lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue, 04 Aug 2015 18:28:05 -0400
From:	Paul Moore <pmoore@...hat.com>
To:	Richard Guy Briggs <rgb@...hat.com>
Cc:	linux-audit@...hat.com, linux-kernel@...r.kernel.org,
	sgrubb@...hat.com, eparis@...hat.com
Subject: Re: [PATCH V4 (was V6) 2/2] audit: eliminate unnecessary extra layer of watch parent references

On Saturday, August 01, 2015 03:41:13 PM Richard Guy Briggs wrote:
> The audit watch parent count was imbalanced, adding an unnecessary layer of
> watch parent references.  Decrement the additional parent reference when a
> watch is reused, already having a reference to the parent.
> 
> audit_find_parent() gets a reference to the parent, if the parent is
> already known.  This additional parental reference is not needed if the
> watch is subsequently found by audit_add_to_parent(), and consumed if
> the watch does not already exist, so we need to put the parent if the
> watch is found, and do nothing if this new watch is added to the parent.
> 
> If the parent wasn't already known, it is created with a refcount of 1
> and added to the audit_watch_group, then incremented by one to be
> subsequently consumed by the newly created watch in
> audit_add_to_parent().
> 
> The rule points to the watch, not to the parent, so the rule's refcount
> gets bumped, not the parent's.
> 
> See LKML, 2015-07-16
> 
> Signed-off-by: Richard Guy Briggs <rgb@...hat.com>
> ---
>  kernel/audit_watch.c |    6 ++----
>  1 files changed, 2 insertions(+), 4 deletions(-)

Merged.

> diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
> index f33f54c..8f123d7 100644
> --- a/kernel/audit_watch.c
> +++ b/kernel/audit_watch.c
> @@ -391,11 +391,12 @@ static void audit_add_to_parent(struct audit_krule
> *krule,
> 
>  		audit_get_watch(w);
>  		krule->watch = watch = w;
> +
> +		audit_put_parent(parent);
>  		break;
>  	}
> 
>  	if (!watch_found) {
> -		audit_get_parent(parent);
>  		watch->parent = parent;
> 
>  		audit_get_watch(watch);
> @@ -436,9 +437,6 @@ int audit_add_watch(struct audit_krule *krule, struct
> list_head **list)
> 
>  	audit_add_to_parent(krule, parent);
> 
> -	/* match get in audit_find_parent or audit_init_parent */
> -	audit_put_parent(parent);
> -
>  	h = audit_hash_ino((u32)watch->ino);
>  	*list = &audit_inode_hash[h];
>  error:

-- 
paul moore
security @ redhat

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