Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp750549imu; Fri, 16 Nov 2018 09:35:04 -0800 (PST) X-Google-Smtp-Source: AJdET5dDWLYEW3+L1lFjvxZVhki6uBugm7hZk6NxR7kBbYGe3DVAAUUyqIC3zAvJndf5nq/TkF0B X-Received: by 2002:a62:380e:: with SMTP id f14-v6mr11939825pfa.203.1542389704307; Fri, 16 Nov 2018 09:35:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542389704; cv=none; d=google.com; s=arc-20160816; b=duCy5F5JNG7ONpZJATSSHX9TRMNxJZLV/o1X868RIy3sSU8A/CDO3hq0R3EeO3D6RE aKG/tS89/qVuHoZ6ZFiPtPe4AQBVI4KYkalZ/Cv5w0PoIPD4Abr+o71afjnezqYWAqAP 8h9Cycv6rxF31WT3Pc5iOauWozAdTXLx9Wk7vxdEWiatMlLNloyeuKOJ5rHrvWgcm5mE Ss+qoEW7CrZwcN2VtbRszKrEZcR3yWiIhYhuwUXaHy8LEB8d4bRRdyKkUA05znnO2qpv AMvT7ocbGsYG0HPPGH6RCp443EMS1BCZDM4NNDFi/QRTFtFp4Kme91Rw9SvrJCY07M/X h+Xw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from; bh=izV+MBylBH5iy419GX0hdfxViAntR4ArXSLxJA34aZQ=; b=Z1Mr7MtYLcWUKljsg29xomhkJaO23MODIRFhlIJXbAR4PSYrt38orsNUGj5w+E9if1 LOO42DKVwuVArLy1LLmPuXH6lvgVrP9B5bW8bsEZEfUqF08ik6qXgtfgjmw3Wj7Rgq9m H8Ca7J1JN7RHqAG+O+2D6lar0O1hiGJC4wyQn36YYnyp/c12qGO7zazXL7Y0QG03Nm7f pSC29aabryREF/F1SwWdf1RnCuMirsg2HCqAfWMoyRDgBf8O1OYLbciZtKPN1yor8e0z DW+GHsabzd/J/BeYSTtUjJ7hvjpCRQx+CqSFrL/mOBtYMIp13cZFzOfD5Scyr4eVnzty cvfg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f35-v6si33506687plh.357.2018.11.16.09.34.48; Fri, 16 Nov 2018 09:35:04 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390098AbeKQDr0 (ORCPT + 99 others); Fri, 16 Nov 2018 22:47:26 -0500 Received: from mx1.redhat.com ([209.132.183.28]:59416 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729140AbeKQDr0 (ORCPT ); Fri, 16 Nov 2018 22:47:26 -0500 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7019C3097065; Fri, 16 Nov 2018 17:34:09 +0000 (UTC) Received: from madcap2.tricolour.ca (ovpn-112-24.phx2.redhat.com [10.3.112.24]) by smtp.corp.redhat.com (Postfix) with ESMTP id 53A9360CBA; Fri, 16 Nov 2018 17:34:01 +0000 (UTC) From: Richard Guy Briggs To: linux-fsdevel@vger.kernel.org, viro@ZenIV.linux.org.uk, LKML , Linux-Audit Mailing List Cc: Paul Moore , Eric Paris , Steve Grubb , Richard Guy Briggs Subject: [RFC PATCH ghak100 V1 0/2] audit: avoid umount hangs on missing mount Date: Fri, 16 Nov 2018 12:33:12 -0500 Message-Id: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Fri, 16 Nov 2018 17:34:09 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On user and remote filesystems, a forced umount can still hang due to attemting to fetch the fcaps of a mounted filesystem that is no longer available. These two patches take different approaches to address this, one by avoiding the lookup when the MNT_FORCE flag is included, the other by providing a method to filter out auditing specified types of filesystems. This can happen on ceph, cifs, 9p, lustre, fuse (gluster) or NFS. Arguably the better way to address this issue is to disable auditing processes that touch removable filesystems. Please see the github issue tracker https://github.com/linux-audit/audit-kernel/issues/100 Richard Guy Briggs (2): audit: avoid fcaps on MNT_FORCE audit: moar filter PATH records keyed on filesystem magic fs/namei.c | 2 +- fs/namespace.c | 3 +++ include/linux/audit.h | 8 ++++++-- kernel/audit.c | 5 +++-- kernel/audit.h | 2 +- kernel/auditsc.c | 29 ++++++++++++++++++++++++++--- 6 files changed, 40 insertions(+), 9 deletions(-) -- 1.8.3.1