diff options
author | Eric Paris <eparis@redhat.com> | 2009-12-17 20:12:05 -0500 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2010-07-28 09:58:17 -0400 |
commit | a05fb6cc573130915380e00d182a4c6571cec6b2 (patch) | |
tree | c67e626c5307d89e6d7e65d0b2f9834c3591edb2 | |
parent | e118e9c5638bbe877aa26b5cd2fd223cc24cdc8a (diff) |
audit: do not get and put just to free a watch
deleting audit watch rules is not currently done under audit_filter_mutex.
It was done this way because we could not hold the mutex during inotify
manipulation. Since we are using fsnotify we don't need to do the extra
get/put pair nor do we need the private list on which to store the parents
while they are about to be freed.
Signed-off-by: Eric Paris <eparis@redhat.com>
-rw-r--r-- | kernel/audit.h | 3 | ||||
-rw-r--r-- | kernel/audit_watch.c | 27 | ||||
-rw-r--r-- | kernel/auditfilter.c | 6 |
3 files changed, 5 insertions, 31 deletions
diff --git a/kernel/audit.h b/kernel/audit.h index 82c8a09099f4..100b454a7354 100644 --- a/kernel/audit.h +++ b/kernel/audit.h | |||
@@ -108,8 +108,7 @@ extern void audit_put_watch(struct audit_watch *watch); | |||
108 | extern void audit_get_watch(struct audit_watch *watch); | 108 | extern void audit_get_watch(struct audit_watch *watch); |
109 | extern int audit_to_watch(struct audit_krule *krule, char *path, int len, u32 op); | 109 | extern int audit_to_watch(struct audit_krule *krule, char *path, int len, u32 op); |
110 | extern int audit_add_watch(struct audit_krule *krule, struct list_head **list); | 110 | extern int audit_add_watch(struct audit_krule *krule, struct list_head **list); |
111 | extern void audit_remove_watch_rule(struct audit_krule *krule, struct list_head *list); | 111 | extern void audit_remove_watch_rule(struct audit_krule *krule); |
112 | extern void audit_watch_inotify_unregister(struct list_head *in_list); | ||
113 | extern char *audit_watch_path(struct audit_watch *watch); | 112 | extern char *audit_watch_path(struct audit_watch *watch); |
114 | extern int audit_watch_compare(struct audit_watch *watch, unsigned long ino, dev_t dev); | 113 | extern int audit_watch_compare(struct audit_watch *watch, unsigned long ino, dev_t dev); |
115 | extern struct audit_entry *audit_dupe_rule(struct audit_krule *old); | 114 | extern struct audit_entry *audit_dupe_rule(struct audit_krule *old); |
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c index da66197e3abc..75ab53987ece 100644 --- a/kernel/audit_watch.c +++ b/kernel/audit_watch.c | |||
@@ -55,7 +55,6 @@ struct audit_watch { | |||
55 | }; | 55 | }; |
56 | 56 | ||
57 | struct audit_parent { | 57 | struct audit_parent { |
58 | struct list_head ilist; /* tmp list used to free parents */ | ||
59 | struct list_head watches; /* anchor for audit_watch->wlist */ | 58 | struct list_head watches; /* anchor for audit_watch->wlist */ |
60 | struct fsnotify_mark_entry mark; /* fsnotify mark on the inode */ | 59 | struct fsnotify_mark_entry mark; /* fsnotify mark on the inode */ |
61 | }; | 60 | }; |
@@ -356,20 +355,6 @@ static void audit_remove_parent_watches(struct audit_parent *parent) | |||
356 | fsnotify_destroy_mark_by_entry(&parent->mark); | 355 | fsnotify_destroy_mark_by_entry(&parent->mark); |
357 | } | 356 | } |
358 | 357 | ||
359 | /* Unregister inotify watches for parents on in_list. | ||
360 | * Generates an FS_IGNORED event. */ | ||
361 | void audit_watch_inotify_unregister(struct list_head *in_list) | ||
362 | { | ||
363 | struct audit_parent *p, *n; | ||
364 | |||
365 | list_for_each_entry_safe(p, n, in_list, ilist) { | ||
