1 // SPDX-License-Identifier: GPL-2.0
3 #include <linux/fsnotify_backend.h>
4 #include <linux/namei.h>
5 #include <linux/mount.h>
6 #include <linux/kthread.h>
7 #include <linux/refcount.h>
8 #include <linux/slab.h>
16 struct audit_chunk *root;
17 struct list_head chunks;
18 struct list_head rules;
19 struct list_head list;
20 struct list_head same_root;
26 struct list_head hash;
27 struct fsnotify_mark mark;
28 struct list_head trees; /* with root here */
34 struct list_head list;
35 struct audit_tree *owner;
36 unsigned index; /* index; upper bit indicates 'will prune' */
40 static LIST_HEAD(tree_list);
41 static LIST_HEAD(prune_list);
42 static struct task_struct *prune_thread;
45 * One struct chunk is attached to each inode of interest.
46 * We replace struct chunk on tagging/untagging.
47 * Rules have pointer to struct audit_tree.
48 * Rules have struct list_head rlist forming a list of rules over
50 * References to struct chunk are collected at audit_inode{,_child}()
51 * time and used in AUDIT_TREE rule matching.
52 * These references are dropped at the same time we are calling
53 * audit_free_names(), etc.
55 * Cyclic lists galore:
56 * tree.chunks anchors chunk.owners[].list hash_lock
57 * tree.rules anchors rule.rlist audit_filter_mutex
58 * chunk.trees anchors tree.same_root hash_lock
59 * chunk.hash is a hash with middle bits of watch.inode as
60 * a hash function. RCU, hash_lock
62 * tree is refcounted; one reference for "some rules on rules_list refer to
63 * it", one for each chunk with pointer to it.
65 * chunk is refcounted by embedded fsnotify_mark + .refs (non-zero refcount
66 * of watch contributes 1 to .refs).
68 * node.index allows to get from node.list to containing chunk.
69 * MSB of that sucker is stolen to mark taggings that we might have to
70 * revert - several operations have very unpleasant cleanup logics and
71 * that makes a difference. Some.
74 static struct fsnotify_group *audit_tree_group;
76 static struct audit_tree *alloc_tree(const char *s)
78 struct audit_tree *tree;
80 tree = kmalloc(sizeof(struct audit_tree) + strlen(s) + 1, GFP_KERNEL);
82 refcount_set(&tree->count, 1);
84 INIT_LIST_HEAD(&tree->chunks);
85 INIT_LIST_HEAD(&tree->rules);
86 INIT_LIST_HEAD(&tree->list);
87 INIT_LIST_HEAD(&tree->same_root);
89 strcpy(tree->pathname, s);
94 static inline void get_tree(struct audit_tree *tree)
96 refcount_inc(&tree->count);
99 static inline void put_tree(struct audit_tree *tree)
101 if (refcount_dec_and_test(&tree->count))
102 kfree_rcu(tree, head);
105 /* to avoid bringing the entire thing in audit.h */
106 const char *audit_tree_path(struct audit_tree *tree)
108 return tree->pathname;
111 static void free_chunk(struct audit_chunk *chunk)
115 for (i = 0; i < chunk->count; i++) {
116 if (chunk->owners[i].owner)
117 put_tree(chunk->owners[i].owner);
122 void audit_put_chunk(struct audit_chunk *chunk)
124 if (atomic_long_dec_and_test(&chunk->refs))
128 static void __put_chunk(struct rcu_head *rcu)
130 struct audit_chunk *chunk = container_of(rcu, struct audit_chunk, head);
131 audit_put_chunk(chunk);
134 static void audit_tree_destroy_watch(struct fsnotify_mark *entry)
136 struct audit_chunk *chunk = container_of(entry, struct audit_chunk, mark);
137 call_rcu(&chunk->head, __put_chunk);
140 static struct audit_chunk *alloc_chunk(int count)
142 struct audit_chunk *chunk;
146 size = offsetof(struct audit_chunk, owners) + count * sizeof(struct node);
147 chunk = kzalloc(size, GFP_KERNEL);
151 INIT_LIST_HEAD(&chunk->hash);
152 INIT_LIST_HEAD(&chunk->trees);
153 chunk->count = count;
154 atomic_long_set(&chunk->refs, 1);
155 for (i = 0; i < count; i++) {
156 INIT_LIST_HEAD(&chunk->owners[i].list);
157 chunk->owners[i].index = i;
159 fsnotify_init_mark(&chunk->mark, audit_tree_group);
160 chunk->mark.mask = FS_IN_IGNORED;
164 enum {HASH_SIZE = 128};
165 static struct list_head chunk_hash_heads[HASH_SIZE];
166 static __cacheline_aligned_in_smp DEFINE_SPINLOCK(hash_lock);
168 /* Function to return search key in our hash from inode. */
169 static unsigned long inode_to_key(const struct inode *inode)
171 return (unsigned long)inode;
175 * Function to return search key in our hash from chunk. Key 0 is special and
176 * should never be present in the hash.
