[PATCH 25/26] audit: fix mark refcounting
Eric Paris
eparis at redhat.com
Thu Nov 17 22:05:05 UTC 2011
From: Miklos Szeredi <mszeredi at suse.cz>
Removing the parent of a watched file results in "kernel BUG at
fs/notify/mark.c:139".
To reproduce
add "-w /tmp/audit/dir/watched_file" to audit.rules
rm -rf /tmp/audit/dir
This is caused by fsnotify_destroy_mark() being called without an
extra reference taken by the caller.
Reported by Francesco Cosoleto here:
https://bugzilla.novell.com/show_bug.cgi?id=689860
Signed-off-by: Miklos Szeredi <mszeredi at suse.cz>
CC: Al Viro <viro at zeniv.linux.org.uk>
CC: Eric Paris <eparis at redhat.com>
CC: stable at vger.kernel.org
Signed-off-by: Eric Paris <eparis at redhat.com>
---
kernel/audit_watch.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
index e683869..4270d84 100644
--- a/kernel/audit_watch.c
+++ b/kernel/audit_watch.c
@@ -349,7 +349,9 @@ static void audit_remove_parent_watches(struct audit_parent *parent)
}
mutex_unlock(&audit_filter_mutex);
+ audit_get_parent(parent);
fsnotify_destroy_mark(&parent->mark);
+ audit_put_parent(parent);
}
/* Get path information necessary for adding watches. */
More information about the Linux-audit
mailing list