From 7dbe6080167860df0bf8627e55fd5154f366cc7a Mon Sep 17 00:00:00 2001 From: Amir Goldstein Date: Wed, 22 Jul 2020 15:58:43 +0300 Subject: [PATCH] audit: do not set FS_EVENT_ON_CHILD in audit marks mask The audit group marks mask does not contain any events possible on a child so setting the flag FS_EVENT_ON_CHILD in the mask is counter productive. It may lead to the undesired outcome of setting the dentry flag DCACHE_FSNOTIFY_PARENT_WATCHED on a directory inode even though it is not watching children, because the audit mark contribute the flag FS_EVENT_ON_CHILD to the inode's fsnotify_mask and another mark could be contributing an event that is possible on child to the inode's mask. Furthermore in the following patches we want to use FS_EVENT_ON_CHILD for non-dir inodes for other purposes so stop using the flag. Link: https://lore.kernel.org/r/20200722125849.17418-4-amir73il@gmail.com Signed-off-by: Amir Goldstein Signed-off-by: Jan Kara --- kernel/audit_fsnotify.c | 2 +- kernel/audit_watch.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/audit_fsnotify.c b/kernel/audit_fsnotify.c index 30ca239285a3..bd3a6b79316a 100644 --- a/kernel/audit_fsnotify.c +++ b/kernel/audit_fsnotify.c @@ -36,7 +36,7 @@ static struct fsnotify_group *audit_fsnotify_group; /* fsnotify events we care about. */ #define AUDIT_FS_EVENTS (FS_MOVE | FS_CREATE | FS_DELETE | FS_DELETE_SELF |\ - FS_MOVE_SELF | FS_EVENT_ON_CHILD) + FS_MOVE_SELF) static void audit_fsnotify_mark_free(struct audit_fsnotify_mark *audit_mark) { diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c index 61fd601f1edf..e23d54bcc587 100644 --- a/kernel/audit_watch.c +++ b/kernel/audit_watch.c @@ -53,7 +53,7 @@ static struct fsnotify_group *audit_watch_group; /* fsnotify events we care about. */ #define AUDIT_FS_WATCH (FS_MOVE | FS_CREATE | FS_DELETE | FS_DELETE_SELF |\ - FS_MOVE_SELF | FS_EVENT_ON_CHILD | FS_UNMOUNT) + FS_MOVE_SELF | FS_UNMOUNT) static void audit_free_parent(struct audit_parent *parent) {