aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/char
diff options
context:
space:
mode:
authorThomas Gleixner <tglx@linutronix.de>2009-12-09 09:19:31 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2010-10-30 08:45:25 -0400
commit3c80fe4ac9cfb13b1bfa4edf1544e8b656716694 (patch)
treec605435b642323cd76eea9567a43d8c67b9c9db1 /drivers/char
parentf7a998a9491f2da1d3e44d150aa611d10093da4f (diff)
audit: Call tty_audit_push_task() outside preempt disabled
While auditing all tasklist_lock read_lock sites I stumbled over the following call chain: audit_prepare_user_tty() read_lock(&tasklist_lock); tty_audit_push_task(); mutex_lock(&buf->mutex); --> buf->mutex is locked with preemption disabled. Solve this by acquiring a reference to the task struct under rcu_read_lock and call tty_audit_push_task outside of the preempt disabled region. Move all code which needs to be protected by sighand lock into tty_audit_push_task() and use lock/unlock_sighand as we do not hold tasklist_lock. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Eric Paris <eparis@redhat.com> Cc: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'drivers/char')
-rw-r--r--drivers/char/tty_audit.c38
1 files changed, 28 insertions, 10 deletions
diff --git a/drivers/char/tty_audit.c b/drivers/char/tty_audit.c
index 1b8ee590b4ca..f64582b0f623 100644
--- a/drivers/char/tty_audit.c
+++ b/drivers/char/tty_audit.c
@@ -188,25 +188,43 @@ void tty_audit_tiocsti(struct tty_struct *tty, char ch)
188} 188}
189 189
190/** 190/**
191 * tty_audit_push_task - Flush task's pending audit data 191 * tty_audit_push_task - Flush task's pending audit data
192 * @tsk: task pointer
193 * @loginuid: sender login uid
194 * @sessionid: sender session id
195 *
196 * Called with a ref on @tsk held. Try to lock sighand and get a
197 * reference to the tty audit buffer if available.
198 * Flush the buffer or return an appropriate error code.
192 */ 199 */
193void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid) 200int tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid)
194{ 201{
195 struct tty_audit_buf *buf; 202 struct tty_audit_buf *buf = ERR_PTR(-EPERM);
203 unsigned long flags;
196 204
197 spin_lock_irq(&tsk->sighand->siglock); 205 if (!lock_task_sighand(tsk, &flags))
198 buf = tsk->signal->tty_audit_buf; 206 return -ESRCH;
199 if (buf) 207
200 atomic_inc(&buf->count); 208 if (tsk->signal->audit_tty) {
201 spin_unlock_irq(&tsk->sighand->siglock); 209 buf = tsk->signal->tty_audit_buf;
202 if (!buf) 210 if (buf)
203 return; 211 atomic_inc(&buf->count);
212 }
213 unlock_task_sighand(tsk, &flags);
214
215 /*
216 * Return 0 when signal->audit_tty set
217 * but tsk->signal->tty_audit_buf == NULL.
218 */
219 if (!buf || IS_ERR(buf))
220 return PTR_ERR(buf);
204 221
205 mutex_lock(&buf->mutex); 222 mutex_lock(&buf->mutex);
206 tty_audit_buf_push(tsk, loginuid, sessionid, buf); 223 tty_audit_buf_push(tsk, loginuid, sessionid, buf);
207 mutex_unlock(&buf->mutex); 224 mutex_unlock(&buf->mutex);
208 225
209 tty_audit_buf_put(buf); 226 tty_audit_buf_put(buf);
227 return 0;
210} 228}
211 229
212/** 230/**