | 10 ++++++---- > 1 file changed, 6 insertions(+), 4 deletions(-) > > Index: linux-2.6/fs/namei.c > =================================================================== > --- linux-2.6.orig/fs/namei.c 2012-08-01 17:47:28.000000000 +0200 > +++ linux-2.6/fs/namei.c 2012-08-01 17:49:26.000000000 +0200 > @@ -2607,10 +2607,12 @@ static int do_last(struct nameidata *nd, > goto finish_open_created; > } > > - /* > - * It already exists. > - */ > - audit_inode(pathname, path->dentry); > + if (path->dentry->d_inode) { > + /* > + * It already exists. > + */ > + audit_inode(pathname, path->dentry); > + } > > /* > * If atomic_open() acquired write access it is dropped now due to > > -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
