aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
Diffstat (limited to 'kernel')
-rw-r--r--kernel/audit_tree.c49
1 files changed, 16 insertions, 33 deletions
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
index f09b42d9c32d..028e85663f27 100644
--- a/kernel/audit_tree.c
+++ b/kernel/audit_tree.c
@@ -548,6 +548,11 @@ int audit_remove_tree_rule(struct audit_krule *rule)
548 return 0; 548 return 0;
549} 549}
550 550
551static int compare_root(struct vfsmount *mnt, void *arg)
552{
553 return mnt->mnt_root->d_inode == arg;
554}
555
551void audit_trim_trees(void) 556void audit_trim_trees(void)
552{ 557{
553 struct list_head cursor; 558 struct list_head cursor;
@@ -559,7 +564,6 @@ void audit_trim_trees(void)
559 struct path path; 564 struct path path;
560 struct vfsmount *root_mnt; 565 struct vfsmount *root_mnt;
561 struct node *node; 566 struct node *node;
562 struct list_head list;
563 int err; 567 int err;
564 568
565 tree = container_of(cursor.next, struct audit_tree, list); 569 tree = container_of(cursor.next, struct audit_tree, list);
@@ -577,24 +581,16 @@ void audit_trim_trees(void)
577 if (!root_mnt) 581 if (!root_mnt)
578 goto skip_it; 582 goto skip_it;
579 583
580 list_add_tail(&list, &root_mnt->mnt_list);
581 spin_lock(&hash_lock); 584 spin_lock(&hash_lock);
582 list_for_each_entry(node, &tree->chunks, list) { 585 list_for_each_entry(node, &tree->chunks, list) {
583 struct audit_chunk *chunk = find_chunk(node); 586 struct inode *inode = find_chunk(node)->watch.inode;
584 struct inode *inode = chunk->watch.inode;
585 struct vfsmount *mnt;
586 node->index |= 1U<<31; 587 node->index |= 1U<<31;
587 list_for_each_entry(mnt, &list, mnt_list) { 588 if (iterate_mounts(compare_root, inode, root_mnt))
588 if (mnt->mnt_root->d_inode == inode) { 589 node->index &= ~(1U<<31);
589 node->index &= ~(1U<<31);
590 break;
591 }
592 }
593 } 590 }
594 spin_unlock(&hash_lock); 591 spin_unlock(&hash_lock);
595 trim_marked(tree); 592 trim_marked(tree);
596 put_tree(tree); 593 put_tree(tree);
597 list_del_init(&list);
598 drop_collected_mounts(root_mnt); 594 drop_collected_mounts(root_mnt);
599skip_it: 595skip_it:
600 mutex_lock(&audit_filter_mutex); 596 mutex_lock(&audit_filter_mutex);
@@ -622,13 +618,17 @@ void audit_put_tree(struct audit_tree *tree)
622 put_tree(tree); 618 put_tree(tree);
623} 619}
624 620
621static int tag_mount(struct vfsmount *mnt, void *arg)
622{
623 return tag_chunk(mnt->mnt_root->d_inode, arg);
624}
625
625/* called with audit_filter_mutex */ 626/* called with audit_filter_mutex */
626int audit_add_tree_rule(struct audit_krule *rule) 627int audit_add_tree_rule(struct audit_krule *rule)
627{ 628{
628 struct audit_tree *seed = rule->tree, *tree; 629 struct audit_tree *seed = rule->tree, *tree;
629 struct path path; 630 struct path path;
630 struct vfsmount *mnt, *p; 631 struct vfsmount *mnt;
631 struct list_head list;
632 int err; 632 int err;
633 633
634 list_for_each_entry(tree, &tree_list, list) { 634 list_for_each_entry(tree, &tree_list, list) {
@@ -654,16 +654,9 @@ int audit_add_tree_rule(struct audit_krule *rule)
654 err = -ENOMEM; 654 err = -ENOMEM;
655 goto Err; 655 goto Err;
656 } 656 }
657 list_add_tail(&list, &mnt->mnt_list);
658 657
659 get_tree(tree); 658 get_tree(tree);
660 list_for_each_entry(p, &list, mnt_list) { 659 err = iterate_mounts(tag_mount, tree, mnt);
661 err = tag_chunk(p->mnt_root->d_inode, tree);
662 if (err)
663 break;
664 }
665
666 list_del(&list);
667 drop_collected_mounts(mnt); 660 drop_collected_mounts(mnt);
668 661
669 if (!err) { 662 if (!err) {
@@ -700,7 +693,6 @@ int audit_tag_tree(char *old, char *new)
700 int failed = 0; 693 int failed = 0;
701 struct path path1, path2; 694 struct path path1, path2;
702 struct vfsmount *tagged; 695 struct vfsmount *tagged;
703 struct list_head list;
704 int err; 696 int err;
705 697
706 err = kern_path(new, 0, &path2); 698 err = kern_path(new, 0, &path2);
@@ -717,15 +709,12 @@ int audit_tag_tree(char *old, char *new)
717 return err; 709 return err;
718 } 710 }
719 711
720 list_add_tail(&list, &tagged->mnt_list);
721
722 mutex_lock(&audit_filter_mutex); 712 mutex_lock(&audit_filter_mutex);
723 list_add(&barrier, &tree_list); 713 list_add(&barrier, &tree_list);
724 list_add(&cursor, &barrier); 714 list_add(&cursor, &barrier);
725 715
726 while (cursor.next != &tree_list) { 716 while (cursor.next != &tree_list) {
727 struct audit_tree *tree; 717 struct audit_tree *tree;
728 struct vfsmount *p;
729 int good_one = 0; 718 int good_one = 0;
730 719
731 tree = container_of(cursor.next, struct audit_tree, list); 720 tree = container_of(cursor.next, struct audit_tree, list);
@@ -746,12 +735,7 @@ int audit_tag_tree(char *old, char *new)
746 continue; 735 continue;
747 } 736 }
748 737
749 list_for_each_entry(p, &list, mnt_list) { 738 failed = iterate_mounts(tag_mount, tree, tagged);
750 failed = tag_chunk(p->mnt_root->d_inode, tree);
751 if (failed)
752 break;
753 }
754
755 if (failed) { 739 if (failed) {
756 put_tree(tree); 740 put_tree(tree);
757 mutex_lock(&audit_filter_mutex); 741 mutex_lock(&audit_filter_mutex);
@@ -792,7 +776,6 @@ int audit_tag_tree(char *old, char *new)
792 } 776 }
793 list_del(&barrier); 777 list_del(&barrier);
794 list_del(&cursor); 778 list_del(&cursor);
795 list_del(&list);
796 mutex_unlock(&audit_filter_mutex); 779 mutex_unlock(&audit_filter_mutex);
797 path_put(&path1); 780 path_put(&path1);
798 drop_collected_mounts(tagged); 781 drop_collected_mounts(tagged);