On 05/10/2013 04:11 AM, Andrew Morton wrote:
>> > But we need let 'rule->tree = NULL;' firstly, so can protect rule itself
>> > freed in kill_rules().
> I'll believe you ;) I turned this into a proper patch and added your
> (missed) Signed-off-by:.
>
Thanks.
At least, let 'rule->tree = NULL;' can:
a. it matches 'rule->tree = tree;' which is before successful return.
also can make 'if (list_empty(&rule->rlist))' reasonable.
b. protect rule itself freed in kill_rules(), if it could happen.
just like all 'rule->tree = NULL;' in audit_remove_tree_rule().
c. it will no negative effect.
>> > For me, after 'rule->tree = NULL', all things seems fine !!
> Well, what was wrong before? Is there some user-triggerable
> misbehaviour which you observed? If so, please describe it.
>
>
>
I think, it will cause issue (randomly): if when we are using auditctl
to add rule to monitor one file, and at the same time, the other user is
just deleting this file.
I guess, it is why original code need 'if (list_empty(&rule->rlist))'
after lock 'audit_filter_mutex' again.
Currently, I am just testing for it (and should give a test), and I will
send the test plan and test result within this week (2013-05-12).
Thanks.
--
Chen Gang
Asianux Corporation
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
