07 May, 2009
1 commit
-
There is what we believe to be a false positive reported by lockdep.
inotify_inode_queue_event() => take inotify_mutex => kernel_event() =>
kmalloc() => SLOB => alloc_pages_node() => page reclaim => slab reclaim =>
dcache reclaim => inotify_inode_is_dead => take inotify_mutex => deadlockThe plan is to fix this via lockdep annotation, but that is proving to be
quite involved.The patch flips the allocation over to GFP_NFS to shut the warning up, for
the 2.6.30 release.Hopefully we will fix this for real in 2.6.31. I'll queue a patch in -mm
to switch it back to GFP_KERNEL so we don't forget.=================================
[ INFO: inconsistent lock state ]
2.6.30-rc2-next-20090417 #203
---------------------------------
inconsistent {RECLAIM_FS-ON-W} -> {IN-RECLAIM_FS-W} usage.
kswapd0/380 [HC0[0]:SC0[0]:HE1:SE1] takes:
(&inode->inotify_mutex){+.+.?.}, at: [] inotify_inode_is_dead+0x35/0xb0
{RECLAIM_FS-ON-W} state was registered at:
[] mark_held_locks+0x68/0x90
[] lockdep_trace_alloc+0xf5/0x100
[] __kmalloc_node+0x31/0x1e0
[] kernel_event+0xe2/0x190
[] inotify_dev_queue_event+0x126/0x230
[] inotify_inode_queue_event+0xc6/0x110
[] vfs_create+0xcd/0x140
[] do_filp_open+0x88d/0xa20
[] do_sys_open+0x98/0x140
[] sys_open+0x20/0x30
[] system_call_fastpath+0x16/0x1b
[] 0xffffffffffffffff
irq event stamp: 690455
hardirqs last enabled at (690455): [] _spin_unlock_irqrestore+0x44/0x80
hardirqs last disabled at (690454): [] _spin_lock_irqsave+0x32/0xa0
softirqs last enabled at (690178): [] __do_softirq+0x202/0x220
softirqs last disabled at (690157): [] call_softirq+0x1c/0x50other info that might help us debug this:
2 locks held by kswapd0/380:
#0: (shrinker_rwsem){++++..}, at: [] shrink_slab+0x37/0x180
#1: (&type->s_umount_key#17){++++..}, at: [] shrink_dcache_memory+0x11f/0x1e0stack backtrace:
Pid: 380, comm: kswapd0 Not tainted 2.6.30-rc2-next-20090417 #203
Call Trace:
[] print_usage_bug+0x19f/0x200
[] ? save_stack_trace+0x2f/0x50
[] mark_lock+0x4bb/0x6d0
[] ? check_usage_forwards+0x0/0xc0
[] __lock_acquire+0xc62/0x1ae0
[] ? slob_free+0x10c/0x370
[] lock_acquire+0xe1/0x120
[] ? inotify_inode_is_dead+0x35/0xb0
[] mutex_lock_nested+0x63/0x420
[] ? inotify_inode_is_dead+0x35/0xb0
[] ? inotify_inode_is_dead+0x35/0xb0
[] ? sched_clock+0x9/0x10
[] ? lock_release_holdtime+0x35/0x1c0
[] inotify_inode_is_dead+0x35/0xb0
[] dentry_iput+0xbc/0xe0
[] d_kill+0x33/0x60
[] __shrink_dcache_sb+0x2d3/0x350
[] shrink_dcache_memory+0x15a/0x1e0
[] shrink_slab+0x125/0x180
[] kswapd+0x560/0x7a0
[] ? isolate_pages_global+0x0/0x2c0
[] ? autoremove_wake_function+0x0/0x40
[] ? trace_hardirqs_on+0xd/0x10
[] ? kswapd+0x0/0x7a0
[] kthread+0x5b/0xa0
[] child_rip+0xa/0x20
[] ? restore_args+0x0/0x30
[] ? kthread+0x0/0xa0
[] ? child_rip+0x0/0x20[eparis@redhat.com: fix audit too]
Cc: Al Viro
Cc: Matt Mackall
Cc: Christoph Lameter
Signed-off-by: Wu Fengguang
Signed-off-by: Eric Paris
Cc: Peter Zijlstra
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
06 Apr, 2009
1 commit
-
make the e->rule.xxx shorter in kernel/auditfilter.c
--
---------------------------------
Zhenwen Xu - Open and Free
Home Page: http://zhwen.org
My Studio: http://dim4.cn>From 99692dc640b278f1cb1a15646ce42f22e89c0f77 Mon Sep 17 00:00:00 2001
From: Zhenwen Xu
Date: Thu, 12 Mar 2009 22:04:59 +0800
Subject: [PATCH] make the e->rule.xxx shorter in kernel/auditfilter.cSigned-off-by: Zhenwen Xu
Signed-off-by: Al Viro
05 Jan, 2009
5 commits
-
Don't store the field->op in the messy (and very inconvenient for e.g.
audit_comparator()) form; translate to dense set of values and do full
validation of userland-submitted value while we are at it.->audit_init_rule() and ->audit_match_rule() get new values now; in-tree
instances updated.Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
-
Fix the actual rule listing; add per-type lists _not_ used for matching,
with all exit,... sitting on one such list. Simplifies "do something
for all rules" logics, while we are at it...Signed-off-by: Al Viro
-
Problem: ordering between the rules on exit chain is currently lost;
all watch and inode rules are listed after everything else _and_
exit,never on one kind doesn't stop exit,always on another from
being matched.Solution: assign priorities to rules, keep track of the current
highest-priority matching rule and its result (always/never).Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
16 Nov, 2008
1 commit
-
Inotify watch removals suck violently.
To kick the watch out we need (in this order) inode->inotify_mutex and
ih->mutex. That's fine if we have a hold on inode; however, for all
other cases we need to make damn sure we don't race with umount. We can
*NOT* just grab a reference to a watch - inotify_unmount_inodes() will
happily sail past it and we'll end with reference to inode potentially
outliving its superblock.Ideally we just want to grab an active reference to superblock if we
can; that will make sure we won't go into inotify_umount_inodes() until
we are done. Cleanup is just deactivate_super().However, that leaves a messy case - what if we *are* racing with
umount() and active references to superblock can't be acquired anymore?
We can bump ->s_count, grab ->s_umount, which will almost certainly wait
until the superblock is shut down and the watch in question is pining
for fjords. That's fine, but there is a problem - we might have hit the
window between ->s_active getting to 0 / ->s_count - below S_BIAS (i.e.
the moment when superblock is past the point of no return and is heading
for shutdown) and the moment when deactivate_super() acquires
->s_umount.We could just do drop_super() yield() and retry, but that's rather
antisocial and this stuff is luser-triggerable. OTOH, having grabbed
->s_umount and having found that we'd got there first (i.e. that
->s_root is non-NULL) we know that we won't race with
inotify_umount_inodes().So we could grab a reference to watch and do the rest as above, just
with drop_super() instead of deactivate_super(), right? Wrong. We had
to drop ih->mutex before we could grab ->s_umount. So the watch
could've been gone already.That still can be dealt with - we need to save watch->wd, do idr_find()
and compare its result with our pointer. If they match, we either have
the damn thing still alive or we'd lost not one but two races at once,
the watch had been killed and a new one got created with the same ->wd
at the same address. That couldn't have happened in inotify_destroy(),
but inotify_rm_wd() could run into that. Still, "new one got created"
is not a problem - we have every right to kill it or leave it alone,
whatever's more convenient.So we can use idr_find(...) == watch && watch->inode->i_sb == sb as
"grab it and kill it" check. If it's been our original watch, we are
fine, if it's a newcomer - nevermind, just pretend that we'd won the
race and kill the fscker anyway; we are safe since we know that its
superblock won't be going away.And yes, this is far beyond mere "not very pretty"; so's the entire
concept of inotify to start with.Signed-off-by: Al Viro
Acked-by: Greg KH
Signed-off-by: Linus Torvalds
02 Aug, 2008
1 commit
-
> shouldn't these be using the "audit_get_loginuid(current)" and if we
> are going to output loginuid we also should be outputting sessionidThanks for your detailed explanation.
I have made a new patch for outputing "loginuid" and "sessionid" by audit_get_loginuid(current) and audit_get_sessionid(current).
If there are some deficiencies, please give me your indication.Signed-off-by: Zhang Xiliang
Signed-off-by: Al Viro
25 Jun, 2008
2 commits
-
The second argument "type" is not used in audit_filter_user(), so I think that type can be removed. If I'm wrong, please tell me.
Signed-off-by: Peng Haitao
Signed-off-by: Al Viro -
Fix auditfilter kernel-doc misssing parameter description:
Warning(lin2626-rc3//kernel/auditfilter.c:1551): No description found for parameter 'sessionid'
Signed-off-by: Randy Dunlap
Signed-off-by: Al Viro
30 Apr, 2008
1 commit
-
* 'audit.b50' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current:
[PATCH] new predicate - AUDIT_FILETYPE
[patch 2/2] Use find_task_by_vpid in audit code
[patch 1/2] audit: let userspace fully control TTY input auditing
[PATCH 2/2] audit: fix sparse shadowed variable warnings
[PATCH 1/2] audit: move extern declarations to audit.h
Audit: MAINTAINERS update
Audit: increase the maximum length of the key field
Audit: standardize string audit interfaces
Audit: stop deadlock from signals under load
Audit: save audit_backlog_limit audit messages in case auditd comes back
Audit: collect sessionid in netlink messages
Audit: end printk with newline
29 Apr, 2008
1 commit
-
Some drivers have duplicated unlikely() macros. IS_ERR() already has
unlikely() in itself.This patch cleans up such pointless code.
Signed-off-by: Hirofumi Nakagawa
Acked-by: David S. Miller
Acked-by: Jeff Garzik
Cc: Paul Clements
Cc: Richard Purdie
Cc: Alessandro Zummo
Cc: David Brownell
Cc: James Bottomley
Cc: Michael Halcrow
Cc: Anton Altaparmakov
Cc: Al Viro
Cc: Carsten Otte
Cc: Patrick McHardy
Cc: Paul Mundt
Cc: Jaroslav Kysela
Cc: Takashi Iwai
Acked-by: Mike Frysinger
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
28 Apr, 2008
4 commits
-
Argument is S_IF... | , where index is normally 0 or 1.
Triggers if chosen element of ctx->names[] is present and the
mode of object in question matches the upper bits of argument.
I.e. for things like "is the argument of that chmod a directory",
etc.Signed-off-by: Al Viro
-
Use msglen as the identifier.
kernel/audit.c:724:10: warning: symbol 'len' shadows an earlier one
kernel/audit.c:575:8: originally declared hereDon't use ino_f to check the inode field at the end of the functions.
kernel/auditfilter.c:429:22: warning: symbol 'f' shadows an earlier one
kernel/auditfilter.c:420:21: originally declared here
kernel/auditfilter.c:542:22: warning: symbol 'f' shadows an earlier one
kernel/auditfilter.c:529:21: originally declared herei always used as a counter for a for loop and initialized to zero before
use. Eliminate the inner i variables.
kernel/auditsc.c:1295:8: warning: symbol 'i' shadows an earlier one
kernel/auditsc.c:1152:6: originally declared here
kernel/auditsc.c:1320:7: warning: symbol 'i' shadows an earlier one
kernel/auditsc.c:1152:6: originally declared hereSigned-off-by: Harvey Harrison
Signed-off-by: Al Viro -
Leave audit_sig_{uid|pid|sid} protected by #ifdef CONFIG_AUDITSYSCALL.
Noticed by sparse:
kernel/audit.c:73:6: warning: symbol 'audit_ever_enabled' was not declared. Should it be static?
kernel/audit.c:100:8: warning: symbol 'audit_sig_uid' was not declared. Should it be static?
kernel/audit.c:101:8: warning: symbol 'audit_sig_pid' was not declared. Should it be static?
kernel/audit.c:102:6: warning: symbol 'audit_sig_sid' was not declared. Should it be static?
kernel/audit.c:117:23: warning: symbol 'audit_ih' was not declared. Should it be static?
kernel/auditfilter.c:78:18: warning: symbol 'audit_filter_list' was not declared. Should it be static?Signed-off-by: Harvey Harrison
Signed-off-by: Al Viro -
Previously I added sessionid output to all audit messages where it was
available but we still didn't know the sessionid of the sender of
netlink messages. This patch adds that information to netlink messages
so we can audit who sent netlink messages.Signed-off-by: Eric Paris
Signed-off-by: Al Viro
19 Apr, 2008
3 commits
-
Rename the se_str and se_rule audit fields elements to
lsm_str and lsm_rule to avoid confusion.Signed-off-by: Casey Schaufler
Signed-off-by: Ahmed S. Darwish
Acked-by: James Morris -
Convert Audit to use the new LSM Audit hooks instead of
the exported SELinux interface.Basically, use:
security_audit_rule_init
secuirty_audit_rule_free
security_audit_rule_known
security_audit_rule_matchinstad of (respectively) :
selinux_audit_rule_init
selinux_audit_rule_free
audit_rule_has_selinux
selinux_audit_rule_matchSigned-off-by: Casey Schaufler
Signed-off-by: Ahmed S. Darwish
Acked-by: James Morris -
Stop using the following exported SELinux interfaces:
selinux_get_inode_sid(inode, sid)
selinux_get_ipc_sid(ipcp, sid)
selinux_get_task_sid(tsk, sid)
selinux_sid_to_string(sid, ctx, len)
kfree(ctx)and use following generic LSM equivalents respectively:
security_inode_getsecid(inode, secid)
security_ipc_getsecid*(ipcp, secid)
security_task_getsecid(tsk, secid)
security_sid_to_secctx(sid, ctx, len)
security_release_secctx(ctx, len)Call security_release_secctx only if security_secid_to_secctx
succeeded.Signed-off-by: Casey Schaufler
Signed-off-by: Ahmed S. Darwish
Acked-by: James Morris
Reviewed-by: Paul Moore
15 Feb, 2008
2 commits
-
* Add path_put() functions for releasing a reference to the dentry and
vfsmount of a struct path in the right order* Switch from path_release(nd) to path_put(&nd->path)
* Rename dput_path() to path_put_conditional()
[akpm@linux-foundation.org: fix cifs]
Signed-off-by: Jan Blunck
Signed-off-by: Andreas Gruenbacher
Acked-by: Christoph Hellwig
Cc:
Cc: Al Viro
Cc: Steven French
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
This is the central patch of a cleanup series. In most cases there is no good
reason why someone would want to use a dentry for itself. This series reflects
that fact and embeds a struct path into nameidata.Together with the other patches of this series
- it enforced the correct order of getting/releasing the reference count on
pairs
- it prepares the VFS for stacking support since it is essential to have a
struct path in every place where the stack can be traversed
- it reduces the overall code size:without patch series:
text data bss dec hex filename
5321639 858418 715768 6895825 6938d1 vmlinuxwith patch series:
text data bss dec hex filename
5320026 858418 715768 6894212 693284 vmlinuxThis patch:
Switch from nd->{dentry,mnt} to nd->path.{dentry,mnt} everywhere.
[akpm@linux-foundation.org: coding-style fixes]
[akpm@linux-foundation.org: fix cifs]
[akpm@linux-foundation.org: fix smack]
Signed-off-by: Jan Blunck
Signed-off-by: Andreas Gruenbacher
Acked-by: Christoph Hellwig
Cc: Al Viro
Cc: Casey Schaufler
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
02 Feb, 2008
1 commit
-
Some audit messages (namely configuration changes) are still emitted even if
the audit subsystem has been explicitly disabled. This patch turns those
messages off as well.Signed-off-by: Eric Paris
21 Oct, 2007
1 commit
-
New kind of audit rule predicates: "object is visible in given subtree".
The part that can be sanely implemented, that is. Limitations:
* if you have hardlink from outside of tree, you'd better watch
it too (or just watch the object itself, obviously)
* if you mount something under a watched tree, tell audit
that new chunk should be added to watched subtrees
* if you umount something in a watched tree and it's still mounted
elsewhere, you will get matches on events happening there. New command
tells audit to recalculate the trees, trimming such sources of false
positives.Note that it's _not_ about path - if something mounted in several places
(multiple mount, bindings, different namespaces, etc.), the match does
_not_ depend on which one we are using for access.Signed-off-by: Al Viro
19 Oct, 2007
1 commit
-
Signed-off-by: Daniel Walker
Cc: David Woodhouse
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
22 Jul, 2007
2 commits
-
Right now the audit filter can match on = != > < >= blah blah blah.
This allow the filter to also look at bitwise AND operations, &Signed-off-by: Eric Paris
Signed-off-by: Al Viro -
The sanity check in audit_match_class() is wrong. We are able to audit
2048 syscalls but in audit_match_class() we were accidentally using
sizeof(_u32) instead of number of bits in _u32 when deciding how many
syscalls were valid. On ia64 in particular we were hitting syscall
numbers over the (wrong) limit of 256. Fixing the audit_match_class
check takes care of the problem.Signed-off-by: Klaus Weidner
Signed-off-by: Al Viro
18 Jul, 2007
1 commit
-
Kill this warning...
kernel/auditfilter.c: In function ‘audit_receive_filter’:
kernel/auditfilter.c:1213: warning: ‘ndw’ may be used uninitialized in this function
kernel/auditfilter.c:1213: warning: ‘ndp’ may be used uninitialized in this function...with a simplification of the code. audit_put_nd() can accept NULL
arguments, just like kfree(). It is cleaner to init two existing vars
to NULL, remove the redundant test variable 'putnd_needed' branches, and call
audit_put_nd() directly.As a desired side effect, the warning goes away.
Signed-off-by: Jeff Garzik
24 Jun, 2007
1 commit
-
Removing a watched file will oops if audit is disabled (auditctl -e 0).
To reproduce:
- auditctl -e 1
- touch /tmp/foo
- auditctl -w /tmp/foo
- auditctl -e 0
- rm /tmp/foo (or mv)Signed-off-by: Tony Jones
Cc: Al Viro
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
16 May, 2007
1 commit
-
Signed-off-by: Al Viro
Signed-off-by: Linus Torvalds
11 May, 2007
1 commit
-
When auditing syscalls that send signals, log the pid and security
context for each target process. Optimize the data collection by
adding a counter for signal-related rules, and avoiding allocating an
aux struct unless we have more than one target process. For process
groups, collect pid/context data in blocks of 16. Move the
audit_signal_info() hook up in check_kill_permission() so we audit
attempts where permission is denied.Signed-off-by: Amy Griffis
Signed-off-by: Al Viro
18 Feb, 2007
1 commit
-
I was looking at parsing some of these messages and found that I wanted what
it was doing next to an op= for the parser to key on. Also missing was the list
number and results.Signed-off-by: Steve Grubb
Signed-off-by: Al Viro
12 Feb, 2007
1 commit
-
gcc emits this warning:
kernel/auditfilter.c: In function 'audit_filter_user':
kernel/auditfilter.c:1611: warning: 'state' is used uninitialized in this functionI tend to agree with gcc - there are a couple of plausible exit paths from
audit_filter_user_rules() where it does not set 'state', keeping the
variable uninitialized. For example if a filter rule has an AUDIT_POSSIBLE
action. Initialize to 'wont audit'. Fix whitespace damage too.Signed-off-by: Ingo Molnar
Cc: Al Viro
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
23 Dec, 2006
1 commit
-
kstrdup() returns NULL on error.
Cc: David Woodhouse
Signed-off-by: Akinobu Mita
Cc: Al Viro
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
08 Dec, 2006
1 commit
-
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
04 Oct, 2006
1 commit
-
Currently the kernel audit system represents arch's as numbers and will
gladly accept comparisons between archs using >, =, i686 -S chmodwith this patch the kernel will reject this with -EINVAL
Please comment/ack/nak as soon as possible.
-Eric
kernel/auditfilter.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)Signed-off-by: Al Viro
26 Sep, 2006
1 commit
-
Rename selinux_ctxid_to_string to selinux_sid_to_string to be
consistent with other interfaces.Signed-off-by: Stephen Smalley
Acked-by: James Morris
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
12 Sep, 2006
3 commits
-
add support for AUDIT_PERM predicate
Signed-off-by: Al Viro
-
Make the audit message for implicit rule removal more informative.
Make the rule update message consistent with other messages.Signed-off-by: Amy Griffis
Signed-off-by: Al Viro -
Hello,
During some troubleshooting, I found that ppid was accidentally omitted from
the legacy rule section. This resulted in EINVAL for any rule with ppid sent
with AUDIT_ADD.Signed-off-by: Steve Grubb
Signed-off-by: Al Viro
