[PATCH 10/14] audit: Guarantee forward progress of chunk untagging

public inbox for linux-audit@redhat.com
 help / color / mirror / Atom feed

From: Jan Kara <jack@suse.cz>
To: Paul Moore <paul@paul-moore.com>
Cc: rgb@redhat.com, Jan Kara <jack@suse.cz>,
	linux-audit@redhat.com, amir73il@gmail.com,
	Al Viro <viro@ZenIV.linux.org.uk>
Subject: [PATCH 10/14] audit: Guarantee forward progress of chunk untagging
Date: Wed, 17 Oct 2018 12:15:01 +0200	[thread overview]
Message-ID: <20181017101505.25881-11-jack@suse.cz> (raw)
In-Reply-To: <20181017101505.25881-1-jack@suse.cz>

When removing chunk from a tree, we do shrink the chunk. This can fail
for various reasons (due to races, ENOMEM, etc.) and in some cases we
just bail from untag_chunk() relying on someone else to cleanup.
Although this currently works, later we will need to add new failure
situation which would break. Also this simplifies the code and will
allow us to make locking around untag_chunk() less awkward.

Signed-off-by: Jan Kara <jack@suse.cz>
---
 kernel/audit_tree.c | 42 +++++++++++++++++-------------------------
 1 file changed, 17 insertions(+), 25 deletions(-)

diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
index c98ab2d68a1c..ca2b6baff7aa 100644
--- a/kernel/audit_tree.c
+++ b/kernel/audit_tree.c
@@ -309,16 +309,28 @@ static void replace_chunk(struct audit_chunk *new, struct audit_chunk *old,
 	list_replace_rcu(&old->hash, &new->hash);
 }
 
+static void remove_chunk_node(struct audit_chunk *chunk, struct node *p)
+{
+	struct audit_tree *owner = p->owner;
+
+	if (owner->root == chunk) {
+		list_del_init(&owner->same_root);
+		owner->root = NULL;
+	}
+	list_del_init(&p->list);
+	p->owner = NULL;
+	put_tree(owner);
+}
+
 static void untag_chunk(struct node *p)
 {
 	struct audit_chunk *chunk = find_chunk(p);
 	struct fsnotify_mark *entry = chunk->mark;
 	struct audit_chunk *new = NULL;
-	struct audit_tree *owner;
 	int size = chunk->count - 1;
 
+	remove_chunk_node(chunk, p);
 	fsnotify_get_mark(entry);
-
 	spin_unlock(&hash_lock);
 
 	if (size)
@@ -336,15 +348,10 @@ static void untag_chunk(struct node *p)
 		goto out;
 	}
 
-	owner = p->owner;
-
 	if (!size) {
 		chunk->dead = 1;
 		spin_lock(&hash_lock);
 		list_del_init(&chunk->trees);
-		if (owner->root == chunk)
-			owner->root = NULL;
-		list_del_init(&p->list);
 		list_del_rcu(&chunk->hash);
 		spin_unlock(&hash_lock);
 		fsnotify_detach_mark(entry);
@@ -354,21 +361,16 @@ static void untag_chunk(struct node *p)
 	}
 
 	if (!new)
-		goto Fallback;
+		goto out_mutex;
 
 	if (fsnotify_add_mark_locked(new->mark, entry->connector->obj,
 				     FSNOTIFY_OBJ_TYPE_INODE, 1)) {
 		fsnotify_put_mark(new->mark);
-		goto Fallback;
+		goto out_mutex;
 	}
 
 	chunk->dead = 1;
 	spin_lock(&hash_lock);
-	if (owner->root == chunk) {
-		list_del_init(&owner->same_root);
-		owner->root = NULL;
-	}
-	list_del_init(&p->list);
 	/*
 	 * This has to go last when updating chunk as once replace_chunk() is
 	 * called, new RCU readers can see the new chunk.
@@ -381,17 +383,7 @@ static void untag_chunk(struct node *p)
 	fsnotify_put_mark(new->mark);	/* drop initial reference */
 	goto out;
 
-Fallback:
-	// do the best we can
-	spin_lock(&hash_lock);
-	if (owner->root == chunk) {
-		list_del_init(&owner->same_root);
-		owner->root = NULL;
-	}
-	list_del_init(&p->list);
-	p->owner = NULL;
-	put_tree(owner);
-	spin_unlock(&hash_lock);
+out_mutex:
 	mutex_unlock(&entry->group->mark_mutex);
 out:
 	fsnotify_put_mark(entry);
-- 
2.16.4

next prev parent reply	other threads:[~2018-10-17 10:15 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-10-17 10:14 [PATCH 0/14 v4] audit: Fix various races when tagging and untagging mounts Jan Kara
2018-10-17 10:14 ` [PATCH 01/14] audit_tree: Remove mark->lock locking Jan Kara
2018-10-17 10:14 ` [PATCH 02/14] audit: Fix possible spurious -ENOSPC error Jan Kara
2018-10-17 10:14 ` [PATCH 03/14] audit: Fix possible tagging failures Jan Kara
2018-10-17 10:14 ` [PATCH 04/14] audit: Embed key into chunk Jan Kara
2018-10-17 10:14 ` [PATCH 05/14] audit: Make hash table insertion safe against concurrent lookups Jan Kara
2018-10-17 10:14 ` [PATCH 06/14] audit: Factor out chunk replacement code Jan Kara
2018-10-18 19:27   ` Richard Guy Briggs
2018-11-06 13:58     ` Paul Moore
2018-11-07  9:55       ` Jan Kara
2018-11-09 14:45         ` Paul Moore
2018-11-12 15:15           ` Paul Moore
2018-11-12 15:25             ` Jan Kara
2018-10-17 10:14 ` [PATCH 07/14] audit: Remove pointless check in insert_hash() Jan Kara
2018-10-17 10:14 ` [PATCH 08/14] audit: Provide helper for dropping mark's chunk reference Jan Kara
2018-10-17 10:15 ` [PATCH 09/14] audit: Allocate fsnotify mark independently of chunk Jan Kara
2018-10-17 10:15 ` Jan Kara [this message]
2018-10-18 19:29   ` [PATCH 10/14] audit: Guarantee forward progress of chunk untagging Richard Guy Briggs
2018-10-17 10:15 ` [PATCH 11/14] audit: Drop all unused chunk nodes during deletion Jan Kara
2018-10-18 19:32   ` Richard Guy Briggs
2018-11-06 14:14   ` Paul Moore
2018-11-07 10:00     ` Jan Kara
2018-10-17 10:15 ` [PATCH 12/14] audit: Simplify locking around untag_chunk() Jan Kara
2018-10-18 12:27   ` Richard Guy Briggs
2018-10-19  8:22     ` Jan Kara
2018-10-19 11:18       ` Richard Guy Briggs
2018-10-17 10:15 ` [PATCH 13/14] audit: Replace chunk attached to mark instead of replacing mark Jan Kara
2018-10-18 19:39   ` Richard Guy Briggs
2018-10-17 10:15 ` [PATCH 14/14] audit: Use 'mark' name for fsnotify_mark variables Jan Kara

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:c98ab2d68a1 dfblob:ca2b6baff7a )
 OR (
bs:"[PATCH 10/14] audit: Guarantee forward progress of chunk untagging" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20181017101505.25881-11-jack@suse.cz \
    --to=jack@suse.cz \
    --cc=amir73il@gmail.com \
    --cc=linux-audit@redhat.com \
    --cc=paul@paul-moore.com \
    --cc=rgb@redhat.com \
    --cc=viro@ZenIV.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox