All of lore.kernel.org
 help / color / mirror / Atom feed
From: Peter Moody <pmoody@google.com>
To: Eric Paris <eparis@redhat.com>
Cc: linux-audit@redhat.com
Subject: Re: Kernel oops+crash on repeated auditd restarts
Date: Mon, 23 Apr 2012 18:27:21 -0700	[thread overview]
Message-ID: <CALnj_=64kuZNnYX6chxmHDXpeDDry=i_62CDhY1JoMM2m7jpww@mail.gmail.com> (raw)
In-Reply-To: <1335198376.8224.4.camel@localhost>

On Mon, Apr 23, 2012 at 9:26 AM, Eric Paris <eparis@redhat.com> wrote:
> On Fri, 2012-04-20 at 23:14 -0300, Marcelo Cerri wrote:
>
>> The patch below increments the reference count of a mark when it is
>> added to the destroy list. It seems to solve the issue and it doesn't
>> seem to cause any memory leak. Please, can you make some tests in your
>> environments and let me know if there is any problem with this patch.
>
> That is almost certainly the wrong thing to do.  This test program
> should show a memory leak with your patch.  If it doesn't show a memory
> leak then something is screwed up in inotify as well.
>
> #include <errno.h>
> #include <unistd.h>
> #include <sys/inotify.h>
>
> int main(void)
> {
>        int fd;
>        int rc;
>        struct inotify_event event[10];
>
>        fd = inotify_init();
>        if (fd < 0)
>                return errno;
>
>        while(1) {
>                rc = inotify_add_watch(fd, "/tmp", IN_CLOSE_WRITE);
>                if (rc < 0)
>                        return errno;
>
>                rc = inotify_rm_watch(fd, rc);
>                if (rc)
>                        return errno;
>
>                rc = read(fd, event, sizeof(event));
>                if (rc < 0)
>                        return errno;
>        }
>
>        return 0;
> }
>
> The lifetime of an object is supposed to be from fsnotify_init_mark()
> until it's matching reference is dropped in fsnotify_mark_destroy().  It
> sounds to me like we are calling put somewhere in the audit code when we
> didn't previously call a get....
>

FWIW, bisecting points me to 75c1be487a690db43da2c1234fcacd84c982803c

75c1be487a690db43da2c1234fcacd84c982803c is the first bad commit
commit 75c1be487a690db43da2c1234fcacd84c982803c
Author: Eric Paris <eparis@redhat.com>
Date:   Wed Jul 28 10:18:38 2010 -0400

    fsnotify: srcu to protect read side of inode and vfsmount locks

    Currently reading the inode->i_fsnotify_marks or
    vfsmount->mnt_fsnotify_marks lists are protected by a spinlock on both the
    read and the write side.  This patch protects the read side of those lists
    with a new single srcu.

    Signed-off-by: Eric Paris <eparis@redhat.com>

:040000 040000 4b5d9b446eefaca96f8a89b8e9c2ef18da88534e
1abcff76e285ae57f5855b60857ef1708e937a0c M	fs
:040000 040000 a02d4ab5b164aa9282a342d73ebe3658f88b4539
3ca9f66ba26cc265d118e6c8558ff2214b9ed192 M	include

Cheers,
peter

-- 
Peter Moody      Google    1.650.253.7306
Security Engineer  pgp:0xC3410038

  reply	other threads:[~2012-04-24  1:27 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-01-25 16:45 Kernel oops+crash on repeated auditd restarts Valentin Avram
2012-01-25 16:53 ` Peter Moody
2012-01-25 19:20 ` Eric Paris
2012-01-26  7:13   ` Valentin Avram
2012-02-08 16:11     ` Valentin Avram
2012-03-05  8:35       ` Valentin Avram
2012-03-28 20:51         ` Peter Moody
2012-03-28 22:42           ` Peter Moody
2012-03-29  1:14             ` Eric Paris
2012-03-29  6:44               ` Valentin Avram
2012-04-03 16:15                 ` Peter Moody
2012-04-05 21:03                   ` Peter Moody
2012-04-05 21:07                     ` Eric Paris
2012-04-17 17:56                       ` Peter Moody
2012-04-17 18:24                         ` Peter Moody
2012-04-17 21:54                           ` Peter Moody
2012-04-21  2:14                             ` Marcelo Cerri
2012-04-23 16:05                               ` Peter Moody
2012-04-23 16:26                               ` Eric Paris
2012-04-24  1:27                                 ` Peter Moody [this message]
2012-04-24  5:12                                 ` Marcelo Cerri
2012-04-24 18:31                                   ` Eric Paris
2012-04-24 18:38                                     ` Peter Moody
2012-04-24 19:06                                       ` Eric Paris

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CALnj_=64kuZNnYX6chxmHDXpeDDry=i_62CDhY1JoMM2m7jpww@mail.gmail.com' \
    --to=pmoody@google.com \
    --cc=eparis@redhat.com \
    --cc=linux-audit@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.