Re: [PATCH V6 2/2] audit: eliminate unnecessary extra layer of watch parent references

On 15/07/16, Paul Moore wrote: > On Tuesday, July 14, 2015 11:40:42 AM Richard Guy Briggs wrote: > > The audit watch parent count was imbalanced, adding an unnecessary layer > > of > > watch parent references. Decrement the additional parent reference when > > a > > watch is reused, already having a reference to the parent. > > > > Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com&gt; > > --- > > > > kernel/audit_watch.c | 6 ++---- > > 1 files changed, 2 insertions(+), 4 deletions(-) > > > > diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c > > index f33f54c..8f123d7 100644 > > --- a/kernel/audit_watch.c > > +++ b/kernel/audit_watch.c > > @@ -391,11 +391,12 @@ static void audit_add_to_parent(struct audit_krule > > *krule, > > > > audit_get_watch(w); > > krule->watch = watch = w; > > > > + > > + audit_put_parent(parent); > > > > break; > > > > } > > > > if (!watch_found) { > > > > - audit_get_parent(parent); > > > > watch->parent = parent; > > I understand removing the get() here and the put() in audit_add_watch, but > I don't understand adding the put() above, can you help me understand? audit_find_parent() gets a reference to the parent, if the parent is already known. This additional parental reference is not needed if the watch is subsequently found by audit_add_to_parent(), and consumed if the watch does not already exist, so we need to put the parent if the watch is found, and do nothing if this new watch is added to the parent. If the parent wasn't already known, it is created with a refcount of 1 and added to the audit_watch_group, then incremented by one to be subsequently consumed by the newly created watch in audit_add_to_parent(). The graph below may help to visualize it. The rule points to the watch, not to the parent, so the rule's refcount gets bumped, not the parent's.