[RFC][PATCH] (#7U5) [2-6.12-rc3-mm3] file system auditing

Timothy R. Chavez tinytim at us.ibm.com
Wed May 11 20:11:37 UTC 2005 

On Wednesday 11 May 2005 14:51, serue at us.ibm.com wrote:
> Quoting Timothy R. Chavez (tinytim at us.ibm.com):
> > On Wednesday 11 May 2005 14:01, serue at us.ibm.com wrote:
> > > Quoting Timothy R. Chavez (tinytim at us.ibm.com):
> > > > * I've completely removed the audit_master_watchlist_lock spinlock to
> > > > protect the master watchlist, in favor of RCU locking. ?To protect
> > > > against concurrent watch removals from the master watchlist, we
> > > > conveniently use the local data->lock rw_lock in place of another
> > > > spinlock. ?Thus, only one removal can
> > >
> > > I have a problem with this.  Isn't the audit_master_watchlist a global
> > > list?  Are you sure you can use a per-inode lock to protect this global
> > > list?
> >
> > Well, my conclusion was this:  The only way to enter
> > audit_destroy_wentry() where contention is a concern is by holding the
> > local data->lock.  The only way we can remove a watch from the master
> > watchlist is by entering the audit_destroy_wentry() function (and if
> > contentious, only one of the contenders may be in audit_destroy_wentry()
> > at a time).
> >
> > I don't see how we could race on a master watchlist deletion.
>
> 1. What if you end up trying to delete two wentries which are adjecent
> on the audit_master_watchlist concurrently?  I think you might be able
> to break the list, but I haven't drawn it down on paper...

Hm.  Yeah, sounds like in this case, it'll break.  I'll have to think about 
this scenario a bit more.

>
> 2. What about additions to the audit_master_watchlist, both racing with
> each other and with deletions?  Actually it doesn't look like you're
> protecting additions at all.
>

There won't be racing insertions.  The audit_netlink_sem ensures us that there 
will only ever be one insertion at a time and while we're inserting.  Also, 
if we are inserting, we can't explicitly be removing.  The only way to delete 
is from audit_update_watch().  So conceptually, I suppose, if we're in the 
process of draining the watchlist and we're attempting to insert into that 
watchlist at the same time, there might be some ill effect?  I suppose it 
doesn't hurt to keep the locking here for this case.

> -serge
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> http://www.redhat.com/mailman/listinfo/linux-audit

-- 
-tim

More information about the Linux-audit mailing list