From: Amy Griffis <amy.griffis@hp.com>
To: linux-audit@redhat.com
Subject: Re: [PATCH git 2/3] don't allow duplicate inode or watch rules
Date: Mon, 5 Jun 2006 13:45:41 -0400 [thread overview]
Message-ID: <20060605174541.GC24778@zk3.dec.com> (raw)
In-Reply-To: <20060605174105.GA24778@zk3.dec.com>
In audit_add_rule(), check the inode hash so duplicate rules can't be
added.
Signed-off-by: Amy Griffis <amy.griffis@hp.com>
---
kernel/auditfilter.c | 52 +++++++++++++++++++++++++++++++++++++++-----------
1 files changed, 41 insertions(+), 11 deletions(-)
745105541b430c90127a2b7ad1806d995fd793b0
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index d53a80d..3cedc73 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -880,6 +880,37 @@ static void audit_inotify_unregister(str
}
}
+/* Find an existing audit rule.
+ * Caller must hold audit_filter_mutex to prevent stale rule data. */
+static struct audit_entry *audit_find_rule(struct audit_entry *entry,
+ struct list_head *list)
+{
+ struct audit_entry *e, *found = NULL;
+ int h;
+
+ if (entry->rule.watch) {
+ /* we don't know the inode number, so must walk entire hash */
+ for (h = 0; h < AUDIT_INODE_BUCKETS; h++) {
+ list = &audit_inode_hash[h];
+ list_for_each_entry(e, list, list)
+ if (!audit_compare_rule(&entry->rule, &e->rule)) {
+ found = e;
+ goto out;
+ }
+ }
+ goto out;
+ }
+
+ list_for_each_entry(e, list, list)
+ if (!audit_compare_rule(&entry->rule, &e->rule)) {
+ found = e;
+ goto out;
+ }
+
+out:
+ return found;
+}
+
/* Get path information necessary for adding watches. */
static int audit_get_nd(char *path, struct nameidata **ndp,
struct nameidata **ndw)
@@ -1017,16 +1048,18 @@ static inline int audit_add_rule(struct
struct nameidata *ndp, *ndw;
int h, err, putnd_needed = 0;
- /* Taking audit_filter_mutex protects from stale rule data. */
- mutex_lock(&audit_filter_mutex);
- list_for_each_entry(e, list, list) {
- if (!audit_compare_rule(&entry->rule, &e->rule)) {
- err = -EEXIST;
- mutex_unlock(&audit_filter_mutex);
- goto error;
- }
+ if (inode_f) {
+ h = audit_hash_ino(inode_f->val);
+ list = &audit_inode_hash[h];
}
+
+ mutex_lock(&audit_filter_mutex);
+ e = audit_find_rule(entry, list);
mutex_unlock(&audit_filter_mutex);
+ if (e) {
+ err = -EEXIST;
+ goto error;
+ }
/* Avoid calling path_lookup under audit_filter_mutex. */
if (watch) {
@@ -1046,9 +1079,6 @@ static inline int audit_add_rule(struct
}
h = audit_hash_ino((u32)watch->ino);
list = &audit_inode_hash[h];
- } else if (inode_f) {
- h = audit_hash_ino(inode_f->val);
- list = &audit_inode_hash[h];
}
if (entry->rule.flags & AUDIT_FILTER_PREPEND) {
--
1.3.0
next prev parent reply other threads:[~2006-06-05 17:45 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-06-05 17:41 [PATCH git 0/3] audit inode hash bug fix, cleanup Amy Griffis
2006-06-05 17:42 ` [PATCH git 1/3] fix inode rules not added to inode hash Amy Griffis
2006-06-05 17:45 ` Amy Griffis [this message]
2006-06-05 17:46 ` [PATCH git 3/3] make audit_del_rule() use audit_find_rule() Amy Griffis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060605174541.GC24778@zk3.dec.com \
--to=amy.griffis@hp.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.