audit: Fix use after free in audit_remove_watch_rule()
[sfrench/cifs-2.6.git] / kernel / audit_watch.c
index e0656bd6303684fcc49561b94065a709efc8b031..1c7ded42f82f0e8130b9cbf6b45b67648736a0f7 100644 (file)
@@ -457,13 +457,15 @@ void audit_remove_watch_rule(struct audit_krule *krule)
        list_del(&krule->rlist);
 
        if (list_empty(&watch->rules)) {
+               /*
+                * audit_remove_watch() drops our reference to 'parent' which
+                * can get freed. Grab our own reference to be safe.
+                */
+               audit_get_parent(parent);
                audit_remove_watch(watch);
-
-               if (list_empty(&parent->watches)) {
-                       audit_get_parent(parent);
+               if (list_empty(&parent->watches))
                        fsnotify_destroy_mark(&parent->mark, audit_watch_group);
-                       audit_put_parent(parent);
-               }
+               audit_put_parent(parent);
        }
 }