... or visible outside of audit, really. Note that references held in delayed_filename always have refcount 1, and from the moment of complete_getname() or equivalent point in getname...() there won't be any references to struct filename instance left in places visible to other threads.
Acked-by: Paul Moore <[email protected]> Signed-off-by: Al Viro <[email protected]> --- fs/namei.c | 12 ++++++------ include/linux/fs.h | 8 +------- kernel/auditsc.c | 6 +++--- 3 files changed, 10 insertions(+), 16 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 4de9697bfbee..8f26e91de906 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -150,7 +150,7 @@ static inline void free_filename(struct filename *p) static inline void initname(struct filename *name) { name->aname = NULL; - atomic_set(&name->refcnt, 1); + name->refcnt = 1; } static int getname_long(struct filename *name, const char __user *filename) @@ -292,13 +292,13 @@ void putname(struct filename *name) if (IS_ERR_OR_NULL(name)) return; - refcnt = atomic_read(&name->refcnt); + refcnt = name->refcnt; if (unlikely(refcnt != 1)) { if (WARN_ON_ONCE(!refcnt)) return; - if (!atomic_dec_and_test(&name->refcnt)) - return; + name->refcnt--; + return; } if (unlikely(name->name != name->iname)) @@ -328,12 +328,12 @@ int delayed_getname_uflags(struct delayed_filename *v, const char __user *string int putname_to_delayed(struct delayed_filename *v, struct filename *name) { - if (likely(atomic_read(&name->refcnt) == 1)) { + if (likely(name->refcnt == 1)) { v->__incomplete_filename = name; return 0; } + name->refcnt--; v->__incomplete_filename = do_getname_kernel(name->name, true); - putname(name); return PTR_ERR_OR_ZERO(v->__incomplete_filename); } diff --git a/include/linux/fs.h b/include/linux/fs.h index 9fe91db9c053..6aaaf57e90d8 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2412,7 +2412,7 @@ struct audit_names; struct __filename_head { const char *name; /* pointer to actual string */ - atomic_t refcnt; + int refcnt; struct audit_names *aname; }; #define EMBEDDED_NAME_MAX 192 - sizeof(struct __filename_head) @@ -2527,12 +2527,6 @@ void dismiss_delayed_filename(struct delayed_filename *); int putname_to_delayed(struct delayed_filename *, struct filename *); struct filename *complete_getname(struct delayed_filename *); -static inline struct filename *refname(struct filename *name) -{ - atomic_inc(&name->refcnt); - return name; -} - DEFINE_CLASS(filename, struct filename *, putname(_T), getname(p), const char __user *p) EXTEND_CLASS(filename, _kernel, getname_kernel(p), const char *p) EXTEND_CLASS(filename, _flags, getname_flags(p, f), const char __user *p, unsigned int f) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 67d8da927381..86a44b162a87 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2191,7 +2191,7 @@ void __audit_getname(struct filename *name) n->name = name; n->name_len = AUDIT_NAME_FULL; name->aname = n; - refname(name); + name->refcnt++; } static inline int audit_copy_fcaps(struct audit_names *name, @@ -2323,7 +2323,7 @@ void __audit_inode(struct filename *name, const struct dentry *dentry, return; if (name) { n->name = name; - refname(name); + name->refcnt++; } out: @@ -2445,7 +2445,7 @@ void __audit_inode_child(struct inode *parent, if (found_parent) { found_child->name = found_parent->name; found_child->name_len = AUDIT_NAME_FULL; - refname(found_child->name); + found_child->name->refcnt++; } } -- 2.47.3
