summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRichard Guy Briggs <rgb@redhat.com>2015-08-01 15:41:13 -0400
committerPaul Moore <pmoore@redhat.com>2015-08-04 18:26:33 -0400
commitaa7c043d9783f538319e77deeae5d90ff5d6907b (patch)
tree41837136785451c917dd5f98055bf204c471c4ea
parentf8259b262bedd5ec71e55de5953464ea86ff69d9 (diff)
audit: eliminate unnecessary extra layer of watch parent references
The audit watch parent count was imbalanced, adding an unnecessary layer of watch parent references. Decrement the additional parent reference when a watch is reused, already having a reference to the parent. audit_find_parent() gets a reference to the parent, if the parent is already known. This additional parental reference is not needed if the watch is subsequently found by audit_add_to_parent(), and consumed if the watch does not already exist, so we need to put the parent if the watch is found, and do nothing if this new watch is added to the parent. If the parent wasn't already known, it is created with a refcount of 1 and added to the audit_watch_group, then incremented by one to be subsequently consumed by the newly created watch in audit_add_to_parent(). The rule points to the watch, not to the parent, so the rule's refcount gets bumped, not the parent's. See LKML, 2015-07-16 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <pmoore@redhat.com>
-rw-r--r--kernel/audit_watch.c6
1 files changed, 2 insertions, 4 deletions
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
index 54ee4bd66aef..b81ad5bc7485 100644
--- a/kernel/audit_watch.c
+++ b/kernel/audit_watch.c
@@ -391,11 +391,12 @@ static void audit_add_to_parent(struct audit_krule *krule,
audit_get_watch(w);
krule->watch = watch = w;
+
+ audit_put_parent(parent);
break;
}
if (!watch_found) {
- audit_get_parent(parent);
watch->parent = parent;
audit_get_watch(watch);
@@ -436,9 +437,6 @@ int audit_add_watch(struct audit_krule *krule, struct list_head **list)
audit_add_to_parent(krule, parent);
- /* match get in audit_find_parent or audit_init_parent */
- audit_put_parent(parent);
-
h = audit_hash_ino((u32)watch->ino);
*list = &audit_inode_hash[h];
error: