Google Git
Sign in
kernel / pub / scm / linux / kernel / git / viro / audit / 16938bb22f1b01d8c3bb93d28aaeb6a67d433559
commit16938bb22f1b01d8c3bb93d28aaeb6a67d433559[log] [tgz]
authorMiklos Szeredi <mszeredi@suse.cz>Tue Jan 03 14:23:09 2012 -0500
committerAl Viro <viro@zeniv.linux.org.uk>Thu Jan 12 00:25:10 2012 -0500
treebf49e1944f19e7852078109aacc56570810fd7bc
parent2196821a0b3c0829e7b44638225a7072975428a6 [diff]
audit: fix mark refcounting

Removing the parent of a watched file results in "kernel BUG at
fs/notify/mark.c:139".

To reproduce

  add "-w /tmp/audit/dir/watched_file" to audit.rules
  rm -rf /tmp/audit/dir

This is caused by fsnotify_destroy_mark() being called without an
extra reference taken by the caller.

Reported by Francesco Cosoleto here:

  https://bugzilla.novell.com/show_bug.cgi?id=689860

This is not actually a real bug in the logic, but it does hit a BUG().
Even though the mark is not pinned by a reference after the destroy, it
will not get freed because it is held by the srcu mark lock.  The real
'fix' would be to take a reference under the srcu lock every time a mark
is found, but this is an expensive operation.  Instead just get the
mark in the odd places, like here, where a mark might get destroyed with
the only thing keeping it from being freed being the srcu lock.

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
CC: Al Viro <viro@zeniv.linux.org.uk>
CC: Eric Paris <eparis@redhat.com>
CC: stable@vger.kernel.org
Signed-off-by: Eric Paris <eparis@redhat.com>
1 file changed
tree: bf49e1944f19e7852078109aacc56570810fd7bc
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS