提交 65ada7bc 编写于 作者: D Dmitry Monakhov 提交者: Eric Paris

audit: destroy long filenames correctly

filename should be destroyed via final_putname() instead of __putname()
Otherwise this result in following BUGON() in case of long names:
  kernel BUG at mm/slab.c:3006!
  Call Trace:
  kmem_cache_free+0x1c1/0x850
  audit_putname+0x88/0x90
  putname+0x73/0x80
  sys_symlinkat+0x120/0x150
  sys_symlink+0x16/0x20
  system_call_fastpath+0x16/0x1b

Introduced-in: 7950e385Signed-off-by: NDmitry Monakhov <dmonakhov@openvz.org>
Reviewed-by: NJeff Layton <jlayton@redhat.com>
Signed-off-by: NEric Paris <eparis@redhat.com>
上级 2540334a
...@@ -1024,7 +1024,7 @@ static inline void audit_free_names(struct audit_context *context) ...@@ -1024,7 +1024,7 @@ static inline void audit_free_names(struct audit_context *context)
list_for_each_entry_safe(n, next, &context->names_list, list) { list_for_each_entry_safe(n, next, &context->names_list, list) {
list_del(&n->list); list_del(&n->list);
if (n->name && n->name_put) if (n->name && n->name_put)
__putname(n->name); final_putname(n->name);
if (n->should_free) if (n->should_free)
kfree(n); kfree(n);
} }
...@@ -2050,7 +2050,7 @@ void audit_putname(struct filename *name) ...@@ -2050,7 +2050,7 @@ void audit_putname(struct filename *name)
BUG_ON(!context); BUG_ON(!context);
if (!context->in_syscall) { if (!context->in_syscall) {
#if AUDIT_DEBUG == 2 #if AUDIT_DEBUG == 2
printk(KERN_ERR "%s:%d(:%d): __putname(%p)\n", printk(KERN_ERR "%s:%d(:%d): final_putname(%p)\n",
__FILE__, __LINE__, context->serial, name); __FILE__, __LINE__, context->serial, name);
if (context->name_count) { if (context->name_count) {
struct audit_names *n; struct audit_names *n;
...@@ -2061,7 +2061,7 @@ void audit_putname(struct filename *name) ...@@ -2061,7 +2061,7 @@ void audit_putname(struct filename *name)
n->name, n->name->name ?: "(null)"); n->name, n->name->name ?: "(null)");
} }
#endif #endif
__putname(name); final_putname(name);
} }
#if AUDIT_DEBUG #if AUDIT_DEBUG
else { else {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册