summaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorRichard Guy Briggs <rgb@redhat.com>2015-08-05 15:23:09 -0400
committerPaul Moore <pmoore@redhat.com>2015-08-05 17:46:42 -0400
commit8c85fc9ae69a4510ba5e2bd5fac2c1d9d60967ad (patch)
tree2ac589add6d037ee2f3f1c736ce276d72fd85103 /kernel
parentae9d2fb482fa48f637b6705e6fef6f7f999ec779 (diff)
downloadlinux-stable-8c85fc9ae69a4510ba5e2bd5fac2c1d9d60967ad.tar.gz
linux-stable-8c85fc9ae69a4510ba5e2bd5fac2c1d9d60967ad.tar.bz2
linux-stable-8c85fc9ae69a4510ba5e2bd5fac2c1d9d60967ad.zip
audit: make audit_del_rule() more robust
Move the access to the entry for audit_match_signal() to earlier in the function in case the entry found is the same one passed in. This will enable it to be used by audit_remove_mark_rule(). Signed-off-by: Richard Guy Briggs <rgb@redhat.com> [PM: tweaked subject line as it no longer made sense after multiple revs] Signed-off-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/auditfilter.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 83f6d298d234..7ca7d3b5aca2 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -953,7 +953,6 @@ static inline int audit_del_rule(struct audit_entry *entry)
mutex_lock(&audit_filter_mutex);
e = audit_find_rule(entry, &list);
if (!e) {
- mutex_unlock(&audit_filter_mutex);
ret = -ENOENT;
goto out;
}
@@ -964,10 +963,6 @@ static inline int audit_del_rule(struct audit_entry *entry)
if (e->rule.tree)
audit_remove_tree_rule(&e->rule);
- list_del_rcu(&e->list);
- list_del(&e->rule.list);
- call_rcu(&e->rcu, audit_free_rule_rcu);
-
#ifdef CONFIG_AUDITSYSCALL
if (!dont_count)
audit_n_rules--;
@@ -975,9 +970,14 @@ static inline int audit_del_rule(struct audit_entry *entry)
if (!audit_match_signal(entry))
audit_signals--;
#endif
- mutex_unlock(&audit_filter_mutex);
+
+ list_del_rcu(&e->list);
+ list_del(&e->rule.list);
+ call_rcu(&e->rcu, audit_free_rule_rcu);
out:
+ mutex_unlock(&audit_filter_mutex);
+
if (tree)
audit_put_tree(tree); /* that's the temporary one */