On Wed, Dec 31, 2014 at 12:33 PM, Paul Moore <paul(a)paul-moore.com> wrote:
One audit patch to resolve a panic/oops when recording filenames in the audit
log, see the mail archive link below. The fix isn't as nice as I would like,
as it involves an allocate/copy of the filename, but it solves the problem and
the overhead should only affect users who have configured audit rules
involving file names.
This fix looks wrong.
The kernel "getname()" function already has hacks explicitly for this
audit usage. Why aren't those hacks working? See the whole
"audit_getname()" and "audit_putname()" thing in fs/namei.c.
So why does audit now need to copy the name *again*, when the whole -
and only - point of the current fs/namei.c audit hackery is exactly so
that audit can control the lifetime of the pathnames?
Hmm? Alternatively, could we just remove the fs/namei.c hackery
entirely, and rely on audit always copying the filenames for its own
use?
Linus