audit: make audit_del_rule() more robust

Move the access to the entry for audit_match_signal() to earlier in the function in case the entry found is the same one passed in. This will enable it to be used by audit_remove_mark_rule(). Signed-off-by: Richard Guy Briggs <rgb@redhat.com> [PM: tweaked subject line as it no longer made sense after multiple revs] Signed-off-by: Paul Moore <pmoore@redhat.com>
author: Richard Guy Briggs <rgb@redhat.com> 2015-08-05 15:23:09 -0400
committer: Paul Moore <pmoore@redhat.com> 2015-08-05 17:46:42 -0400
commit: 8c85fc9ae69a4510ba5e2bd5fac2c1d9d60967ad (patch)
tree: 2ac589add6d037ee2f3f1c736ce276d72fd85103 /kernel
parent: ae9d2fb482fa48f637b6705e6fef6f7f999ec779 (diff)
1 files changed, 6 insertions, 6 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 83f6d298d234..7ca7d3b5aca2 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -953,7 +953,6 @@ static inline int audit_del_rule(struct audit_entry *entry)
        mutex_lock(&audit_filter_mutex);
        e = audit_find_rule(entry, &list);
        if (!e) {
-                mutex_unlock(&audit_filter_mutex);
                ret = -ENOENT;
                goto out;
        }
@@ -964,10 +963,6 @@ static inline int audit_del_rule(struct audit_entry *entry)
        if (e->rule.tree)
                audit_remove_tree_rule(&e->rule);
-        list_del_rcu(&e->list);
-        list_del(&e->rule.list);
-        call_rcu(&e->rcu, audit_free_rule_rcu);
 #ifdef CONFIG_AUDITSYSCALL
        if (!dont_count)
                audit_n_rules--;
@@ -975,9 +970,14 @@ static inline int audit_del_rule(struct audit_entry *entry)
        if (!audit_match_signal(entry))
                audit_signals--;
 #endif
-        mutex_unlock(&audit_filter_mutex);
+        list_del_rcu(&e->list);
+        list_del(&e->rule.list);
+        call_rcu(&e->rcu, audit_free_rule_rcu);
 out:
+        mutex_unlock(&audit_filter_mutex);
        if (tree)
                audit_put_tree(tree);   /* that's the temporary one */
author	Richard Guy Briggs <rgb@redhat.com>	2015-08-05 15:23:09 -0400
committer	Paul Moore <pmoore@redhat.com>	2015-08-05 17:46:42 -0400
commit	8c85fc9ae69a4510ba5e2bd5fac2c1d9d60967ad (patch)
tree	2ac589add6d037ee2f3f1c736ce276d72fd85103 /kernel
parent	ae9d2fb482fa48f637b6705e6fef6f7f999ec779 (diff)

diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 83f6d298d234..7ca7d3b5aca2 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c
@@ -953,7 +953,6 @@ static inline int audit_del_rule(struct audit_entry *entry)
953	mutex_lock(&audit_filter_mutex);	953	mutex_lock(&audit_filter_mutex);
954	e = audit_find_rule(entry, &list);	954	e = audit_find_rule(entry, &list);
955	if (!e) {	955	if (!e) {
956	mutex_unlock(&audit_filter_mutex);
957	ret = -ENOENT;	956	ret = -ENOENT;
958	goto out;	957	goto out;
959	}	958	}
@@ -964,10 +963,6 @@ static inline int audit_del_rule(struct audit_entry *entry)
964	if (e->rule.tree)	963	if (e->rule.tree)
965	audit_remove_tree_rule(&e->rule);	964	audit_remove_tree_rule(&e->rule);
966		965
967	list_del_rcu(&e->list);
968	list_del(&e->rule.list);
969	call_rcu(&e->rcu, audit_free_rule_rcu);
970
971	#ifdef CONFIG_AUDITSYSCALL	966	#ifdef CONFIG_AUDITSYSCALL
972	if (!dont_count)	967	if (!dont_count)
973	audit_n_rules--;	968	audit_n_rules--;
@@ -975,9 +970,14 @@ static inline int audit_del_rule(struct audit_entry *entry)
975	if (!audit_match_signal(entry))	970	if (!audit_match_signal(entry))
976	audit_signals--;	971	audit_signals--;
977	#endif	972	#endif
978	mutex_unlock(&audit_filter_mutex);	973
		974	list_del_rcu(&e->list);
		975	list_del(&e->rule.list);
		976	call_rcu(&e->rcu, audit_free_rule_rcu);
979		977
980	out:	978	out:
		979	mutex_unlock(&audit_filter_mutex);
		980
981	if (tree)	981	if (tree)
982	audit_put_tree(tree); /* that's the temporary one */	982	audit_put_tree(tree); /* that's the temporary one */
983		983