lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <12612791.hlKxMY8d10@sifl>
Date:	Fri, 17 Jul 2015 13:58:26 -0400
From:	Paul Moore <pmoore@...hat.com>
To:	Richard Guy Briggs <rgb@...hat.com>
Cc:	linux-audit@...hat.com, linux-kernel@...r.kernel.org,
	sgrubb@...hat.com
Subject: Re: [PATCH V6 2/2] audit: eliminate unnecessary extra layer of watch parent references

On Thursday, July 16, 2015 09:45:10 PM Richard Guy Briggs wrote:
> On 15/07/16, Paul Moore wrote:
> > On Tuesday, July 14, 2015 11:40:42 AM Richard Guy Briggs wrote:
> > > The audit watch parent count was imbalanced, adding an unnecessary layer
> > > of
> > > watch parent references.  Decrement the additional parent reference when
> > > a
> > > watch is reused, already having a reference to the parent.
> > > 
> > > Signed-off-by: Richard Guy Briggs <rgb@...hat.com>
> > > ---
> > > 
> > >  kernel/audit_watch.c |    6 ++----
> > >  1 files changed, 2 insertions(+), 4 deletions(-)
> > > 
> > > diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
> > > index f33f54c..8f123d7 100644
> > > --- a/kernel/audit_watch.c
> > > +++ b/kernel/audit_watch.c
> > > @@ -391,11 +391,12 @@ static void audit_add_to_parent(struct audit_krule
> > > *krule,
> > > 
> > >  		audit_get_watch(w);
> > >  		krule->watch = watch = w;
> > > 
> > > +
> > > +		audit_put_parent(parent);
> > > 
> > >  		break;
> > >  	
> > >  	}
> > >  	
> > >  	if (!watch_found) {
> > > 
> > > -		audit_get_parent(parent);
> > > 
> > >  		watch->parent = parent;
> > 
> > I understand removing the get() here and the put() in audit_add_watch, but
> > I don't understand adding the put() above, can you help me understand?
>
> audit_find_parent() gets a reference to the parent, if the parent is
> already known.  This additional parental reference is not needed if the
> watch is subsequently found by audit_add_to_parent(), and consumed if
> the watch does not already exist, so we need to put the parent if the
> watch is found, and do nothing if this new watch is added to the parent.
> 
> If the parent wasn't already known, it is created with a refcount of 1
> and added to the audit_watch_group, then incremented by one to be
> subsequently consumed by the newly created watch in
> audit_add_to_parent().
> 
> The graph below may help to visualize it.
> 
> The rule points to the watch, not to the parent, so the rule's refcount
> gets bumped, not the parent's.

Great, thanks for the explanation.  Fix up the goto/return in patch 1/2, 
resubmit and I'll merge this patchset into audit#next.

-- 
paul moore
security @ redhat

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