[PATCH] kernel/auditfilter.c: need process 'tree' when audit_add_watch() failed in audit_add

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] kernel/auditfilter.c: need process 'tree' when audit_add_watch() failed in audit_add_rule().
@ 2013-05-10 10:12 Chen Gang
  2013-05-22 21:18 ` Andrew Morton
  0 siblings, 1 reply; 3+ messages in thread
From: Chen Gang @ 2013-05-10 10:12 UTC (permalink / raw)
  To: Andrew Morton; +Cc: Al Viro, Eric Paris, linux-kernel@vger.kernel.org


If both 'tree' and 'watch' are valid, need call audit_put_tree(), just
like the upper area has done within function audit_add_rule().

Signed-off-by: Chen Gang <gang.chen@asianux.com>
---
 kernel/auditfilter.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index f9fc54b..81f63f9 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -952,6 +952,12 @@ static inline int audit_add_rule(struct audit_entry *entry)
 		err = audit_add_watch(&entry->rule, &list);
 		if (err) {
 			mutex_unlock(&audit_filter_mutex);
+			/*
+			 * normally audit_add_tree_rule() will free it
+			 * on failure
+			 */
+			if (tree)
+				audit_put_tree(tree);
 			goto error;
 		}
 	}
-- 
1.7.7.6

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] kernel/auditfilter.c: need process 'tree' when audit_add_watch() failed in audit_add_rule().
  2013-05-10 10:12 [PATCH] kernel/auditfilter.c: need process 'tree' when audit_add_watch() failed in audit_add_rule() Chen Gang
@ 2013-05-22 21:18 ` Andrew Morton
  2013-05-23  1:29   ` Chen Gang
  0 siblings, 1 reply; 3+ messages in thread
From: Andrew Morton @ 2013-05-22 21:18 UTC (permalink / raw)
  To: Chen Gang; +Cc: Al Viro, Eric Paris, linux-kernel@vger.kernel.org

On Fri, 10 May 2013 18:12:26 +0800 Chen Gang <gang.chen@asianux.com> wrote:

> 
> If both 'tree' and 'watch' are valid, need call audit_put_tree(), just
> like the upper area has done within function audit_add_rule().
> 
> Signed-off-by: Chen Gang <gang.chen@asianux.com>
> ---
>  kernel/auditfilter.c |    6 ++++++
>  1 files changed, 6 insertions(+), 0 deletions(-)
> 
> diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
> index f9fc54b..81f63f9 100644
> --- a/kernel/auditfilter.c
> +++ b/kernel/auditfilter.c
> @@ -952,6 +952,12 @@ static inline int audit_add_rule(struct audit_entry *entry)
>  		err = audit_add_watch(&entry->rule, &list);
>  		if (err) {
>  			mutex_unlock(&audit_filter_mutex);
> +			/*
> +			 * normally audit_add_tree_rule() will free it
> +			 * on failure
> +			 */
> +			if (tree)
> +				audit_put_tree(tree);
>  			goto error;
>  		}
>  	}

Are you sure?  Or is the earlier audit_put_tree(tree) wrong?

Where is the "get" which this "put" is undoing?

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] kernel/auditfilter.c: need process 'tree' when audit_add_watch() failed in audit_add_rule().
  2013-05-22 21:18 ` Andrew Morton
@ 2013-05-23  1:29   ` Chen Gang
  0 siblings, 0 replies; 3+ messages in thread
From: Chen Gang @ 2013-05-23  1:29 UTC (permalink / raw)
  To: Andrew Morton; +Cc: Al Viro, Eric Paris, linux-kernel@vger.kernel.org

On 05/23/2013 05:18 AM, Andrew Morton wrote:
> On Fri, 10 May 2013 18:12:26 +0800 Chen Gang <gang.chen@asianux.com> wrote:
> 
>> > 
>> > If both 'tree' and 'watch' are valid, need call audit_put_tree(), just
>> > like the upper area has done within function audit_add_rule().
>> > 
>> > Signed-off-by: Chen Gang <gang.chen@asianux.com>
>> > ---
>> >  kernel/auditfilter.c |    6 ++++++
>> >  1 files changed, 6 insertions(+), 0 deletions(-)
>> > 
>> > diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
>> > index f9fc54b..81f63f9 100644
>> > --- a/kernel/auditfilter.c
>> > +++ b/kernel/auditfilter.c
>> > @@ -952,6 +952,12 @@ static inline int audit_add_rule(struct audit_entry *entry)
>> >  		err = audit_add_watch(&entry->rule, &list);
>> >  		if (err) {
>> >  			mutex_unlock(&audit_filter_mutex);
>> > +			/*
>> > +			 * normally audit_add_tree_rule() will free it
>> > +			 * on failure
>> > +			 */
>> > +			if (tree)
>> > +				audit_put_tree(tree);
>> >  			goto error;
>> >  		}
>> >  	}
> Are you sure?  Or is the earlier audit_put_tree(tree) wrong?
> 

Yes I am sure.

Since audit_add_tree_rule() will really free it on failure, we have to
be sure to free it in another area within audit_add_rule().


> Where is the "get" which this "put" is undoing?
> 
> 

"Allocating tree" is the "get", this "put" will really free the tree.



Thanks.
-- 
Chen Gang

Asianux Corporation

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2013-05-23  1:30 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-05-10 10:12 [PATCH] kernel/auditfilter.c: need process 'tree' when audit_add_watch() failed in audit_add_rule() Chen Gang
2013-05-22 21:18 ` Andrew Morton
2013-05-23  1:29   ` Chen Gang

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox