Hello,
I already see two little bugs in my code in audit_remove_watch. David,
before you build can you add in the spin_unlock() before the goto?
kernel/auditfs.c: audit_remove_watch()
+
+ spin_lock(&auditfs_lock);
+ real = audit_fetch_watch(nd.last.name, data);
+ if (!real)
-> spin_unlock(&auditfs_lock);
goto audit_remove_watch_release;
- }
audit_destroy_watch(real);
+ spin_unlock(&auditfs_lock);
And, place before the kfree an audit_watch_put()
kernel/auditsc.c: audit_attach_wdata()
+
+auditfs_attach_wdata_fail:
+ hlist_for_each_entry_safe(this, pos, tmp, &ax->watches, node) {
+ hlist_del(&this->node);
-> audit_watch_put(this);
+ kfree(this);
+ }
+
+ return -ENOMEM
This patch includes David's Implicit unpinning patch.
Changelog:
* Removed a fundamental mathematical operation embedded in
a debugging statement ;)
* Removed the local lock on inode audit data in favor of of a global
auditfs_lock spinlock
* Added a list of watches that could be associated with any given
inode in favor of a pointer to just one
* Attempt to remove watches first via the master watchlist and then
by path lookup
* Remove watch from inode, master watchlist, and local watchlist
when removing watch via administrator action
* Altered record in kernel/auditsc.c to support watches per inode per
record
-tim