diff options
| author | Thomas Gleixner <tglx@linutronix.de> | 2009-12-09 09:19:31 -0500 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2010-10-30 08:45:25 -0400 |
| commit | 3c80fe4ac9cfb13b1bfa4edf1544e8b656716694 (patch) | |
| tree | c605435b642323cd76eea9567a43d8c67b9c9db1 /drivers/char | |
| parent | f7a998a9491f2da1d3e44d150aa611d10093da4f (diff) | |
audit: Call tty_audit_push_task() outside preempt disabled
While auditing all tasklist_lock read_lock sites I stumbled over the
following call chain:
audit_prepare_user_tty()
read_lock(&tasklist_lock);
tty_audit_push_task();
mutex_lock(&buf->mutex);
--> buf->mutex is locked with preemption disabled.
Solve this by acquiring a reference to the task struct under
rcu_read_lock and call tty_audit_push_task outside of the preempt
disabled region.
Move all code which needs to be protected by sighand lock into
tty_audit_push_task() and use lock/unlock_sighand as we do not hold
tasklist_lock.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Eric Paris <eparis@redhat.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'drivers/char')
| -rw-r--r-- | drivers/char/tty_audit.c | 38 |
1 files changed, 28 insertions, 10 deletions
diff --git a/drivers/char/tty_audit.c b/drivers/char/tty_audit.c index 1b8ee590b4ca..f64582b0f623 100644 --- a/drivers/char/tty_audit.c +++ b/drivers/char/tty_audit.c | |||
| @@ -188,25 +188,43 @@ void tty_audit_tiocsti(struct tty_struct *tty, char ch) | |||
| 188 | } | 188 | } |
| 189 | 189 | ||
| 190 | /** | 190 | /** |
| 191 | * tty_audit_push_task - Flush task's pending audit data | 191 | * tty_audit_push_task - Flush task's pending audit data |
| 192 | * @tsk: task pointer | ||
| 193 | * @loginuid: sender login uid | ||
| 194 | * @sessionid: sender session id | ||
| 195 | * | ||
| 196 | * Called with a ref on @tsk held. Try to lock sighand and get a | ||
| 197 | * reference to the tty audit buffer if available. | ||
| 198 | * Flush the buffer or return an appropriate error code. | ||
| 192 | */ | 199 | */ |
| 193 | void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid) | 200 | int tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid) |
| 194 | { | 201 | { |
| 195 | struct tty_audit_buf *buf; | 202 | struct tty_audit_buf *buf = ERR_PTR(-EPERM); |
| 203 | unsigned long flags; | ||
| 196 | 204 | ||
| 197 | spin_lock_irq(&tsk->sighand->siglock); | 205 | if (!lock_task_sighand(tsk, &flags)) |
| 198 | buf = tsk->signal->tty_audit_buf; | 206 | return -ESRCH; |
| 199 | if (buf) | 207 | |
| 200 | atomic_inc(&buf->count); | 208 | if (tsk->signal->audit_tty) { |
| 201 | spin_unlock_irq(&tsk->sighand->siglock); | 209 | buf = tsk->signal->tty_audit_buf; |
| 202 | if (!buf) | 210 | if (buf) |
| 203 | return; | 211 | atomic_inc(&buf->count); |
| 212 | } | ||
| 213 | unlock_task_sighand(tsk, &flags); | ||
| 214 | |||
| 215 | /* | ||
| 216 | * Return 0 when signal->audit_tty set | ||
| 217 | * but tsk->signal->tty_audit_buf == NULL. | ||
| 218 | */ | ||
| 219 | if (!buf || IS_ERR(buf)) | ||
| 220 | return PTR_ERR(buf); | ||
| 204 | 221 | ||
| 205 | mutex_lock(&buf->mutex); | 222 | mutex_lock(&buf->mutex); |
| 206 | tty_audit_buf_push(tsk, loginuid, sessionid, buf); | 223 | tty_audit_buf_push(tsk, loginuid, sessionid, buf); |
| 207 | mutex_unlock(&buf->mutex); | 224 | mutex_unlock(&buf->mutex); |
| 208 | 225 | ||
| 209 | tty_audit_buf_put(buf); | 226 | tty_audit_buf_put(buf); |
| 227 | return 0; | ||
| 210 | } | 228 | } |
| 211 | 229 | ||
| 212 | /** | 230 | /** |