From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?UTF-8?B?VG9yYWxmIEbDtnJzdGVy?= Subject: Re: v3.19-rc2: crashes during boot (syslog-ng, rpcbind ...) Date: Wed, 31 Dec 2014 09:47:33 +0100 Message-ID: <54A3B825.3040409@gmx.de> References: <54A17C49.5080102@gmx.de> <54A1B724.8070106@gmx.de> <5490032.bFDrnJqxyv@sifl> <4559278.bMkG2euyQm@sifl> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: QUOTED-PRINTABLE Return-path: In-Reply-To: <4559278.bMkG2euyQm@sifl> Sender: linux-kernel-owner@vger.kernel.org To: Paul Moore Cc: linux Kernel , linux-audit@redhat.com List-Id: linux-audit@redhat.com On 12/30/2014 07:46 PM, Paul Moore wrote: > On Tuesday, December 30, 2014 09:11:32 AM Paul Moore wrote: >> On Monday, December 29, 2014 09:18:44 PM Toralf F=C3=B6rster wrote: >>> On 12/29/2014 08:41 PM, Paul Moore wrote: >>>> To help verify that I'm heading down the right path, could you sha= re >>>> your audit configuration as well? If that's not possible, can you= at >>>> least confirm that you using a few audit directory watches? >>> >>> Well, it is just a victim system for trinity - but I did not config= ured >>> auditd in a special manner - so it is just the plain default config= uration >>> of Gentoo: >> >> Okay, thanks for the information; the file related syscall watches a= re >> likely what triggered the problem code. Until I've got the fix sort= ed out, >> removing the syscall watches or just disabling auditd from starting = at boot >> should workaround the problem. >=20 > I still want to go over the below patch a bit more to check a few thi= ngs, but=20 > it solves the problem for me and I believe it should solve the proble= m you are=20 > seeing as well. Can you give it a try and let me know what happens? >=20 > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > index 287b3d3..d834770 100644 > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -72,6 +72,8 @@ > #include > #include > #include > +#include > +#include > =20 > #include "audit.h" > =20 > @@ -1862,7 +1864,7 @@ void __audit_inode(struct filename *name, const= struct=20 > dentry *dentry, > =20 > list_for_each_entry_reverse(n, &context->names_list, list) { > /* does the name pointer match? */ > - if (!n->name || n->name->name !=3D name->name) > + if (!n->name || strcmp(n->name->name, name->name)) > continue; > =20 > /* match the correct record type */ > @@ -1881,14 +1883,39 @@ out_alloc: > n =3D audit_alloc_name(context, AUDIT_TYPE_UNKNOWN); > if (!n) > return; > - if (name) > - /* since name is not NULL we know there is already a matching > - * name record, see audit_getname(), so there must be a type > - * mismatch; reuse the string path since the original name > - * record will keep the string valid until we free it in > - * audit_free_names() */ > - n->name =3D name; > + /* unfortunately, while we may have a path name to record with the > + * inode, we can't always rely on the string lasting until the end = of > + * the syscall so we need to create our own copy, it may fail due t= o > + * memory allocation issues, but we do our best */ > + if (name) { > + /* we can't use getname_kernel() due to size limits */ > + struct filename *new =3D __getname(); > =20 > + if (unlikely(!new)) > + goto out; > + > + memset(new, 0, sizeof(*new)); > + if ((strlen(name->name) + 1) <=3D (PATH_MAX - sizeof(*new))) { > + char *new_name =3D (char *)(new) + sizeof(*new); > + new->name =3D new_name; > + new->separate =3D false; > + } else { > + /* this looks odd, but is due to final_putname() */ > + struct filename *new2; > + new2 =3D kzalloc(sizeof(*new2), GFP_KERNEL); > + if (unlikely(!new2)) { > + __putname(new); > + goto out; > + } > + new2->name =3D (char *)new; > + new =3D new2; > + new->separate =3D true; > + } > + strcpy((char *)new->name, name->name); > + new->aname =3D n; > + n->name =3D new; > + n->name_put =3D true; > + } > out: > if (parent) { > n->name_len =3D n->name ? parent_len(n->name->name) : AUDIT_NAME_F= ULL; >=20 n22kvm-clone linux patch -p1 --dry-run < /mnt/t44/devel/kvm.patch patching file kernel/auditsc.c patch: **** malformed patch at line 15: dentry *dentry, --=20 Toralf pgp key: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 0076 E94E