Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754091Ab2HBSfK (ORCPT ); Thu, 2 Aug 2012 14:35:10 -0400 Received: from mx1.redhat.com ([209.132.183.28]:23911 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750775Ab2HBSfE (ORCPT ); Thu, 2 Aug 2012 14:35:04 -0400 Message-ID: <1343932497.2605.1.camel@localhost> Subject: Re: Oops in audit_copy_inode From: Eric Paris To: Miklos Szeredi Cc: Peter Moody , linux-kernel@vger.kernel.org, Kees Cook , viro@zeniv.linux.org.uk, miklos@szeredi.hu, jlayton@redhat.com, linux-fsdevel@vger.kernel.org Date: Thu, 02 Aug 2012 14:34:57 -0400 In-Reply-To: <1343837499.18359.7.camel@tucsk.pomaz.szeredi.hu> References: <1343837499.18359.7.camel@tucsk.pomaz.szeredi.hu> Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2136 Lines: 74 I believe this was already found and fixed: https://lkml.org/lkml/2012/7/25/259 Which was pulled by Linus in: 3134f37e931d75931bdf6d4eacd82a3fd26eca7c -Eric On Wed, 2012-08-01 at 18:11 +0200, Miklos Szeredi wrote: > Hi Peter, > > Thanks for the report. > > Here's a patch. I haven't tested it but I'm pretty confident that it > fixes the bug. > > Thanks, > Miklos > > > Subject: vfs: fix audit_inode on negative dentry > From: Miklos Szeredi > > Peter Moody reported an oops in audit_copy_inode() and bisected it to commit > 7157486541 (vfs: do_last(): common slow lookup). > > The problem is that audit_inode() in do_last() is called with a negative dentry. > > Previously the non-O_CREAT case didn't call audit_inode() here, but now both > O_CREAT and non-O_CREAT opens are handled by the same code. > > I really have no idea why this audit_inode() is needed here at all but am afaid > to remove this for fear of breaking audit somehow. So just fix this case by > checking for a negative dentry. > > Reported-by: Peter Moody > Signed-off-by: Miklos Szeredi > CC: stable@vger.kernel.org > --- > fs/namei.c | 10 ++++++---- > 1 file changed, 6 insertions(+), 4 deletions(-) > > Index: linux-2.6/fs/namei.c > =================================================================== > --- linux-2.6.orig/fs/namei.c 2012-08-01 17:47:28.000000000 +0200 > +++ linux-2.6/fs/namei.c 2012-08-01 17:49:26.000000000 +0200 > @@ -2607,10 +2607,12 @@ static int do_last(struct nameidata *nd, > goto finish_open_created; > } > > - /* > - * It already exists. > - */ > - audit_inode(pathname, path->dentry); > + if (path->dentry->d_inode) { > + /* > + * It already exists. > + */ > + audit_inode(pathname, path->dentry); > + } > > /* > * If atomic_open() acquired write access it is dropped now due to > > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/