| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Jul 2015 13:58:26 -0400
From: Paul Moore <pmoore@...hat.com>
To: Richard Guy Briggs <rgb@...hat.com>
Cc: linux-audit@...hat.com, linux-kernel@...r.kernel.org,
sgrubb@...hat.com
Subject: Re: [PATCH V6 2/2] audit: eliminate unnecessary extra layer of watch parent references
On Thursday, July 16, 2015 09:45:10 PM Richard Guy Briggs wrote:
> On 15/07/16, Paul Moore wrote:
> > On Tuesday, July 14, 2015 11:40:42 AM Richard Guy Briggs wrote:
> > > The audit watch parent count was imbalanced, adding an unnecessary layer
> > > of
> > > watch parent references. Decrement the additional parent reference when
> > > a
> > > watch is reused, already having a reference to the parent.
> > >
> > > Signed-off-by: Richard Guy Briggs <rgb@...hat.com>
> > > ---
> > >
> > > kernel/audit_watch.c | 6 ++----
> > > 1 files changed, 2 insertions(+), 4 deletions(-)
> > >
> > > diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
> > > index f33f54c..8f123d7 100644
> > > --- a/kernel/audit_watch.c
> > > +++ b/kernel/audit_watch.c
> > > @@ -391,11 +391,12 @@ static void audit_add_to_parent(struct audit_krule
> > > *krule,
> > >
> > > audit_get_watch(w);
> > > krule->watch = watch = w;
> > >
> > > +
> > > + audit_put_parent(parent);
> > >
> > > break;
> > >
> > > }
> > >
> > > if (!watch_found) {
> > >
> > > - audit_get_parent(parent);
> > >
> > > watch->parent = parent;
> >
> > I understand removing the get() here and the put() in audit_add_watch, but
> > I don't understand adding the put() above, can you help me understand?
>
> audit_find_parent() gets a reference to the parent, if the parent is
> already known. This additional parental reference is not needed if the
> watch is subsequently found by audit_add_to_parent(), and consumed if
> the watch does not already exist, so we need to put the parent if the
> watch is found, and do nothing if this new watch is added to the parent.
>
> If the parent wasn't already known, it is created with a refcount of 1
> and added to the audit_watch_group, then incremented by one to be
> subsequently consumed by the newly created watch in
> audit_add_to_parent().
>
> The graph below may help to visualize it.
>
> The rule points to the watch, not to the parent, so the rule's refcount
> gets bumped, not the parent's.
Great, thanks for the explanation. Fix up the goto/return in patch 1/2,
resubmit and I'll merge this patchset into audit#next.
--
paul moore
security @ redhat
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists