diff options
| author | Eric Paris <eparis@redhat.com> | 2009-06-11 14:31:36 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2009-06-23 23:51:05 -0400 |
| commit | 35fe4d0b1b12286a81938e9c5fdfaf639ac0ce5b (patch) | |
| tree | c520706593fd33748944315bb87d789a7f31960e /kernel/audit_watch.c | |
| parent | cfcad62c74abfef83762dc05a556d21bdf3980a2 (diff) | |
Audit: move audit_get_nd completely into audit_watch
audit_get_nd() is only used by audit_watch and could be more cleanly
implemented by having the audit watch functions call it when needed rather
than making the generic audit rule parsing code deal with those objects.
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'kernel/audit_watch.c')
| -rw-r--r-- | kernel/audit_watch.c | 27 |
1 files changed, 20 insertions, 7 deletions
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c index da8be6d39c1a..b49ab019fdff 100644 --- a/kernel/audit_watch.c +++ b/kernel/audit_watch.c | |||
| @@ -345,7 +345,7 @@ void audit_inotify_unregister(struct list_head *in_list) | |||
| 345 | } | 345 | } |
| 346 | 346 | ||
| 347 | /* Get path information necessary for adding watches. */ | 347 | /* Get path information necessary for adding watches. */ |
| 348 | int audit_get_nd(char *path, struct nameidata **ndp, struct nameidata **ndw) | 348 | static int audit_get_nd(char *path, struct nameidata **ndp, struct nameidata **ndw) |
| 349 | { | 349 | { |
| 350 | struct nameidata *ndparent, *ndwatch; | 350 | struct nameidata *ndparent, *ndwatch; |
| 351 | int err; | 351 | int err; |
| @@ -380,7 +380,7 @@ int audit_get_nd(char *path, struct nameidata **ndp, struct nameidata **ndw) | |||
| 380 | } | 380 | } |
| 381 | 381 | ||
| 382 | /* Release resources used for watch path information. */ | 382 | /* Release resources used for watch path information. */ |
| 383 | void audit_put_nd(struct nameidata *ndp, struct nameidata *ndw) | 383 | static void audit_put_nd(struct nameidata *ndp, struct nameidata *ndw) |
| 384 | { | 384 | { |
| 385 | if (ndp) { | 385 | if (ndp) { |
| 386 | path_put(&ndp->path); | 386 | path_put(&ndp->path); |
| @@ -426,14 +426,24 @@ static void audit_add_to_parent(struct audit_krule *krule, | |||
| 426 | 426 | ||
| 427 | /* Find a matching watch entry, or add this one. | 427 | /* Find a matching watch entry, or add this one. |
| 428 | * Caller must hold audit_filter_mutex. */ | 428 | * Caller must hold audit_filter_mutex. */ |
| 429 | int audit_add_watch(struct audit_krule *krule, struct nameidata *ndp, | 429 | int audit_add_watch(struct audit_krule *krule) |
| 430 | struct nameidata *ndw) | ||
| 431 | { | 430 | { |
| 432 | struct audit_watch *watch = krule->watch; | 431 | struct audit_watch *watch = krule->watch; |
| 433 | struct inotify_watch *i_watch; | 432 | struct inotify_watch *i_watch; |
| 434 | struct audit_parent *parent; | 433 | struct audit_parent *parent; |
| 434 | struct nameidata *ndp = NULL, *ndw = NULL; | ||
| 435 | int ret = 0; | 435 | int ret = 0; |
| 436 | 436 | ||
| 437 | mutex_unlock(&audit_filter_mutex); | ||
| 438 | |||
| 439 | /* Avoid calling path_lookup under audit_filter_mutex. */ | ||
| 440 | ret = audit_get_nd(watch->path, &ndp, &ndw); | ||
| 441 | if (ret) { | ||
| 442 | /* caller expects mutex locked */ | ||
| 443 | mutex_lock(&audit_filter_mutex); | ||
| 444 | goto error; | ||
| 445 | } | ||
| 446 | |||
| 437 | /* update watch filter fields */ | 447 | /* update watch filter fields */ |
| 438 | if (ndw) { | 448 | if (ndw) { |
| 439 | watch->dev = ndw->path.dentry->d_inode->i_sb->s_dev; | 449 | watch->dev = ndw->path.dentry->d_inode->i_sb->s_dev; |
| @@ -445,15 +455,14 @@ int audit_add_watch(struct audit_krule *krule, struct nameidata *ndp, | |||
| 445 | * inotify watch is found, inotify_find_watch() grabs a reference before | 455 | * inotify watch is found, inotify_find_watch() grabs a reference before |
| 446 | * returning. | 456 | * returning. |
| 447 | */ | 457 | */ |
| 448 | mutex_unlock(&audit_filter_mutex); | ||
| 449 | |||
| 450 | if (inotify_find_watch(audit_ih, ndp->path.dentry->d_inode, | 458 | if (inotify_find_watch(audit_ih, ndp->path.dentry->d_inode, |
| 451 | &i_watch) < 0) { | 459 | &i_watch) < 0) { |
| 452 | parent = audit_init_parent(ndp); | 460 | parent = audit_init_parent(ndp); |
| 453 | if (IS_ERR(parent)) { | 461 | if (IS_ERR(parent)) { |
| 454 | /* caller expects mutex locked */ | 462 | /* caller expects mutex locked */ |
| 455 | mutex_lock(&audit_filter_mutex); | 463 | mutex_lock(&audit_filter_mutex); |
| 456 | return PTR_ERR(parent); | 464 | ret = PTR_ERR(parent); |
| 465 | goto error; | ||
| 457 | } | 466 | } |
| 458 | } else | 467 | } else |
| 459 | parent = container_of(i_watch, struct audit_parent, wdata); | 468 | parent = container_of(i_watch, struct audit_parent, wdata); |
| @@ -468,7 +477,11 @@ int audit_add_watch(struct audit_krule *krule, struct nameidata *ndp, | |||
| 468 | 477 | ||
| 469 | /* match get in audit_init_parent or inotify_find_watch */ | 478 | /* match get in audit_init_parent or inotify_find_watch */ |
| 470 | put_inotify_watch(&parent->wdata); | 479 | put_inotify_watch(&parent->wdata); |
| 480 | |||
| 481 | error: | ||
| 482 | audit_put_nd(ndp, ndw); /* NULL args OK */ | ||
| 471 | return ret; | 483 | return ret; |
| 484 | |||
| 472 | } | 485 | } |
| 473 | 486 | ||
| 474 | void audit_remove_watch_rule(struct audit_krule *krule, struct list_head *list) | 487 | void audit_remove_watch_rule(struct audit_krule *krule, struct list_head *list) |