366 | list_del(&p->ilist); | ||
367 | fsnotify_destroy_mark_by_entry(&p->mark); | ||
368 | /* matches the get in audit_remove_watch_rule() */ | ||
369 | audit_put_parent(p); | ||
370 | } | ||
371 | } | ||
372 | |||
373 | /* Get path information necessary for adding watches. */ | 358 | /* Get path information necessary for adding watches. */ |
374 | static int audit_get_nd(char *path, struct nameidata **ndp, struct nameidata **ndw) | 359 | static int audit_get_nd(char *path, struct nameidata **ndp, struct nameidata **ndw) |
375 | { | 360 | { |
@@ -502,7 +487,7 @@ error: | |||
502 | 487 | ||
503 | } | 488 | } |
504 | 489 | ||
505 | void audit_remove_watch_rule(struct audit_krule *krule, struct list_head *list) | 490 | void audit_remove_watch_rule(struct audit_krule *krule) |
506 | { | 491 | { |
507 | struct audit_watch *watch = krule->watch; | 492 | struct audit_watch *watch = krule->watch; |
508 | struct audit_parent *parent = watch->parent; | 493 | struct audit_parent *parent = watch->parent; |
@@ -513,15 +498,9 @@ void audit_remove_watch_rule(struct audit_krule *krule, struct list_head *list) | |||
513 | audit_remove_watch(watch); | 498 | audit_remove_watch(watch); |
514 | 499 | ||
515 | if (list_empty(&parent->watches)) { | 500 | if (list_empty(&parent->watches)) { |
516 | /* Put parent on the un-registration list. | ||
517 | * Grab a reference before releasing | ||
518 | * audit_filter_mutex, to be released in | ||
519 | * audit_watch_inotify_unregister(). | ||
520 | * If filesystem is going away, just leave | ||
521 | * the sucker alone, eviction will take | ||
522 | * care of it. */ | ||
523 | audit_get_parent(parent); | 501 | audit_get_parent(parent); |
524 | list_add(&parent->ilist, list); | 502 | fsnotify_destroy_mark_by_entry(&parent->mark); |
503 | audit_put_parent(parent); | ||
525 | } | 504 | } |
526 | } | 505 | } |
527 | } | 506 | } |
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index ac87577f36b5..eb7675499fb5 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
@@ -945,7 +945,6 @@ static inline int audit_del_rule(struct audit_entry *entry) | |||
945 | struct audit_watch *watch = entry->rule.watch; | 945 | struct audit_watch *watch = entry->rule.watch; |
946 | struct audit_tree *tree = entry->rule.tree; | 946 | struct audit_tree *tree = entry->rule.tree; |
947 | struct list_head *list; | 947 | struct list_head *list; |
948 | LIST_HEAD(inotify_unregister_list); | ||
949 | int ret = 0; | 948 | int ret = 0; |
950 | #ifdef CONFIG_AUDITSYSCALL | 949 | #ifdef CONFIG_AUDITSYSCALL |
951 | int dont_count = 0; | 950 | int dont_count = 0; |
@@ -965,7 +964,7 @@ static inline int audit_del_rule(struct audit_entry *entry) | |||
965 | } | 964 | } |
966 | 965 | ||
967 | if (e->rule.watch) | 966 | if (e->rule.watch) |
968 | audit_remove_watch_rule(&e->rule, &inotify_unregister_list); | 967 | audit_remove_watch_rule(&e->rule); |
969 | 968 | ||
970 | if (e->rule.tree) | 969 | if (e->rule.tree) |
971 | audit_remove_tree_rule(&e->rule); | 970 | audit_remove_tree_rule(&e->rule); |
@@ -983,9 +982,6 @@ static inline int audit_del_rule(struct audit_entry *entry) | |||
983 | #endif | 982 | #endif |
984 | mutex_unlock(&audit_filter_mutex); | 983 | mutex_unlock(&audit_filter_mutex); |
985 | 984 | ||
986 | if (!list_empty(&inotify_unregister_list)) | ||
987 | audit_watch_inotify_unregister(&inotify_unregister_list); | ||
988 | |||
989 | out: | 985 | out: |
990 | if (watch) | 986 | if (watch) |
991 | audit_put_watch(watch); /* match initial get */ | 987 | audit_put_watch(watch); /* match initial get */ |