Oops while checking file system auditing
Stephen Smalley
sds at tycho.nsa.gov
Wed May 25 16:23:06 UTC 2005
On Tue, 2005-05-24 at 15:38 -0500, Timothy R. Chavez wrote:
> I noticed that I wasn't putting my reference back to my wentry in the
> audit_free_aux() function, only in audit_log_exit() *cough*
>
> Though, on a separate but some-what related tangent, why have this in
> audit_log_exit():
>
> case AUDIT_AVC_PATH: {
> struct audit_aux_data_path *axi = (void *)aux;
> audit_log_d_path(ab, "path=", axi->dentry, axi->mnt);
> -> dput(axi->dentry);
> -> mntput(axi->mnt);
> break; }
>
> In theory, you're going to have to call audit_free_aux() and it will be
> dealt with there, right?
That was my initial take as well when I first posted the patch, but Dave
pointed out that I needed to handle the dput/mntput here as well because
the existing code is removing each aux entry and freeing it at the tail
of the loop, so context->aux ends up being NULL upon leaving the loop.
Thus, the subsequent audit_free_aux() does nothing (except in the case
where audit_log_start failed in the loop, causing it to retry the same
aux entry endlessly?). Not clear why this approach is taken.
--
Stephen Smalley
National Security Agency
More information about the Linux-audit
mailing list