This patch series fixes a recursive locking deadlock in audit_dupe_exe() code path, as well as, a bug that prevents the deletion of dangling audit rules.
The first patch fixes the deadlock in audit_dupe_exe() by introducing the audit_watch_ctx struct to pass the fsnotify event context down the call chain. This safely bypasses the need for kern_path_parent() during move events, avoiding a double acquisition of the I_MUTEX_PARENT lock. The second one, simply removes the d_really_is_negative() check in audit_alloc_mark() to allow dummy mark allocation, fixing the -ENOENT failure when deleting dangling rules for unlinked executables. Acked-by: Waiman Long <[email protected]> Signed-off-by: Ricardo Robaina <[email protected]> --- Ricardo Robaina (2): audit: fix recursive locking deadlock in audit_dupe_exe() audit: fix removal of dangling executable rules kernel/audit.h | 13 ++++++++++--- kernel/audit_fsnotify.c | 29 ++++++++++++++++++----------- kernel/audit_watch.c | 25 +++++++++++++++++-------- kernel/auditfilter.c | 9 +++++---- 4 files changed, 50 insertions(+), 26 deletions(-) -- 2.53.0
