From: Paul Moore <pmoore@redhat.com>
To: Richard Guy Briggs <rgb@redhat.com>
Cc: linux-audit@redhat.com, linux-kernel@vger.kernel.org, sgrubb@redhat.com
Subject: Re: [PATCH V6 2/2] audit: eliminate unnecessary extra layer of watch parent references
Date: Fri, 17 Jul 2015 13:58:26 -0400 [thread overview]
Message-ID: <12612791.hlKxMY8d10@sifl> (raw)
In-Reply-To: <20150717014510.GE32473@madcap2.tricolour.ca>
On Thursday, July 16, 2015 09:45:10 PM Richard Guy Briggs wrote:
> On 15/07/16, Paul Moore wrote:
> > On Tuesday, July 14, 2015 11:40:42 AM Richard Guy Briggs wrote:
> > > The audit watch parent count was imbalanced, adding an unnecessary layer
> > > of
> > > watch parent references. Decrement the additional parent reference when
> > > a
> > > watch is reused, already having a reference to the parent.
> > >
> > > Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> > > ---
> > >
> > > kernel/audit_watch.c | 6 ++----
> > > 1 files changed, 2 insertions(+), 4 deletions(-)
> > >
> > > diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
> > > index f33f54c..8f123d7 100644
> > > --- a/kernel/audit_watch.c
> > > +++ b/kernel/audit_watch.c
> > > @@ -391,11 +391,12 @@ static void audit_add_to_parent(struct audit_krule
> > > *krule,
> > >
> > > audit_get_watch(w);
> > > krule->watch = watch = w;
> > >
> > > +
> > > + audit_put_parent(parent);
> > >
> > > break;
> > >
> > > }
> > >
> > > if (!watch_found) {
> > >
> > > - audit_get_parent(parent);
> > >
> > > watch->parent = parent;
> >
> > I understand removing the get() here and the put() in audit_add_watch, but
> > I don't understand adding the put() above, can you help me understand?
>
> audit_find_parent() gets a reference to the parent, if the parent is
> already known. This additional parental reference is not needed if the
> watch is subsequently found by audit_add_to_parent(), and consumed if
> the watch does not already exist, so we need to put the parent if the
> watch is found, and do nothing if this new watch is added to the parent.
>
> If the parent wasn't already known, it is created with a refcount of 1
> and added to the audit_watch_group, then incremented by one to be
> subsequently consumed by the newly created watch in
> audit_add_to_parent().
>
> The graph below may help to visualize it.
>
> The rule points to the watch, not to the parent, so the rule's refcount
> gets bumped, not the parent's.
Great, thanks for the explanation. Fix up the goto/return in patch 1/2,
resubmit and I'll merge this patchset into audit#next.
--
paul moore
security @ redhat
prev parent reply other threads:[~2015-07-17 17:58 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-14 15:40 [PATCH V6 0/2] audit: rebalance and remove extra layers of watch references Richard Guy Briggs
2015-07-14 15:40 ` [PATCH V6 1/2] audit: eliminate unnecessary extra layer " Richard Guy Briggs
2015-07-16 20:13 ` Paul Moore
2015-07-17 0:32 ` Richard Guy Briggs
2015-07-14 15:40 ` [PATCH V6 2/2] audit: eliminate unnecessary extra layer of watch parent references Richard Guy Briggs
2015-07-16 20:32 ` Paul Moore
2015-07-17 1:45 ` Richard Guy Briggs
2015-07-17 17:58 ` Paul Moore [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=12612791.hlKxMY8d10@sifl \
--to=pmoore@redhat.com \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rgb@redhat.com \
--cc=sgrubb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).