From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mail-lf1-f66.google.com ([209.85.167.66]:43346 "EHLO
        mail-lf1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725821AbeG0GHY (ORCPT
        <rfc822;linux-fsdevel@vger.kernel.org>);
        Fri, 27 Jul 2018 02:07:24 -0400
Received: by mail-lf1-f66.google.com with SMTP id f135-v6so2659618lfg.10
        for <linux-fsdevel@vger.kernel.org>; Thu, 26 Jul 2018 21:47:22 -0700 (PDT)
MIME-Version: 1.0
References: <20180710100217.12866-1-jack@suse.cz> <20180710100217.12866-3-jack@suse.cz>
In-Reply-To: <20180710100217.12866-3-jack@suse.cz>
From: Paul Moore <paul@paul-moore.com>
Date: Fri, 27 Jul 2018 00:47:10 -0400
Message-ID: <CAHC9VhSg6yYk=f_qW=WUYjOzCqvm3WgRH_LWa1jQexCZK8rm7Q@mail.gmail.com>
Subject: Re: [PATCH 02/10] audit: Fix possible spurious -ENOSPC error
To: jack@suse.cz
Cc: linux-audit@redhat.com, linux-fsdevel@vger.kernel.org,
        viro@zeniv.linux.org.uk, rgb@redhat.com, amir73il@gmail.com
Content-Type: text/plain; charset="UTF-8"
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On Tue, Jul 10, 2018 at 6:02 AM Jan Kara <jack@suse.cz> wrote:
> When an inode is tagged with a tree, tag_chunk() checks whether there is
> audit_tree_group mark attached to the inode and adds one if not. However
> nothing protects another tag_chunk() to add the mark between we've
> checked and try to add the fsnotify mark thus resulting in an error from
> fsnotify_add_mark() and consequently an ENOSPC error from tag_chunk().
>
> Fix the problem by holding mark_mutex over the whole check-insert code
> sequence.
>
> Signed-off-by: Jan Kara <jack@suse.cz>
> ---
>  kernel/audit_tree.c | 26 ++++++++++++++++----------
>  1 file changed, 16 insertions(+), 10 deletions(-)

...

> diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
> index 1c82eb6674c4..de8d344d91b1 100644
> --- a/kernel/audit_tree.c
> +++ b/kernel/audit_tree.c
> @@ -342,25 +342,29 @@ static void untag_chunk(struct node *p)
>         spin_lock(&hash_lock);
>  }
>
> +/* Call with group->mark_mutex held, releases it */

Stuff like that always makes me nervous.  Could we defer releasing the
mutex to the caller, after create_chunk() returns?  It looks like
fsnotify_destroy_mark() allows a single level of nesting so it should
be okay, yes?

--
paul moore
www.paul-moore.com