From: Jan Kara <jack@suse.cz>
To: Paul Moore <paul@paul-moore.com>
Cc: Jan Kara <jack@suse.cz>,
linux-fsdevel@vger.kernel.org,
Amir Goldstein <amir73il@gmail.com>,
Lino Sanfilippo <LinoSanfilippo@gmx.de>,
Miklos Szeredi <miklos@szeredi.hu>,
linux-audit@redhat.com
Subject: Re: [PATCH 06/22] audit: Abstract hash key handling
Date: Tue, 3 Jan 2017 18:34:19 +0100 [thread overview]
Message-ID: <20170103173419.GE3780@quack2.suse.cz> (raw)
In-Reply-To: <CAHC9VhT3EbWgfR_G39ZV2UUm21+CUDnemNDUPgwYP_vj556D-g@mail.gmail.com>
On Fri 23-12-16 09:13:55, Paul Moore wrote:
> On Fri, Dec 23, 2016 at 8:27 AM, Jan Kara <jack@suse.cz> wrote:
> > On Thu 22-12-16 18:27:40, Paul Moore wrote:
> >> On Thu, Dec 22, 2016 at 4:15 AM, Jan Kara <jack@suse.cz> wrote:
> >> > Audit tree currently uses inode pointer as a key into the hash table.
> >> > Getting that from notification mark will be somewhat more difficult with
> >> > coming fsnotify changes and there's no reason we really have to use the
> >> > inode pointer. So abstract getting of hash key from the audit chunk and
> >> > inode so that we can switch to a different key easily later.
> >> >
> >> > CC: Paul Moore <paul@paul-moore.com>
> >> > Signed-off-by: Jan Kara <jack@suse.cz>
> >> > ---
> >> > kernel/audit_tree.c | 39 ++++++++++++++++++++++++++++-----------
> >> > 1 file changed, 28 insertions(+), 11 deletions(-)
> >>
> >> I have no objections with this patch in particular, but in patch 8,
> >> are you certain that inode_to_key() and chunk_to_key() will continue
> >> to return the same key value?
> >
> > Yes, that's the intention. Or better in that patch the key will no longer
> > be inode pointer but instead the fsnotify_list pointer. But still it would
> > match for chunks attached to an inode and inode itself so comparison
> > results should stay the same.
>
> My apologies, I probably should have been more clear.
>
> Yes, I think we are all in agreement that the *_to_key() functions
> need to return a consistent value for the same object. My concern is
> that in patch 8 these functions are using different variables (granted
> they may contain the same value, and therefore evaluate to the same
> key) and I worry that there is a possibility of the two variables
> taking on different values and breaking the hash. What guarantees
> exist that these values will be the same? Are there any safeguards to
> prevent future patches from accidentally sidestepping these
> guarantees?
Ah, OK, so this is more about patch 8 than patch 6. So far audit uses inode
pointer as a key - now with patch 8, there is a fsnotify_mark_list attached
to an inode if and only if there is any fsnotify_mark for that inode and
both inode->i_fsnotify_marks (used as a key in inode_to_key()) and
mark->obj_list_head (used as a key in chunk_to_key()) point to it. So keys
for an inode and chunk match if and only if the fsnotify mark in the chunk
is attached to the inode - the same as before patch 8.
The only reason why I changed audit to use a different pointer for the key
is that you need some lock protection to do mark->obj_list_head->inode
dereference and this seemed the easiest. Actually now that all the lifetime
rules have worked out, I can see we can actually use inode pointer as a key
relatively easily since mark->obj_list_head is stable once you hold a mark
reference so locking would be only intermediate step until this gets
established in the series. Would you prefer me to do that?
Honza
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
next prev parent reply other threads:[~2017-01-03 17:34 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20161222091538.28702-1-jack@suse.cz>
2016-12-22 20:58 ` [PATCH 0/22] fsnotify: Avoid SRCU stalls with fanotify permission events Paul Moore
2016-12-22 21:05 ` Amir Goldstein
2016-12-22 23:04 ` Paul Moore
[not found] ` <20161222091538.28702-5-jack@suse.cz>
2016-12-22 23:13 ` [PATCH 04/22] fsnotify: Remove fsnotify_duplicate_mark() Paul Moore
2016-12-23 13:22 ` Jan Kara
2016-12-23 14:01 ` Paul Moore
[not found] ` <20161222091538.28702-6-jack@suse.cz>
2016-12-22 23:18 ` [PATCH 05/22] audit: Fix sleep in atomic Paul Moore
2016-12-23 13:24 ` Jan Kara
2016-12-23 14:17 ` Paul Moore
2016-12-26 16:33 ` Paul Moore
2017-01-02 18:21 ` Jan Kara
2017-01-03 21:11 ` Paul Moore
2017-01-04 8:50 ` Jan Kara
2017-01-05 2:14 ` Paul Moore
[not found] ` <20161222091538.28702-7-jack@suse.cz>
2016-12-22 23:27 ` [PATCH 06/22] audit: Abstract hash key handling Paul Moore
2016-12-23 13:27 ` Jan Kara
2016-12-23 14:13 ` Paul Moore
2017-01-03 17:34 ` Jan Kara [this message]
2017-01-05 2:06 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170103173419.GE3780@quack2.suse.cz \
--to=jack@suse.cz \
--cc=LinoSanfilippo@gmx.de \
--cc=amir73il@gmail.com \
--cc=linux-audit@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=paul@paul-moore.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox