From: Paul Moore <pmoore@redhat.com>
To: Richard Guy Briggs <rgb@redhat.com>
Cc: linux-audit@redhat.com, linux-kernel@vger.kernel.org,
sgrubb@redhat.com, eparis@redhat.com
Subject: Re: [PATCH V4 (was V6) 2/2] audit: eliminate unnecessary extra layer of watch parent references
Date: Tue, 04 Aug 2015 18:28:05 -0400 [thread overview]
Message-ID: <3515336.1nYIlqF3Jz@sifl> (raw)
In-Reply-To: <4d84814704ad61bc547ac74395882a6092f5be09.1438446498.git.rgb@redhat.com>
On Saturday, August 01, 2015 03:41:13 PM Richard Guy Briggs wrote:
> The audit watch parent count was imbalanced, adding an unnecessary layer of
> watch parent references. Decrement the additional parent reference when a
> watch is reused, already having a reference to the parent.
>
> audit_find_parent() gets a reference to the parent, if the parent is
> already known. This additional parental reference is not needed if the
> watch is subsequently found by audit_add_to_parent(), and consumed if
> the watch does not already exist, so we need to put the parent if the
> watch is found, and do nothing if this new watch is added to the parent.
>
> If the parent wasn't already known, it is created with a refcount of 1
> and added to the audit_watch_group, then incremented by one to be
> subsequently consumed by the newly created watch in
> audit_add_to_parent().
>
> The rule points to the watch, not to the parent, so the rule's refcount
> gets bumped, not the parent's.
>
> See LKML, 2015-07-16
>
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> ---
> kernel/audit_watch.c | 6 ++----
> 1 files changed, 2 insertions(+), 4 deletions(-)
Merged.
> diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
> index f33f54c..8f123d7 100644
> --- a/kernel/audit_watch.c
> +++ b/kernel/audit_watch.c
> @@ -391,11 +391,12 @@ static void audit_add_to_parent(struct audit_krule
> *krule,
>
> audit_get_watch(w);
> krule->watch = watch = w;
> +
> + audit_put_parent(parent);
> break;
> }
>
> if (!watch_found) {
> - audit_get_parent(parent);
> watch->parent = parent;
>
> audit_get_watch(watch);
> @@ -436,9 +437,6 @@ int audit_add_watch(struct audit_krule *krule, struct
> list_head **list)
>
> audit_add_to_parent(krule, parent);
>
> - /* match get in audit_find_parent or audit_init_parent */
> - audit_put_parent(parent);
> -
> h = audit_hash_ino((u32)watch->ino);
> *list = &audit_inode_hash[h];
> error:
--
paul moore
security @ redhat
prev parent reply other threads:[~2015-08-04 22:28 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-01 19:41 [PATCH V4 (was V6) 0/2] audit: rebalance and remove extra layers of watch references Richard Guy Briggs
2015-08-01 19:41 ` [PATCH V4 (was V6) 1/2] audit: eliminate unnecessary extra layer " Richard Guy Briggs
2015-08-04 22:27 ` Paul Moore
2015-08-01 19:41 ` [PATCH V4 (was V6) 2/2] audit: eliminate unnecessary extra layer of watch parent references Richard Guy Briggs
2015-08-04 22:28 ` Paul Moore [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3515336.1nYIlqF3Jz@sifl \
--to=pmoore@redhat.com \
--cc=eparis@redhat.com \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rgb@redhat.com \
--cc=sgrubb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox