audit: clean up refcounting in audit-tree

Drop the initial reference by fsnotify_init_mark early instead of audit_tree_freeing_mark() at destroy time. In the cases we destroy the mark before we drop the initial reference we need to get rid of the get_mark that balances the put_mark in audit_tree_freeing_mark(). Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
author: Miklos Szeredi <mszeredi@suse.cz> 2012-08-15 06:55:22 -0400
committer: Miklos Szeredi <mszeredi@suse.cz> 2012-08-15 06:55:22 -0400
commit: b3e8692b4dde5cf5fc60e4b95385229a72623182 (patch)
tree: 5145a92e403b7faa54ac47b24d0791ca9c6c01bc /kernel/audit_tree.c
parent: a2140fc0cb0325bb6384e788edd27b9a568714e2 (diff)
1 files changed, 9 insertions, 3 deletions
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
index 2b2ffff9eca2..ed206fd88cca 100644
--- a/kernel/audit_tree.c
+++ b/kernel/audit_tree.c
@@ -292,6 +292,7 @@ static void untag_chunk(struct node *p)
        spin_unlock(&hash_lock);
        spin_unlock(&entry->lock);
        fsnotify_destroy_mark(entry);
+        fsnotify_put_mark(&new->mark);  /* drop initial reference */
        goto out;
 Fallback:
@@ -330,7 +331,6 @@ static int create_chunk(struct inode *inode, struct audit_tree *tree)
                spin_unlock(&hash_lock);
                chunk->dead = 1;
                spin_unlock(&entry->lock);
-                fsnotify_get_mark(entry);
                fsnotify_destroy_mark(entry);
                fsnotify_put_mark(entry);
                return 0;
@@ -346,6 +346,7 @@ static int create_chunk(struct inode *inode, struct audit_tree *tree)
        insert_hash(chunk);
        spin_unlock(&hash_lock);
        spin_unlock(&entry->lock);
+        fsnotify_put_mark(entry);       /* drop initial reference */
        return 0;
 }
@@ -411,7 +412,6 @@ static int tag_chunk(struct inode *inode, struct audit_tree *tree)
                spin_unlock(&chunk_entry->lock);
                spin_unlock(&old_entry->lock);
-                fsnotify_get_mark(chunk_entry);
                fsnotify_destroy_mark(chunk_entry);
                fsnotify_put_mark(chunk_entry);
@@ -444,6 +444,7 @@ static int tag_chunk(struct inode *inode, struct audit_tree *tree)
        spin_unlock(&chunk_entry->lock);
        spin_unlock(&old_entry->lock);
        fsnotify_destroy_mark(old_entry);
+        fsnotify_put_mark(chunk_entry); /* drop initial reference */
        fsnotify_put_mark(old_entry); /* pair to fsnotify_find mark_entry */
        return 0;
 }
@@ -915,7 +916,12 @@ static void audit_tree_freeing_mark(struct fsnotify_mark *entry, struct fsnotify
        struct audit_chunk *chunk = container_of(entry, struct audit_chunk, mark);
        evict_chunk(chunk);
-        fsnotify_put_mark(entry);
+        /*
+         * We are guaranteed to have at least one reference to the mark from
+         * either the inode or the caller of fsnotify_destroy_mark().
+         */
+        BUG_ON(atomic_read(&entry->refcnt) < 1);
 }
 static bool audit_tree_send_event(struct fsnotify_group *group, struct inode *inode,
author	Miklos Szeredi <mszeredi@suse.cz>	2012-08-15 06:55:22 -0400
committer	Miklos Szeredi <mszeredi@suse.cz>	2012-08-15 06:55:22 -0400
commit	b3e8692b4dde5cf5fc60e4b95385229a72623182 (patch)
tree	5145a92e403b7faa54ac47b24d0791ca9c6c01bc /kernel/audit_tree.c
parent	a2140fc0cb0325bb6384e788edd27b9a568714e2 (diff)

diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c index 2b2ffff9eca2..ed206fd88cca 100644 --- a/kernel/audit_tree.c +++ b/kernel/audit_tree.c
@@ -292,6 +292,7 @@ static void untag_chunk(struct node *p)
292	spin_unlock(&hash_lock);	292	spin_unlock(&hash_lock);
293	spin_unlock(&entry->lock);	293	spin_unlock(&entry->lock);
294	fsnotify_destroy_mark(entry);	294	fsnotify_destroy_mark(entry);
		295	fsnotify_put_mark(&new->mark); /* drop initial reference */
295	goto out;	296	goto out;
296		297
297	Fallback:	298	Fallback:
@@ -330,7 +331,6 @@ static int create_chunk(struct inode inode, struct audit_tree tree)
330	spin_unlock(&hash_lock);	331	spin_unlock(&hash_lock);
331	chunk->dead = 1;	332	chunk->dead = 1;
332	spin_unlock(&entry->lock);	333	spin_unlock(&entry->lock);
333	fsnotify_get_mark(entry);
334	fsnotify_destroy_mark(entry);	334	fsnotify_destroy_mark(entry);
335	fsnotify_put_mark(entry);	335	fsnotify_put_mark(entry);
336	return 0;	336	return 0;
@@ -346,6 +346,7 @@ static int create_chunk(struct inode inode, struct audit_tree tree)
346	insert_hash(chunk);	346	insert_hash(chunk);
347	spin_unlock(&hash_lock);	347	spin_unlock(&hash_lock);
348	spin_unlock(&entry->lock);	348	spin_unlock(&entry->lock);
		349	fsnotify_put_mark(entry); /* drop initial reference */
349	return 0;	350	return 0;
350	}	351	}
351		352
@@ -411,7 +412,6 @@ static int tag_chunk(struct inode inode, struct audit_tree tree)
411	spin_unlock(&chunk_entry->lock);	412	spin_unlock(&chunk_entry->lock);
412	spin_unlock(&old_entry->lock);	413	spin_unlock(&old_entry->lock);
413		414
414	fsnotify_get_mark(chunk_entry);
415	fsnotify_destroy_mark(chunk_entry);	415	fsnotify_destroy_mark(chunk_entry);
416		416
417	fsnotify_put_mark(chunk_entry);	417	fsnotify_put_mark(chunk_entry);
@@ -444,6 +444,7 @@ static int tag_chunk(struct inode inode, struct audit_tree tree)
444	spin_unlock(&chunk_entry->lock);	444	spin_unlock(&chunk_entry->lock);
445	spin_unlock(&old_entry->lock);	445	spin_unlock(&old_entry->lock);
446	fsnotify_destroy_mark(old_entry);	446	fsnotify_destroy_mark(old_entry);
		447	fsnotify_put_mark(chunk_entry); /* drop initial reference */
447	fsnotify_put_mark(old_entry); /* pair to fsnotify_find mark_entry */	448	fsnotify_put_mark(old_entry); /* pair to fsnotify_find mark_entry */
448	return 0;	449	return 0;
449	}	450	}
@@ -915,7 +916,12 @@ static void audit_tree_freeing_mark(struct fsnotify_mark *entry, struct fsnotify
915	struct audit_chunk *chunk = container_of(entry, struct audit_chunk, mark);	916	struct audit_chunk *chunk = container_of(entry, struct audit_chunk, mark);
916		917
917	evict_chunk(chunk);	918	evict_chunk(chunk);
918	fsnotify_put_mark(entry);	919
		920	/*
		921	* We are guaranteed to have at least one reference to the mark from
		922	* either the inode or the caller of fsnotify_destroy_mark().
		923	*/
		924	BUG_ON(atomic_read(&entry->refcnt) < 1);
919	}	925	}
920		926
921	static bool audit_tree_send_event(struct fsnotify_group group, struct inode inode,	927	static bool audit_tree_send_event(struct fsnotify_group group, struct inode inode,