diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2017-01-06 02:06:06 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2017-01-06 02:06:06 -0500 |
| commit | 6989606a7224a2d5a925df22a49e4f7a0bfed0d6 (patch) | |
| tree | 2fb686a4dea9a7f4beec97fde510f2840c8e06f9 | |
| parent | ed40875dd4b4c7b5c991db9e06c984180ab0b3ce (diff) | |
| parent | be29d20f3f5db1f0b4e49a4f6eeedf840e2bf9b1 (diff) | |
Merge branch 'stable-4.10' of git://git.infradead.org/users/pcmoore/audit
Pull audit fixes from Paul Moore:
"Two small fixes relating to audit's use of fsnotify.
The first patch plugs a leak and the second fixes some lock
shenanigans. The patches are small and I banged on this for an
afternoon with our testsuite and didn't see anything odd"
* 'stable-4.10' of git://git.infradead.org/users/pcmoore/audit:
audit: Fix sleep in atomic
fsnotify: Remove fsnotify_duplicate_mark()
| -rw-r--r-- | fs/notify/mark.c | 12 | ||||
| -rw-r--r-- | include/linux/fsnotify_backend.h | 2 | ||||
| -rw-r--r-- | kernel/audit_tree.c | 18 |
3 files changed, 14 insertions, 18 deletions
diff --git a/fs/notify/mark.c b/fs/notify/mark.c index d3fea0bd89e2..6043306e8e21 100644 --- a/fs/notify/mark.c +++ b/fs/notify/mark.c | |||
| @@ -510,18 +510,6 @@ void fsnotify_detach_group_marks(struct fsnotify_group *group) | |||
| 510 | } | 510 | } |
| 511 | } | 511 | } |
| 512 | 512 | ||
| 513 | void fsnotify_duplicate_mark(struct fsnotify_mark *new, struct fsnotify_mark *old) | ||
| 514 | { | ||
| 515 | assert_spin_locked(&old->lock); | ||
| 516 | new->inode = old->inode; | ||
| 517 | new->mnt = old->mnt; | ||
| 518 | if (old->group) | ||
| 519 | fsnotify_get_group(old->group); | ||
| 520 | new->group = old->group; | ||
| 521 | new->mask = old->mask; | ||
| 522 | new->free_mark = old->free_mark; | ||
| 523 | } | ||
| 524 | |||
| 525 | /* | 513 | /* |
| 526 | * Nothing fancy, just initialize lists and locks and counters. | 514 | * Nothing fancy, just initialize lists and locks and counters. |
| 527 | */ | 515 | */ |
diff --git a/include/linux/fsnotify_backend.h b/include/linux/fsnotify_backend.h index 0cf34d6cc253..487246546ebe 100644 --- a/include/linux/fsnotify_backend.h +++ b/include/linux/fsnotify_backend.h | |||
| @@ -323,8 +323,6 @@ extern void fsnotify_init_mark(struct fsnotify_mark *mark, void (*free_mark)(str | |||
| 323 | extern struct fsnotify_mark *fsnotify_find_inode_mark(struct fsnotify_group *group, struct inode *inode); | 323 | extern struct fsnotify_mark *fsnotify_find_inode_mark(struct fsnotify_group *group, struct inode *inode); |
| 324 | /* find (and take a reference) to a mark associated with group and vfsmount */ | 324 | /* find (and take a reference) to a mark associated with group and vfsmount */ |
| 325 | extern struct fsnotify_mark *fsnotify_find_vfsmount_mark(struct fsnotify_group *group, struct vfsmount *mnt); | 325 | extern struct fsnotify_mark *fsnotify_find_vfsmount_mark(struct fsnotify_group *group, struct vfsmount *mnt); |
| 326 | /* copy the values from old into new */ | ||
| 327 | extern void fsnotify_duplicate_mark(struct fsnotify_mark *new, struct fsnotify_mark *old); | ||
