Re: Kernel oops+crash on repeated auditd restarts

public inbox for linux-audit@redhat.com
 help / color / mirror / Atom feed

From: Marcelo Cerri <mhcerri@linux.vnet.ibm.com>
To: Eric Paris <eparis@redhat.com>
Cc: linux-audit@redhat.com
Subject: Re: Kernel oops+crash on repeated auditd restarts
Date: Tue, 24 Apr 2012 02:12:10 -0300	[thread overview]
Message-ID: <20120424021210.283cd4cd@oc8526070481.ibm.com> (raw)
In-Reply-To: <1335198376.8224.4.camel@localhost>

On Mon, 23 Apr 2012 12:26:16 -0400
Eric Paris <eparis@redhat.com> wrote:

> On Fri, 2012-04-20 at 23:14 -0300, Marcelo Cerri wrote:
> 
> > The patch below increments the reference count of a mark when it is
> > added to the destroy list. It seems to solve the issue and it
> > doesn't seem to cause any memory leak. Please, can you make some
> > tests in your environments and let me know if there is any problem
> > with this patch.
> 
> That is almost certainly the wrong thing to do.  This test program
> should show a memory leak with your patch.  If it doesn't show a
> memory leak then something is screwed up in inotify as well.

Sorry, I should have tested the other features that also make use of
fsnotify. You're right, my patch adds a memory leak for inotify (and
probably for dnotify and fanotify too).

> ...
> 
> The lifetime of an object is supposed to be from fsnotify_init_mark()
> until it's matching reference is dropped in fsnotify_mark_destroy().
> It sounds to me like we are calling put somewhere in the audit code
> when we didn't previously call a get....
> 

Considering that the issue is specific to audit and it seems to occur
only with watches on directories, I investigated the audit_tree.c file
and found a probable cause. The untag_chunk() holds a reference to a
mark at the begging of the function and releases it at the end of it (on
the label out). However when it jumps to the "out" label, it calls
fsnotify_put_mark once more.

Peter and Valentin, can you test this new patch to check if it
solves the oops problem?

Eric, do you agree with this solution?

Regards,
Marcelo

---
 kernel/audit_tree.c |    2 --
 1 file changed, 2 deletions(-)

diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
index 5bf0790..b5bd9f9 100644
--- a/kernel/audit_tree.c
+++ b/kernel/audit_tree.c
@@ -250,7 +250,6 @@ static void untag_chunk(struct node *p)
        spin_unlock(&hash_lock);
        spin_unlock(&entry->lock);
        fsnotify_destroy_mark(entry);
-       fsnotify_put_mark(entry);
        goto out;
    }
 
@@ -293,7 +292,6 @@ static void untag_chunk(struct node *p)
    spin_unlock(&hash_lock);
    spin_unlock(&entry->lock);
    fsnotify_destroy_mark(entry);
-   fsnotify_put_mark(entry);
    goto out;
 
 Fallback:
-- 
1.7.9.4

next prev parent reply	other threads:[~2012-04-24  5:12 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-01-25 16:45 Kernel oops+crash on repeated auditd restarts Valentin Avram
2012-01-25 16:53 ` Peter Moody
2012-01-25 19:20 ` Eric Paris
2012-01-26  7:13   ` Valentin Avram
2012-02-08 16:11     ` Valentin Avram
2012-03-05  8:35       ` Valentin Avram
2012-03-28 20:51         ` Peter Moody
2012-03-28 22:42           ` Peter Moody
2012-03-29  1:14             ` Eric Paris
2012-03-29  6:44               ` Valentin Avram
2012-04-03 16:15                 ` Peter Moody
2012-04-05 21:03                   ` Peter Moody
2012-04-05 21:07                     ` Eric Paris
2012-04-17 17:56                       ` Peter Moody
2012-04-17 18:24                         ` Peter Moody
2012-04-17 21:54                           ` Peter Moody
2012-04-21  2:14                             ` Marcelo Cerri
2012-04-23 16:05                               ` Peter Moody
2012-04-23 16:26                               ` Eric Paris
2012-04-24  1:27                                 ` Peter Moody
2012-04-24  5:12                                 ` Marcelo Cerri [this message]
2012-04-24 18:31                                   ` Eric Paris
2012-04-24 18:38                                     ` Peter Moody
2012-04-24 19:06                                       ` Eric Paris

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:5bf0790 dfblob:b5bd9f9 )
 OR (
bs:"Re: Kernel oops+crash on repeated auditd restarts" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120424021210.283cd4cd@oc8526070481.ibm.com \
    --to=mhcerri@linux.vnet.ibm.com \
    --cc=eparis@redhat.com \
    --cc=linux-audit@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox