1. 24 Jun, 2009 10 commits
    • Al Viro's avatar
      Fix rule eviction order for AUDIT_DIR · 916d7576
      Al Viro authored
      
      
      If syscall removes the root of subtree being watched, we
      definitely do not want the rules refering that subtree
      to be destroyed without the syscall in question having
      a chance to match them.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      916d7576
    • Eric Paris's avatar
      Audit: clean up all op= output to include string quoting · 9d960985
      Eric Paris authored
      
      
      A number of places in the audit system we send an op= followed by a string
      that includes spaces.  Somehow this works but it's just wrong.  This patch
      moves all of those that I could find to be quoted.
      
      Example:
      
      Change From: type=CONFIG_CHANGE msg=audit(1244666690.117:31): auid=0 ses=1
      subj=unconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 op=remove rule
      key="number2" list=4 res=0
      
      Change To: type=CONFIG_CHANGE msg=audit(1244666690.117:31): auid=0 ses=1
      subj=unconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 op="remove rule"
      key="number2" list=4 res=0
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      9d960985
    • Eric Paris's avatar
      Audit: move audit_get_nd completely into audit_watch · 35fe4d0b
      Eric Paris authored
      
      
      audit_get_nd() is only used  by audit_watch and could be more cleanly
      implemented by having the audit watch functions call it when needed rather
      than making the generic audit rule parsing code deal with those objects.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      35fe4d0b
    • Eric Paris's avatar
      audit: seperate audit inode watches into a subfile · cfcad62c
      Eric Paris authored
      
      
      In preparation for converting audit to use fsnotify instead of inotify we
      seperate the inode watching code into it's own file.  This is similar to
      how the audit tree watching code is already seperated into audit_tree.c
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      cfcad62c
    • Eric Paris's avatar
      Audit: clean up audit_receive_skb · ea7ae60b
      Eric Paris authored
      
      
      audit_receive_skb is hard to clearly parse what it is doing to the netlink
      message.  Clean the function up so it is easy and clear to see what is going
      on.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      ea7ae60b
    • Eric Paris's avatar
      Audit: cleanup netlink mesg handling · ee080e6c
      Eric Paris authored
      
      
      The audit handling of netlink messages is all over the place.  Clean things
      up, use predetermined macros, generally make it more readable.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      ee080e6c
    • Eric Paris's avatar
      Audit: unify the printk of an skb when auditd not around · 038cbcf6
      Eric Paris authored
      
      
      Remove code duplication of skb printk when auditd is not around in userspace
      to deal with this message.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      038cbcf6
    • Eric Paris's avatar
      Audit: dereferencing krule as if it were an audit_watch · e85188f4
      Eric Paris authored
      
      
      audit_update_watch() runs all of the rules for a given watch and duplicates
      them, attaches a new watch to them, and then when it finishes that process
      and has called free on all of the old rules (ok maybe still inside the rcu
      grace period) it proceeds to use the last element from list_for_each_entry_safe()
      as if it were a krule rather than being the audit_watch which was anchoring
      the list to output a message about audit rules changing.
      
      This patch unfies the audit message from two different places into a helper
      function and calls it from the correct location in audit_update_rules().  We
      will now get an audit message about the config changing for each rule (with
      each rules filterkey) rather than the previous garbage.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      e85188f4
    • Eric Paris's avatar
      Audit: better estimation of execve record length · b87ce6e4
      Eric Paris authored
      
      
      The audit execve record splitting code estimates the length of the message
      generated.  But it forgot to include the "" that wrap each string in its
      estimation.  This means that execve messages with lots of tiny (1-2 byte)
      arguments could still cause records greater than 8k to be emitted.  Simply
      fix the estimate.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      b87ce6e4
    • Eric Paris's avatar
      Audit: fix audit watch use after free · 35aa901c
      Eric Paris authored
      
      
      When an audit watch is added to a parent the temporary watch inside the
      original krule from userspace is freed.  Yet the original watch is used after
      the real watch was created in audit_add_rules()
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      35aa901c
  2. 23 Jun, 2009 1 commit
  3. 20 Jun, 2009 3 commits
    • Peter Zijlstra's avatar
      perf_counter: Push perf_sample_data through the swcounter code · 92bf309a
      Peter Zijlstra authored
      
      
      Push the perf_sample_data further outwards to the swcounter interface,
      to abstract it away some more.
      Signed-off-by: default avatarPeter Zijlstra <a.p.zijlstra@chello.nl>
      LKML-Reference: <new-submission>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      92bf309a
    • Frederic Weisbecker's avatar
      tracing/urgent: warn in case of ftrace_start_up inbalance · 9ea1a153
      Frederic Weisbecker authored
      
      
      Prevent from further ftrace_start_up inbalances so that we avoid
      future nop patching omissions with dynamic ftrace.
      Signed-off-by: default avatarFrederic Weisbecker <fweisbec@gmail.com>
      Cc: Steven Rostedt <rostedt@goodmis.org>
      9ea1a153
    • Frederic Weisbecker's avatar
      tracing/urgent: fix unbalanced ftrace_start_up · c85a17e2
      Frederic Weisbecker authored
      
      
      Perfcounter reports the following stats for a wide system
      profiling:
      
       #
       # (2364 samples)
       #
       # Overhead  Symbol
       # ........  ......
       #
          15.40%  [k] mwait_idle_with_hints
           8.29%  [k] read_hpet
           5.75%  [k] ftrace_caller
           3.60%  [k] ftrace_call
           [...]
      
      This snapshot has been taken while neither the function tracer nor
      the function graph tracer was running.
      With dynamic ftrace, such results show a wrong ftrace behaviour
      because all calls to ftrace_caller or ftrace_graph_caller (the patched
      calls to mcount) are supposed to be patched into nop if none of those
      tracers are running.
      
      The problem occurs after the first run of the function tracer. Once we
      launch it a second time, the callsites will never be nopped back,
      unless you set custom filters.
      For example it happens during the self tests at boot time.
      The function tracer selftest runs, and then the dynamic tracing is
      tested too. After that, the callsites are left un-nopped.
      
      This is because the reset callback of the function tracer tries to
      unregister two ftrace callbacks in once: the common function tracer
      and the function tracer with stack backtrace, regardless of which
      one is currently in use.
      It then creates an unbalance on ftrace_start_up value which is expected
      to be zero when the last ftrace callback is unregistered. When it
      reaches zero, the FTRACE_DISABLE_CALLS is set on the next ftrace
      command, triggering the patching into nop. But since it becomes
      unbalanced, ie becomes lower than zero, if the kernel functions
      are patched again (as in every further function tracer runs), they
      won't ever be nopped back.
      
      Note that ftrace_call and ftrace_graph_call are still patched back
      to ftrace_stub in the off case, but not the callers of ftrace_call
      and ftrace_graph_caller. It means that the tracing is well deactivated
      but we waste a useless call into every kernel function.
      
      This patch just unregisters the right ftrace_ops for the function
      tracer on its reset callback and ignores the other one which is
      not registered, fixing the unbalance. The problem also happens
      is .30
      Signed-off-by: default avatarFrederic Weisbecker <fweisbec@gmail.com>
      Cc: Steven Rostedt <rostedt@goodmis.org>
      Cc: stable@kernel.org
      c85a17e2
  4. 19 Jun, 2009 3 commits
    • Oleg Nesterov's avatar
      ptrace: wait_task_zombie: do not account traced sub-threads · befca967
      Oleg Nesterov authored
      
      
      The bug is ancient.
      
      If we trace the sub-thread of our natural child and this sub-thread exits,
      we update parent->signal->cxxx fields.  But we should not do this until
      the whole thread-group exits, otherwise we account this thread (and all
      other live threads) twice.
      
      Add the task_detached() check.  No need to check thread_group_empty(),
      wait_consider_task()->delay_group_leader() already did this.
      Signed-off-by: default avatarOleg Nesterov <oleg@redhat.com>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      Acked-by: default avatarRoland McGrath <roland@redhat.com>
      Cc: Stanislaw Gruszka <sgruszka@redhat.com>
      Cc: Vitaly Mayatskikh <vmayatsk@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      befca967
    • Peter Zijlstra's avatar
      perf_counter: Close race in perf_lock_task_context() · b49a9e7e
      Peter Zijlstra authored
      
      
      perf_lock_task_context() is buggy because it can return a dead
      context.
      
      the RCU read lock in perf_lock_task_context() only guarantees
      the memory won't get freed, it doesn't guarantee the object is
      valid (in our case refcount > 0).
      
      Therefore we can return a locked object that can get freed the
      moment we release the rcu read lock.
      
      perf_pin_task_context() then increases the refcount and does an
      unlock on freed memory.
      
      That increased refcount will cause a double free, in case it
      started out with 0.
      
      Ammend this by including the get_ctx() functionality in
      perf_lock_task_context() (all users already did this later
      anyway), and return a NULL context when the found one is
      already dead.
      Signed-off-by: default avatarPeter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: Mike Galbraith <efault@gmx.de>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
      LKML-Reference: <new-submission>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      b49a9e7e
    • Peter Zijlstra's avatar
      perf_counter: Simplify and fix task migration counting · e5289d4a
      Peter Zijlstra authored
      The task migrations counter was causing rare and hard to decypher
      memory corruptions under load. After a day of debugging and bisection
      we found that the problem was introduced with:
      
        3f731ca6
      
      : perf_counter: Fix cpu migration counter
      
      Turning them off fixes the crashes. Incidentally, the whole
      perf_counter_task_migration() logic can be done simpler as well,
      by injecting a proper sw-counter event.
      
      This cleanup also fixed the crashes. The precise failure mode is
      not completely clear yet, but we are clearly not unhappy about
      having a fix ;-)
      Signed-off-by: default avatarPeter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: Mike Galbraith <efault@gmx.de>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Corey Ashford <cjashfor@linux.vnet.ibm.com>
      Cc: Marcelo Tosatti <mtosatti@redhat.com>
      Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
      LKML-Reference: <new-submission>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      e5289d4a
  5. 18 Jun, 2009 23 commits