From: Amy Griffis <amy.griffis@hp.com>
To: linux-audit@redhat.com
Subject: Re: [PATCH git 2/3] don't allow duplicate inode or watch rules
Date: Mon, 5 Jun 2006 13:45:41 -0400 [thread overview]
Message-ID: <20060605174541.GC24778@zk3.dec.com> (raw)
In-Reply-To: <20060605174105.GA24778@zk3.dec.com>
In audit_add_rule(), check the inode hash so duplicate rules can't be
added.
Signed-off-by: Amy Griffis <amy.griffis@hp.com>
---
kernel/auditfilter.c | 52 +++++++++++++++++++++++++++++++++++++++-----------
1 files changed, 41 insertions(+), 11 deletions(-)
745105541b430c90127a2b7ad1806d995fd793b0
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index d53a80d..3cedc73 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -880,6 +880,37 @@ static void audit_inotify_unregister(str
}
}
+/* Find an existing audit rule.
+ * Caller must hold audit_filter_mutex to prevent stale rule data. */
+static struct audit_entry *audit_find_rule(struct audit_entry *entry,
+ struct list_head *list)
+{
+ struct audit_entry *e, *found = NULL;
+ int h;
+
+ if (entry->rule.watch) {
+ /* we don't know the inode number, so must walk entire hash */
+ for (h = 0; h < AUDIT_INODE_BUCKETS; h++) {
+ list = &audit_inode_hash[h];
+ list_for_each_entry(e, list, list)
+ if (!audit_compare_rule(&entry->rule, &e->rule)) {
+ found = e;
+ goto out;
+ }
+ }
+ goto out;
+ }
+
+ list_for_each_entry(e, list, list)
+ if (!audit_compare_rule(&entry->rule, &e->rule)) {
+ found = e;
+ goto out;
+ }
+
+out:
+ return found;
+}
+
/* Get path information necessary for adding watches. */
static int audit_get_nd(char *path, struct nameidata **ndp,
struct nameidata **ndw)
@@ -1017,16 +1048,18 @@ static inline int audit_add_rule(struct
struct nameidata *ndp, *ndw;
int h, err, putnd_needed = 0;
- /* Taking audit_filter_mutex protects from stale rule data. */
- mutex_lock(&audit_filter_mutex);
- list_for_each_entry(e, list, list) {
- if (!audit_compare_rule(&entry->rule, &e->rule)) {
- err = -EEXIST;
- mutex_unlock(&audit_filter_mutex);
- goto error;
- }
+ if (inode_f) {
+ h = audit_hash_ino(inode_f->val);
+ list = &audit_inode_hash[h];
}
+
+ mutex_lock(&audit_filter_mutex);
+ e = audit_find_rule(entry, list);
mutex_unlock(&audit_filter_mutex);
+ if (e) {
+ err = -EEXIST;
+ goto error;
+ }
/* Avoid calling path_lookup under audit_filter_mutex. */
if (watch) {
@@ -1046,9 +1079,6 @@ static inline int audit_add_rule(struct
}
h = audit_hash_ino((u32)watch->ino);
list = &audit_inode_hash[h];
- } else if (inode_f) {
- h = audit_hash_ino(inode_f->val);
- list = &audit_inode_hash[h];
}
if (entry->rule.flags & AUDIT_FILTER_PREPEND) {
--
1.3.0
next prev parent reply other threads:[~2006-06-05 17:45 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-06-05 17:41 [PATCH git 0/3] audit inode hash bug fix, cleanup Amy Griffis
2006-06-05 17:42 ` [PATCH git 1/3] fix inode rules not added to inode hash Amy Griffis
2006-06-05 17:45 ` Amy Griffis [this message]
2006-06-05 17:46 ` [PATCH git 3/3] make audit_del_rule() use audit_find_rule() Amy Griffis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060605174541.GC24778@zk3.dec.com \
--to=amy.griffis@hp.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox