From: Jan Kara <jack@suse.cz>
To: Paul Moore <paul@paul-moore.com>
Cc: linux-audit@redhat.com, jack@suse.cz, amir73il@gmail.com,
viro@zeniv.linux.org.uk
Subject: Re: [PATCH 11/14] audit: Drop all unused chunk nodes during deletion
Date: Wed, 7 Nov 2018 11:00:57 +0100 [thread overview]
Message-ID: <20181107100057.GB25261@quack2.suse.cz> (raw)
In-Reply-To: <CAHC9VhTPgDkvovmAGOQ4v9imoHQ7Ofvt5Bmgk7OMO_HcygtCww@mail.gmail.com>
On Tue 06-11-18 09:14:55, Paul Moore wrote:
> On Wed, Oct 17, 2018 at 6:15 AM Jan Kara <jack@suse.cz> wrote:
> > When deleting chunk from a tree, drop all unused nodes in a chunk
> > instead of just the one used by the tree. This gets rid of possibly
> > lingering unused nodes (created due to fallback path in untag_chunk())
> > and also removes some special cases and will allow us to simplify
> > locking in untag_chunk().
> >
> > Signed-off-by: Jan Kara <jack@suse.cz>
> > ---
> > kernel/audit_tree.c | 27 ++++++++++++++++++---------
> > 1 file changed, 18 insertions(+), 9 deletions(-)
>
> Hmmm, it looks like this is the patch which makes the list
> replace->splice change okay, yes? If so, should this change be
> squashed into the replace_chunk() patch?
No, this change is completely unrelated to that. This is really only about
making untag_chunk() cleanup less dependent on previous context so we can
simplify the code and locking.
Honza
>
> > diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
> > index ca2b6baff7aa..145e8c92dd31 100644
> > --- a/kernel/audit_tree.c
> > +++ b/kernel/audit_tree.c
> > @@ -277,8 +277,7 @@ static struct audit_chunk *find_chunk(struct node *p)
> > return container_of(p, struct audit_chunk, owners[0]);
> > }
> >
> > -static void replace_chunk(struct audit_chunk *new, struct audit_chunk *old,
> > - struct node *skip)
> > +static void replace_chunk(struct audit_chunk *new, struct audit_chunk *old)
> > {
> > struct audit_tree *owner;
> > int i, j;
> > @@ -288,7 +287,7 @@ static void replace_chunk(struct audit_chunk *new, struct audit_chunk *old,
> > list_for_each_entry(owner, &new->trees, same_root)
> > owner->root = new;
> > for (i = j = 0; j < old->count; i++, j++) {
> > - if (&old->owners[j] == skip) {
> > + if (!old->owners[j].owner) {
> > i--;
> > continue;
> > }
> > @@ -322,20 +321,28 @@ static void remove_chunk_node(struct audit_chunk *chunk, struct node *p)
> > put_tree(owner);
> > }
> >
> > +static int chunk_count_trees(struct audit_chunk *chunk)
> > +{
> > + int i;
> > + int ret = 0;
> > +
> > + for (i = 0; i < chunk->count; i++)
> > + if (chunk->owners[i].owner)
> > + ret++;
> > + return ret;
> > +}
> > +
> > static void untag_chunk(struct node *p)
> > {
> > struct audit_chunk *chunk = find_chunk(p);
> > struct fsnotify_mark *entry = chunk->mark;
> > struct audit_chunk *new = NULL;
> > - int size = chunk->count - 1;
> > + int size;
> >
> > remove_chunk_node(chunk, p);
> > fsnotify_get_mark(entry);
> > spin_unlock(&hash_lock);
> >
> > - if (size)
> > - new = alloc_chunk(size);
> > -
> > mutex_lock(&entry->group->mark_mutex);
> > /*
> > * mark_mutex protects mark from getting detached and thus also from
> > @@ -348,6 +355,7 @@ static void untag_chunk(struct node *p)
> > goto out;
> > }
> >
> > + size = chunk_count_trees(chunk);
> > if (!size) {
> > chunk->dead = 1;
> > spin_lock(&hash_lock);
> > @@ -360,6 +368,7 @@ static void untag_chunk(struct node *p)
> > goto out;
> > }
> >
> > + new = alloc_chunk(size);
> > if (!new)
> > goto out_mutex;
> >
> > @@ -375,7 +384,7 @@ static void untag_chunk(struct node *p)
> > * This has to go last when updating chunk as once replace_chunk() is
> > * called, new RCU readers can see the new chunk.
> > */
> > - replace_chunk(new, chunk, p);
> > + replace_chunk(new, chunk);
> > spin_unlock(&hash_lock);
> > fsnotify_detach_mark(entry);
> > mutex_unlock(&entry->group->mark_mutex);
> > @@ -520,7 +529,7 @@ static int tag_chunk(struct inode *inode, struct audit_tree *tree)
> > * This has to go last when updating chunk as once replace_chunk() is
> > * called, new RCU readers can see the new chunk.
> > */
> > - replace_chunk(chunk, old, NULL);
> > + replace_chunk(chunk, old);
> > spin_unlock(&hash_lock);
> > fsnotify_detach_mark(old_entry);
> > mutex_unlock(&audit_tree_group->mark_mutex);
> > --
> > 2.16.4
> >
>
>
> --
> paul moore
> www.paul-moore.com
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
next prev parent reply other threads:[~2018-11-07 10:00 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-17 10:14 [PATCH 0/14 v4] audit: Fix various races when tagging and untagging mounts Jan Kara
2018-10-17 10:14 ` [PATCH 01/14] audit_tree: Remove mark->lock locking Jan Kara
2018-10-17 10:14 ` [PATCH 02/14] audit: Fix possible spurious -ENOSPC error Jan Kara
2018-10-17 10:14 ` [PATCH 03/14] audit: Fix possible tagging failures Jan Kara
2018-10-17 10:14 ` [PATCH 04/14] audit: Embed key into chunk Jan Kara
2018-10-17 10:14 ` [PATCH 05/14] audit: Make hash table insertion safe against concurrent lookups Jan Kara
2018-10-17 10:14 ` [PATCH 06/14] audit: Factor out chunk replacement code Jan Kara
2018-10-18 19:27 ` Richard Guy Briggs
2018-11-06 13:58 ` Paul Moore
2018-11-07 9:55 ` Jan Kara
2018-11-09 14:45 ` Paul Moore
2018-11-12 15:15 ` Paul Moore
2018-11-12 15:25 ` Jan Kara
2018-10-17 10:14 ` [PATCH 07/14] audit: Remove pointless check in insert_hash() Jan Kara
2018-10-17 10:14 ` [PATCH 08/14] audit: Provide helper for dropping mark's chunk reference Jan Kara
2018-10-17 10:15 ` [PATCH 09/14] audit: Allocate fsnotify mark independently of chunk Jan Kara
2018-10-17 10:15 ` [PATCH 10/14] audit: Guarantee forward progress of chunk untagging Jan Kara
2018-10-18 19:29 ` Richard Guy Briggs
2018-10-17 10:15 ` [PATCH 11/14] audit: Drop all unused chunk nodes during deletion Jan Kara
2018-10-18 19:32 ` Richard Guy Briggs
2018-11-06 14:14 ` Paul Moore
2018-11-07 10:00 ` Jan Kara [this message]
2018-10-17 10:15 ` [PATCH 12/14] audit: Simplify locking around untag_chunk() Jan Kara
2018-10-18 12:27 ` Richard Guy Briggs
2018-10-19 8:22 ` Jan Kara
2018-10-19 11:18 ` Richard Guy Briggs
2018-10-17 10:15 ` [PATCH 13/14] audit: Replace chunk attached to mark instead of replacing mark Jan Kara
2018-10-18 19:39 ` Richard Guy Briggs
2018-10-17 10:15 ` [PATCH 14/14] audit: Use 'mark' name for fsnotify_mark variables Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181107100057.GB25261@quack2.suse.cz \
--to=jack@suse.cz \
--cc=amir73il@gmail.com \
--cc=linux-audit@redhat.com \
--cc=paul@paul-moore.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox