Revert "audit,io_uring: io_uring openat triggers audit reference count underflow"
This reverts commit f7e65c03d5 which is
commit 03adc61edad49e1bbecfb53f7ea5d78f398fe368 upstream.
It breaks the android ABI and if this is needed in the future, can be
brought back in an abi-safe way.
Bug: 161946584
Change-Id: I15820e234045dc6486c8176128dc7d3205db9216
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This commit is contained in:
Greg Kroah-Hartman
parent
ddf96fa712
commit
08d790dfee
@ -187,7 +187,7 @@ getname_flags(const char __user *filename, int flags, int *empty)
|
||||
}
|
||||
}
|
||||
|
||||
atomic_set(&result->refcnt, 1);
|
||||
result->refcnt = 1;
|
||||
/* The empty path is special. */
|
||||
if (unlikely(!len)) {
|
||||
if (empty)
|
||||
@ -248,7 +248,7 @@ getname_kernel(const char * filename)
|
||||
memcpy((char *)result->name, filename, len);
|
||||
result->uptr = NULL;
|
||||
result->aname = NULL;
|
||||
atomic_set(&result->refcnt, 1);
|
||||
result->refcnt = 1;
|
||||
audit_getname(result);
|
||||
|
||||
return result;
|
||||
@ -259,10 +259,9 @@ void putname(struct filename *name)
|
||||
if (IS_ERR(name))
|
||||
return;
|
||||
|
||||
if (WARN_ON_ONCE(!atomic_read(&name->refcnt)))
|
||||
return;
|
||||
BUG_ON(name->refcnt <= 0);
|
||||
|
||||
if (!atomic_dec_and_test(&name->refcnt))
|
||||
if (--name->refcnt > 0)
|
||||
return;
|
||||
|
||||
if (name->name != name->iname) {
|
||||
|
||||
@ -2745,7 +2745,7 @@ struct audit_names;
|
||||
struct filename {
|
||||
const char *name; /* pointer to actual string */
|
||||
const __user char *uptr; /* original userland pointer */
|
||||
atomic_t refcnt;
|
||||
int refcnt;
|
||||
struct audit_names *aname;
|
||||
const char iname[];
|
||||
};
|
||||
|
||||
@ -2208,7 +2208,7 @@ __audit_reusename(const __user char *uptr)
|
||||
if (!n->name)
|
||||
continue;
|
||||
if (n->name->uptr == uptr) {
|
||||
atomic_inc(&n->name->refcnt);
|
||||
n->name->refcnt++;
|
||||
return n->name;
|
||||
}
|
||||
}
|
||||
@ -2237,7 +2237,7 @@ void __audit_getname(struct filename *name)
|
||||
n->name = name;
|
||||
n->name_len = AUDIT_NAME_FULL;
|
||||
name->aname = n;
|
||||
atomic_inc(&name->refcnt);
|
||||
name->refcnt++;
|
||||
}
|
||||
|
||||
static inline int audit_copy_fcaps(struct audit_names *name,
|
||||
@ -2369,7 +2369,7 @@ void __audit_inode(struct filename *name, const struct dentry *dentry,
|
||||
return;
|
||||
if (name) {
|
||||
n->name = name;
|
||||
atomic_inc(&name->refcnt);
|
||||
name->refcnt++;
|
||||
}
|
||||
|
||||
out:
|
||||
@ -2496,7 +2496,7 @@ void __audit_inode_child(struct inode *parent,
|
||||
if (found_parent) {
|
||||
found_child->name = found_parent->name;
|
||||
found_child->name_len = AUDIT_NAME_FULL;
|
||||
atomic_inc(&found_child->name->refcnt);
|
||||
found_child->name->refcnt++;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user