From mboxrd@z Thu Jan 1 00:00:00 1970 From: Al Viro Subject: Re: [PATCH resend] audit: fix mark refcounting Date: Thu, 15 Dec 2011 09:01:51 +0000 Message-ID: <20111215090151.GR2203@ZenIV.linux.org.uk> References: <87obwof06x.fsf@tucsk.pomaz.szeredi.hu> <87ipljcjc2.fsf@tucsk.pomaz.szeredi.hu> <20111215084050.GQ2203@ZenIV.linux.org.uk> <87fwgmjjr9.fsf@tucsk.pomaz.szeredi.hu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Linus Torvalds , Eric Paris , akpm@linux-foundation.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org To: Miklos Szeredi Return-path: Content-Disposition: inline In-Reply-To: <87fwgmjjr9.fsf@tucsk.pomaz.szeredi.hu> Sender: linux-kernel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On Thu, Dec 15, 2011 at 09:56:26AM +0100, Miklos Szeredi wrote: > > Guys, does anybody have a real demonstration of the breakage cured by > > pinning the mark down in audit_watch.c ->handle_event()? Or is that > > a pure theory? > > Yes it does fix the BUG. Test case in patch. > > > Is ->handle_event() argument held by caller? > > Well, obviously not, otherwise we wouldn't hit the bug. > > > Eric? If that's the case, > > we don't need to do anything with audit_watch.c instance; otherwise, > > both that one and inotify_handle_event() are in trouble... > > Yep. I wonder if the right fix is to do it here and not in caller, though... OTOH, usually we don't hit destroy at all, so it's probably better to handle it in the individual instances... OK, consider the audit_watch.c part ACKed; inotify counterpart needs a similar patch, AFAICS.