| 328 | /* set the ignored_mask of a mark */ | 326 | /* set the ignored_mask of a mark */ |
| 329 | extern void fsnotify_set_mark_ignored_mask_locked(struct fsnotify_mark *mark, __u32 mask); | 327 | extern void fsnotify_set_mark_ignored_mask_locked(struct fsnotify_mark *mark, __u32 mask); |
| 330 | /* set the mask of a mark (might pin the object into memory */ | 328 | /* set the mask of a mark (might pin the object into memory */ |
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c index 8b1dde96a0fa..7b44195da81b 100644 --- a/kernel/audit_tree.c +++ b/kernel/audit_tree.c | |||
| @@ -231,9 +231,11 @@ static void untag_chunk(struct node *p) | |||
| 231 | if (size) | 231 | if (size) |
| 232 | new = alloc_chunk(size); | 232 | new = alloc_chunk(size); |
| 233 | 233 | ||
| 234 | mutex_lock(&entry->group->mark_mutex); | ||
| 234 | spin_lock(&entry->lock); | 235 | spin_lock(&entry->lock); |
| 235 | if (chunk->dead || !entry->inode) { | 236 | if (chunk->dead || !entry->inode) { |
| 236 | spin_unlock(&entry->lock); | 237 | spin_unlock(&entry->lock); |
| 238 | mutex_unlock(&entry->group->mark_mutex); | ||
| 237 | if (new) | 239 | if (new) |
| 238 | free_chunk(new); | 240 | free_chunk(new); |
| 239 | goto out; | 241 | goto out; |
| @@ -251,6 +253,7 @@ static void untag_chunk(struct node *p) | |||
| 251 | list_del_rcu(&chunk->hash); | 253 | list_del_rcu(&chunk->hash); |
| 252 | spin_unlock(&hash_lock); | 254 | spin_unlock(&hash_lock); |
| 253 | spin_unlock(&entry->lock); | 255 | spin_unlock(&entry->lock); |
| 256 | mutex_unlock(&entry->group->mark_mutex); | ||
| 254 | fsnotify_destroy_mark(entry, audit_tree_group); | 257 | fsnotify_destroy_mark(entry, audit_tree_group); |
| 255 | goto out; | 258 | goto out; |
| 256 | } | 259 | } |
| @@ -258,8 +261,8 @@ static void untag_chunk(struct node *p) | |||
| 258 | if (!new) | 261 | if (!new) |
| 259 | goto Fallback; | 262 | goto Fallback; |
| 260 | 263 | ||
| 261 | fsnotify_duplicate_mark(&new->mark, entry); | 264 | if (fsnotify_add_mark_locked(&new->mark, entry->group, entry->inode, |
| 262 | if (fsnotify_add_mark(&new->mark, new->mark.group, new->mark.inode, NULL, 1)) { | 265 | NULL, 1)) { |
| 263 | fsnotify_put_mark(&new->mark); | 266 | fsnotify_put_mark(&new->mark); |
| 264 | goto Fallback; | 267 | goto Fallback; |
| 265 | } | 268 | } |
| @@ -293,6 +296,7 @@ static void untag_chunk(struct node *p) | |||
| 293 | owner->root = new; | 296 | owner->root = new; |
| 294 | spin_unlock(&hash_lock); | 297 | spin_unlock(&hash_lock); |
| 295 | spin_unlock(&entry->lock); | 298 | spin_unlock(&entry->lock); |
| 299 | mutex_unlock(&entry->group->mark_mutex); | ||
| 296 | fsnotify_destroy_mark(entry, audit_tree_group); | 300 | fsnotify_destroy_mark(entry, audit_tree_group); |
| 297 | fsnotify_put_mark(&new->mark); /* drop initial reference */ | 301 | fsnotify_put_mark(&new->mark); /* drop initial reference */ |
| 298 | goto out; | 302 | goto out; |
| @@ -309,6 +313,7 @@ Fallback: | |||
| 309 | put_tree(owner); | 313 | put_tree(owner); |
| 310 | spin_unlock(&hash_lock); | 314 | spin_unlock(&hash_lock); |
| 311 | spin_unlock(&entry->lock); | 315 | spin_unlock(&entry->lock); |
| 316 | mutex_unlock(&entry->group->mark_mutex); | ||
| 312 | out: | 317 | out: |
| 313 | fsnotify_put_mark(entry); | 318 | fsnotify_put_mark(entry); |
| 314 | spin_lock(&hash_lock); | 319 | spin_lock(&hash_lock); |
| @@ -386,18 +391,21 @@ static int tag_chunk(struct inode *inode, struct audit_tree *tree) | |||
| 386 | 391 | ||
| 387 | chunk_entry = &chunk->mark; | 392 | chunk_entry = &chunk->mark; |
| 388 | 393 | ||
| 394 | mutex_lock(&old_entry->group->mark_mutex); | ||
| 389 | spin_lock(&old_entry->lock); | 395 | spin_lock(&old_entry->lock); |
| 390 | if (!old_entry->inode) { | 396 | if (!old_entry->inode) { |
| 391 | /* old_entry is being shot, lets just lie */ | 397 | /* old_entry is being shot, lets just lie */ |
| 392 | spin_unlock(&old_entry->lock); | 398 | spin_unlock(&old_entry->lock); |
| 399 | mutex_unlock(&old_entry->group->mark_mutex); | ||
| 393 | fsnotify_put_mark(old_entry); | 400 | fsnotify_put_mark(old_entry); |
| 394 | free_chunk(chunk); | 401 | free_chunk(chunk); |
| 395 | return -ENOENT; | 402 | return -ENOENT; |
| 396 | } | 403 | } |
| 397 | 404 | ||
| 398 | fsnotify_duplicate_mark(chunk_entry, old_entry); | 405 | if (fsnotify_add_mark_locked(chunk_entry, old_entry->group, |
| 399 | if (fsnotify_add_mark(chunk_entry, chunk_entry->group, chunk_entry->inode, NULL, 1)) { | 406 | old_entry->inode, NULL, 1)) { |
| 400 | spin_unlock(&old_entry->lock); | 407 | spin_unlock(&old_entry->lock); |
| 408 | mutex_unlock(&old_entry->group->mark_mutex); | ||
| 401 | fsnotify_put_mark(chunk_entry); | 409 | fsnotify_put_mark(chunk_entry); |
| 402 | fsnotify_put_mark(old_entry); | 410 | fsnotify_put_mark(old_entry); |
| 403 | return -ENOSPC; | 411 | return -ENOSPC; |
| @@ -413,6 +421,7 @@ static int tag_chunk(struct inode *inode, struct audit_tree *tree) | |||
| 413 | chunk->dead = 1; | 421 | chunk->dead = 1; |
| 414 | spin_unlock(&chunk_entry->lock); | 422 | spin_unlock(&chunk_entry->lock); |
| 415 | spin_unlock(&old_entry->lock); | 423 | spin_unlock(&old_entry->lock); |
| 424 | mutex_unlock(&old_entry->group->mark_mutex); | ||
| 416 | 425 | ||
| 417 | fsnotify_destroy_mark(chunk_entry, audit_tree_group); | 426 | fsnotify_destroy_mark(chunk_entry, audit_tree_group); |
| 418 | 427 | ||
| @@ -445,6 +454,7 @@ static int tag_chunk(struct inode *inode, struct audit_tree *tree) | |||
| 445 | spin_unlock(&hash_lock); | 454 | spin_unlock(&hash_lock); |
| 446 | spin_unlock(&chunk_entry->lock); | 455 | spin_unlock(&chunk_entry->lock); |
| 447 | spin_unlock(&old_entry->lock); | 456 | spin_unlock(&old_entry->lock); |
| 457 | mutex_unlock(&old_entry->group->mark_mutex); | ||
| 448 | fsnotify_destroy_mark(old_entry, audit_tree_group); | 458 | fsnotify_destroy_mark(old_entry, audit_tree_group); |
| 449 | fsnotify_put_mark(chunk_entry); /* drop initial reference */ | 459 | fsnotify_put_mark(chunk_entry); /* drop initial reference */ |
| 450 | fsnotify_put_mark(old_entry); /* pair to fsnotify_find mark_entry */ | 460 | fsnotify_put_mark(old_entry); /* pair to fsnotify_find mark_entry */ |