178 static unsigned long chunk_to_key(struct audit_chunk *chunk)
181 * We have a reference to the mark so it should be attached to a
184 if (WARN_ON_ONCE(!chunk->mark.connector))
186 return (unsigned long)chunk->mark.connector->inode;
189 static inline struct list_head *chunk_hash(unsigned long key)
191 unsigned long n = key / L1_CACHE_BYTES;
192 return chunk_hash_heads + n % HASH_SIZE;
195 /* hash_lock & entry->lock is held by caller */
196 static void insert_hash(struct audit_chunk *chunk)
198 unsigned long key = chunk_to_key(chunk);
199 struct list_head *list;
201 if (!(chunk->mark.flags & FSNOTIFY_MARK_FLAG_ATTACHED))
203 list = chunk_hash(key);
204 list_add_rcu(&chunk->hash, list);
207 /* called under rcu_read_lock */
208 struct audit_chunk *audit_tree_lookup(const struct inode *inode)
210 unsigned long key = inode_to_key(inode);
211 struct list_head *list = chunk_hash(key);
212 struct audit_chunk *p;
214 list_for_each_entry_rcu(p, list, hash) {
215 if (chunk_to_key(p) == key) {
216 atomic_long_inc(&p->refs);
223 bool audit_tree_match(struct audit_chunk *chunk, struct audit_tree *tree)
226 for (n = 0; n < chunk->count; n++)
227 if (chunk->owners[n].owner == tree)
232 /* tagging and untagging inodes with trees */
234 static struct audit_chunk *find_chunk(struct node *p)
236 int index = p->index & ~(1U<<31);
238 return container_of(p, struct audit_chunk, owners[0]);
241 static void untag_chunk(struct node *p)
243 struct audit_chunk *chunk = find_chunk(p);
244 struct fsnotify_mark *entry = &chunk->mark;
245 struct audit_chunk *new = NULL;
246 struct audit_tree *owner;
247 int size = chunk->count - 1;
250 fsnotify_get_mark(entry);
252 spin_unlock(&hash_lock);
255 new = alloc_chunk(size);
257 mutex_lock(&entry->group->mark_mutex);
258 spin_lock(&entry->lock);
260 * mark_mutex protects mark from getting detached and thus also from
261 * mark->connector->inode getting NULL.
263 if (chunk->dead || !(entry->flags & FSNOTIFY_MARK_FLAG_ATTACHED)) {
264 spin_unlock(&entry->lock);
265 mutex_unlock(&entry->group->mark_mutex);
267 fsnotify_put_mark(&new->mark);
275 spin_lock(&hash_lock);
276 list_del_init(&chunk->trees);
277 if (owner->root == chunk)
279 list_del_init(&p->list);
280 list_del_rcu(&chunk->hash);
281 spin_unlock(&hash_lock);
282 spin_unlock(&entry->lock);
283 mutex_unlock(&entry->group->mark_mutex);
284 fsnotify_destroy_mark(entry, audit_tree_group);
291 if (fsnotify_add_mark_locked(&new->mark, entry->connector->inode,
293 fsnotify_put_mark(&new->mark);
298 spin_lock(&hash_lock);
299 list_replace_init(&chunk->trees, &new->trees);
300 if (owner->root == chunk) {
301 list_del_init(&owner->same_root);
305 for (i = j = 0; j <= size; i++, j++) {
306 struct audit_tree *s;
307 if (&chunk->owners[j] == p) {
308 list_del_init(&p->list);
312 s = chunk->owners[j].owner;
313 new->owners[i].owner = s;
314 new->owners[i].index = chunk->owners[j].index - j + i;
315 if (!s) /* result of earlier fallback */
318 list_replace_init(&chunk->owners[j].list, &new->owners[i].list);
321 list_replace_rcu(&chunk->hash, &new->hash);
322 list_for_each_entry(owner, &new->trees, same_root)
324 spin_unlock(&hash_lock);
325 spin_unlock(&entry->lock);
326 mutex_unlock(&entry->group->mark_mutex);
327 fsnotify_destroy_mark(entry, audit_tree_group);
328 fsnotify_put_mark(&new->mark); /* drop initial reference */
332 // do the best we can
333 spin_lock(&hash_lock);
334 if (owner->root == chunk) {
335 list_del_init(&owner->same_root);
338 list_del_init(&p->list);
341 spin_unlock(&hash_lock);
342 spin_unlock(&entry->lock);
343 mutex_unlock(&entry->group->mark_mutex);
345 fsnotify_put_mark(entry);
346 spin_lock(&hash_lock);
349 static int create_chunk(struct inode *inode, struct audit_tree *tree)
351 struct fsnotify_mark *entry;
352 struct audit_chunk *chunk = alloc_chunk(1);
356 entry = &chunk->mark;
357 if (fsnotify_add_mark(entry, inode, NULL, 0)) {
358 fsnotify_put_mark(entry);
362 spin_lock(&entry->lock);
363 spin_lock(&hash_lock);
365 spin_unlock(&hash_lock);
367 spin_unlock(&entry->lock);
368 fsnotify_destroy_mark(entry, audit_tree_group);
369 fsnotify_put_mark(entry);
372 chunk->owners[0].index = (1U << 31);
373 chunk->owners[0].owner = tree;
375 list_add(&chunk->owners[0].list, &tree->chunks);
378 list_add(&tree->same_root, &chunk->trees);
381 spin_unlock(&hash_lock);
382 spin_unlock(&entry->lock);
383 fsnotify_put_mark(entry); /* drop initial reference */
387 /* the first tagged inode becomes root of tree */
388 static int tag_chunk(struct inode *inode, struct audit_tree *tree)
390 struct fsnotify_mark *old_entry, *chunk_entry;
391 struct audit_tree *owner;
392 struct audit_chunk *chunk, *old;
396 old_entry = fsnotify_find_mark(&inode->i_fsnotify_marks,
399 return create_chunk(inode, tree);
401 old = container_of(old_entry, struct audit_chunk, mark);
403 /* are we already there? */
404 spin_lock(&hash_lock);
405 for (n = 0; n < old->count; n++) {
406 if (old->owners[n].owner == tree) {
407 spin_unlock(&hash_lock);
408 fsnotify_put_mark(old_entry);
412 spin_unlock(&hash_lock);
414 chunk = alloc_chunk(old->count + 1);
416 fsnotify_put_mark(old_entry);
420 chunk_entry = &chunk->mark;
422 mutex_lock(&old_entry->group->mark_mutex);
423 spin_lock(&old_entry->lock);
425 * mark_mutex protects mark from getting detached and thus also from
426 * mark->connector->inode getting NULL.
428 if (!(old_entry->flags & FSNOTIFY_MARK_FLAG_ATTACHED)) {
429 /* old_entry is being shot, lets just lie */
430 spin_unlock(&old_entry->lock);
431 mutex_unlock(&old_entry->group->mark_mutex);
432 fsnotify_put_mark(old_entry);
433 fsnotify_put_mark(&chunk->mark);
437 if (fsnotify_add_mark_locked(chunk_entry,
438 old_entry->connector->inode, NULL, 1)) {
439 spin_unlock(&old_entry->lock);
440 mutex_unlock(&old_entry->group->mark_mutex);
441 fsnotify_put_mark(chunk_entry);
442 fsnotify_put_mark(old_entry);
446 /* even though we hold old_entry->lock, this is safe since chunk_entry->lock could NEVER have been grabbed before */
447 spin_lock(&chunk_entry->lock);
448 spin_lock(&hash_lock);
450 /* we now hold old_entry->lock, chunk_entry->lock, and hash_lock */
452 spin_unlock(&hash_lock);
454 spin_unlock(&chunk_entry->lock);
455 spin_unlock(&old_entry->lock);
456 mutex_unlock(&old_entry->group->mark_mutex);
458 fsnotify_destroy_mark(chunk_entry, audit_tree_group);
460 fsnotify_put_mark(chunk_entry);
461 fsnotify_put_mark(old_entry);
464 list_replace_init(&old->trees, &chunk->trees);
465 for (n = 0, p = chunk->owners; n < old->count; n++, p++) {
466 struct audit_tree *s = old->owners[n].owner;
468 p->index = old->owners[n].index;
469 if (!s) /* result of fallback in untag */
472 list_replace_init(&old->owners[n].list, &p->list);
474 p->index = (chunk->count - 1) | (1U<<31);
477 list_add(&p->list, &tree->chunks);
478 list_replace_rcu(&old->hash, &chunk->hash);
479 list_for_each_entry(owner, &chunk->trees, same_root)
484 list_add(&tree->same_root, &chunk->trees);
486 spin_unlock(&hash_lock);
487 spin_unlock(&chunk_entry->lock);
488 spin_unlock(&old_entry->lock);
489 mutex_unlock(&old_entry->group->mark_mutex);
490 fsnotify_destroy_mark(old_entry, audit_tree_group);
491 fsnotify_put_mark(chunk_entry); /* drop initial reference */
492 fsnotify_put_mark(old_entry); /* pair to fsnotify_find mark_entry */
496 static void audit_tree_log_remove_rule(struct audit_krule *rule)
498 struct audit_buffer *ab;
500 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
503 audit_log_format(ab, "op=remove_rule");
504 audit_log_format(ab, " dir=");
505 audit_log_untrustedstring(ab, rule->tree->pathname);
506 audit_log_key(ab, rule->filterkey);
507 audit_log_format(ab, " list=%d res=1", rule->listnr);
511 static void kill_rules(struct audit_tree *tree)
513 struct audit_krule *rule, *next;
514 struct audit_entry *entry;
516 list_for_each_entry_safe(rule, next, &tree->rules, rlist) {
517 entry = container_of(rule, struct audit_entry, rule);
519 list_del_init(&rule->rlist);
521 /* not a half-baked one */
522 audit_tree_log_remove_rule(rule);
524 audit_remove_mark(entry->rule.exe);
526 list_del_rcu(&entry->list);
527 list_del(&entry->rule.list);
528 call_rcu(&entry->rcu, audit_free_rule_rcu);
534 * finish killing struct audit_tree
536 static void prune_one(struct audit_tree *victim)
538 spin_lock(&hash_lock);
539 while (!list_empty(&victim->chunks)) {
542 p = list_entry(victim->chunks.next, struct node, list);
546 spin_unlock(&hash_lock);
550 /* trim the uncommitted chunks from tree */
552 static void trim_marked(struct audit_tree *tree)
554 struct list_head *p, *q;
555 spin_lock(&hash_lock);
557 spin_unlock(&hash_lock);
561 for (p = tree->chunks.next; p != &tree->chunks; p = q) {
562 struct node *node = list_entry(p, struct node, list);
564 if (node->index & (1U<<31)) {
566 list_add(p, &tree->chunks);
570 while (!list_empty(&tree->chunks)) {
573 node = list_entry(tree->chunks.next, struct node, list);
575 /* have we run out of marked? */
576 if (!(node->index & (1U<<31)))
581 if (!tree->root && !tree->goner) {
583 spin_unlock(&hash_lock);
584 mutex_lock(&audit_filter_mutex);
586 list_del_init(&tree->list);
587 mutex_unlock(&audit_filter_mutex);
590 spin_unlock(&hash_lock);
594 static void audit_schedule_prune(void);
596 /* called with audit_filter_mutex */
597 int audit_remove_tree_rule(struct audit_krule *rule)
599 struct audit_tree *tree;
602 spin_lock(&hash_lock);
603 list_del_init(&rule->rlist);
604 if (list_empty(&tree->rules) && !tree->goner) {
606 list_del_init(&tree->same_root);
608 list_move(&tree->list, &prune_list);
610 spin_unlock(&hash_lock);
611 audit_schedule_prune();
615 spin_unlock(&hash_lock);
621 static int compare_root(struct vfsmount *mnt, void *arg)
623 return inode_to_key(d_backing_inode(mnt->mnt_root)) ==
627 void audit_trim_trees(void)
629 struct list_head cursor;
631 mutex_lock(&audit_filter_mutex);
632 list_add(&cursor, &tree_list);
633 while (cursor.next != &tree_list) {
634 struct audit_tree *tree;
636 struct vfsmount *root_mnt;
640 tree = container_of(cursor.next, struct audit_tree, list);
643 list_add(&cursor, &tree->list);
644 mutex_unlock(&audit_filter_mutex);
646 err = kern_path(tree->pathname, 0, &path);
650 root_mnt = collect_mounts(&path);
652 if (IS_ERR(root_mnt))
655 spin_lock(&hash_lock);
656 list_for_each_entry(node, &tree->chunks, list) {
657 struct audit_chunk *chunk = find_chunk(node);
658 /* this could be NULL if the watch is dying else where... */
659 node->index |= 1U<<31;
660 if (iterate_mounts(compare_root,
661 (void *)chunk_to_key(chunk),
663 node->index &= ~(1U<<31);
665 spin_unlock(&hash_lock);
667 drop_collected_mounts(root_mnt);
670 mutex_lock(&audit_filter_mutex);
673 mutex_unlock(&audit_filter_mutex);
676 int audit_make_tree(struct audit_krule *rule, char *pathname, u32 op)
679 if (pathname[0] != '/' ||
680 rule->listnr != AUDIT_FILTER_EXIT ||
682 rule->inode_f || rule->watch || rule->tree)
684 rule->tree = alloc_tree(pathname);
690 void audit_put_tree(struct audit_tree *tree)
695 static int tag_mount(struct vfsmount *mnt, void *arg)
697 return tag_chunk(d_backing_inode(mnt->mnt_root), arg);
701 * That gets run when evict_chunk() ends up needing to kill audit_tree.
702 * Runs from a separate thread.
704 static int prune_tree_thread(void *unused)
707 if (list_empty(&prune_list)) {
708 set_current_state(TASK_INTERRUPTIBLE);
712 mutex_lock(&audit_cmd_mutex);
713 mutex_lock(&audit_filter_mutex);
715 while (!list_empty(&prune_list)) {
716 struct audit_tree *victim;
718 victim = list_entry(prune_list.next,
719 struct audit_tree, list);
720 list_del_init(&victim->list);
722 mutex_unlock(&audit_filter_mutex);
726 mutex_lock(&audit_filter_mutex);
729 mutex_unlock(&audit_filter_mutex);
730 mutex_unlock(&audit_cmd_mutex);
735 static int audit_launch_prune(void)
739 prune_thread = kthread_run(prune_tree_thread, NULL,
741 if (IS_ERR(prune_thread)) {
742 pr_err("cannot start thread audit_prune_tree");
749 /* called with audit_filter_mutex */
750 int audit_add_tree_rule(struct audit_krule *rule)
752 struct audit_tree *seed = rule->tree, *tree;
754 struct vfsmount *mnt;
758 list_for_each_entry(tree, &tree_list, list) {
759 if (!strcmp(seed->pathname, tree->pathname)) {
762 list_add(&rule->rlist, &tree->rules);
767 list_add(&tree->list, &tree_list);
768 list_add(&rule->rlist, &tree->rules);
769 /* do not set rule->tree yet */
770 mutex_unlock(&audit_filter_mutex);
772 if (unlikely(!prune_thread)) {
773 err = audit_launch_prune();
778 err = kern_path(tree->pathname, 0, &path);
781 mnt = collect_mounts(&path);
789 err = iterate_mounts(tag_mount, tree, mnt);
790 drop_collected_mounts(mnt);
794 spin_lock(&hash_lock);
795 list_for_each_entry(node, &tree->chunks, list)
796 node->index &= ~(1U<<31);
797 spin_unlock(&hash_lock);
803 mutex_lock(&audit_filter_mutex);
804 if (list_empty(&rule->rlist)) {
813 mutex_lock(&audit_filter_mutex);
814 list_del_init(&tree->list);
815 list_del_init(&tree->rules);
820 int audit_tag_tree(char *old, char *new)
822 struct list_head cursor, barrier;
824 struct path path1, path2;
825 struct vfsmount *tagged;
828 err = kern_path(new, 0, &path2);
831 tagged = collect_mounts(&path2);
834 return PTR_ERR(tagged);
836 err = kern_path(old, 0, &path1);
838 drop_collected_mounts(tagged);
842 mutex_lock(&audit_filter_mutex);
843 list_add(&barrier, &tree_list);
844 list_add(&cursor, &barrier);
846 while (cursor.next != &tree_list) {
847 struct audit_tree *tree;
850 tree = container_of(cursor.next, struct audit_tree, list);
853 list_add(&cursor, &tree->list);
854 mutex_unlock(&audit_filter_mutex);
856 err = kern_path(tree->pathname, 0, &path2);
858 good_one = path_is_under(&path1, &path2);
864 mutex_lock(&audit_filter_mutex);
868 failed = iterate_mounts(tag_mount, tree, tagged);
871 mutex_lock(&audit_filter_mutex);
875 mutex_lock(&audit_filter_mutex);
876 spin_lock(&hash_lock);
878 list_del(&tree->list);
879 list_add(&tree->list, &tree_list);
881 spin_unlock(&hash_lock);
885 while (barrier.prev != &tree_list) {
886 struct audit_tree *tree;
888 tree = container_of(barrier.prev, struct audit_tree, list);
890 list_del(&tree->list);
891 list_add(&tree->list, &barrier);
892 mutex_unlock(&audit_filter_mutex);
896 spin_lock(&hash_lock);
897 list_for_each_entry(node, &tree->chunks, list)
898 node->index &= ~(1U<<31);
899 spin_unlock(&hash_lock);
905 mutex_lock(&audit_filter_mutex);
909 mutex_unlock(&audit_filter_mutex);
911 drop_collected_mounts(tagged);
916 static void audit_schedule_prune(void)
918 wake_up_process(prune_thread);
922 * ... and that one is done if evict_chunk() decides to delay until the end
923 * of syscall. Runs synchronously.
925 void audit_kill_trees(struct list_head *list)
927 mutex_lock(&audit_cmd_mutex);
928 mutex_lock(&audit_filter_mutex);
930 while (!list_empty(list)) {
931 struct audit_tree *victim;
933 victim = list_entry(list->next, struct audit_tree, list);
935 list_del_init(&victim->list);
937 mutex_unlock(&audit_filter_mutex);
941 mutex_lock(&audit_filter_mutex);
944 mutex_unlock(&audit_filter_mutex);
945 mutex_unlock(&audit_cmd_mutex);
949 * Here comes the stuff asynchronous to auditctl operations
952 static void evict_chunk(struct audit_chunk *chunk)
954 struct audit_tree *owner;
955 struct list_head *postponed = audit_killed_trees();
963 mutex_lock(&audit_filter_mutex);
964 spin_lock(&hash_lock);
965 while (!list_empty(&chunk->trees)) {
966 owner = list_entry(chunk->trees.next,
967 struct audit_tree, same_root);
970 list_del_init(&owner->same_root);
971 spin_unlock(&hash_lock);
974 list_move(&owner->list, &prune_list);
977 list_move(&owner->list, postponed);
979 spin_lock(&hash_lock);
981 list_del_rcu(&chunk->hash);
982 for (n = 0; n < chunk->count; n++)
983 list_del_init(&chunk->owners[n].list);
984 spin_unlock(&hash_lock);
985 mutex_unlock(&audit_filter_mutex);
987 audit_schedule_prune();
990 static int audit_tree_handle_event(struct fsnotify_group *group,
991 struct inode *to_tell,
992 struct fsnotify_mark *inode_mark,
993 struct fsnotify_mark *vfsmount_mark,
994 u32 mask, const void *data, int data_type,
995 const unsigned char *file_name, u32 cookie,
996 struct fsnotify_iter_info *iter_info)
1001 static void audit_tree_freeing_mark(struct fsnotify_mark *entry, struct fsnotify_group *group)
1003 struct audit_chunk *chunk = container_of(entry, struct audit_chunk, mark);
1008 * We are guaranteed to have at least one reference to the mark from
1009 * either the inode or the caller of fsnotify_destroy_mark().
1011 BUG_ON(atomic_read(&entry->refcnt) < 1);
1014 static const struct fsnotify_ops audit_tree_ops = {
1015 .handle_event = audit_tree_handle_event,
1016 .freeing_mark = audit_tree_freeing_mark,
1017 .free_mark = audit_tree_destroy_watch,
1020 static int __init audit_tree_init(void)
1024 audit_tree_group = fsnotify_alloc_group(&audit_tree_ops);
1025 if (IS_ERR(audit_tree_group))
1026 audit_panic("cannot initialize fsnotify group for rectree watches");
1028 for (i = 0; i < HASH_SIZE; i++)
1029 INIT_LIST_HEAD(&chunk_hash_heads[i]);
1033 __initcall(audit_tree_init);
git.samba.org / sfrench / cifs-2.6.git / blob