Commit 422ce075 authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'audit-pr-20170816' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit

Pull audit fixes from Paul Moore:
 "Two small fixes to the audit code, both explained well in the
  respective patch descriptions, but the quick summary is one
  use-after-free fix, and one silly fanotify notification flag fix"

* tag 'audit-pr-20170816' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
  audit: Receive unmount event
  audit: Fix use after free in audit_remove_watch_rule()
parents 510c8a89 b5fed474
...@@ -66,7 +66,7 @@ static struct fsnotify_group *audit_watch_group; ...@@ -66,7 +66,7 @@ static struct fsnotify_group *audit_watch_group;
/* fsnotify events we care about. */ /* fsnotify events we care about. */
#define AUDIT_FS_WATCH (FS_MOVE | FS_CREATE | FS_DELETE | FS_DELETE_SELF |\ #define AUDIT_FS_WATCH (FS_MOVE | FS_CREATE | FS_DELETE | FS_DELETE_SELF |\
FS_MOVE_SELF | FS_EVENT_ON_CHILD) FS_MOVE_SELF | FS_EVENT_ON_CHILD | FS_UNMOUNT)
static void audit_free_parent(struct audit_parent *parent) static void audit_free_parent(struct audit_parent *parent)
{ {
...@@ -457,14 +457,16 @@ void audit_remove_watch_rule(struct audit_krule *krule) ...@@ -457,14 +457,16 @@ void audit_remove_watch_rule(struct audit_krule *krule)
list_del(&krule->rlist); list_del(&krule->rlist);
if (list_empty(&watch->rules)) { if (list_empty(&watch->rules)) {
audit_remove_watch(watch); /*
* audit_remove_watch() drops our reference to 'parent' which
if (list_empty(&parent->watches)) { * can get freed. Grab our own reference to be safe.
*/
audit_get_parent(parent); audit_get_parent(parent);
audit_remove_watch(watch);
if (list_empty(&parent->watches))
fsnotify_destroy_mark(&parent->mark, audit_watch_group); fsnotify_destroy_mark(&parent->mark, audit_watch_group);
audit_put_parent(parent); audit_put_parent(parent);
} }
}
} }
/* Update watch data in audit rules based on fsnotify events. */ /* Update watch data in audit rules based on fsnotify events. */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment