From mboxrd@z Thu Jan 1 00:00:00 1970 From: Amy Griffis Subject: [PATCH git] make selinux_audit_rule_update() remove safely Date: Tue, 25 Apr 2006 14:57:08 -0400 Message-ID: <20060425185708.GA24662@zk3.dec.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com List-Id: linux-audit@redhat.com (Al, this is a fix for the -mm patch audit-support-for-context-based-audit-filtering-2.patch. Please fold in with lspp.b7 3811b185122022cd5e59b1ca85342b820e3b3e22 on next rebase.) Use list_for_each_entry_safe() in selinux_audit_rule_update() to protect against call_rcu() on list entries while traversing. Signed-off-by: Amy Griffis --- kernel/auditfilter.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) 71476af7bf618dee43c9ac86b0227882df412152 diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 7b91a1e..f1151a2 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1397,7 +1397,7 @@ static inline int audit_rule_has_selinux * updated rule. */ int selinux_audit_rule_update(void) { - struct audit_entry *entry, *nentry; + struct audit_entry *entry, *n, *nentry; struct audit_watch *watch; int i, err = 0; @@ -1405,7 +1405,7 @@ int selinux_audit_rule_update(void) mutex_lock(&audit_filter_mutex); for (i = 0; i < AUDIT_NR_FILTERS; i++) { - list_for_each_entry(entry, &audit_filter_list[i], list) { + list_for_each_entry_safe(entry, n, &audit_filter_list[i], list) { if (!audit_rule_has_selinux(&entry->rule)) continue; -- 1.3.0