[PATCH] fix deadlocks in AUDIT_LIST/AUDIT_LIST_RULES

We should not send a pile of replies while holding audit_netlink_mutex
since we hold the same mutex when we receive commands.  As the result,
we can get blocked while sending and sit there holding the mutex while
auditctl is unable to send the next command and get around to receiving
what we'd sent.

Solution: create skb and put them into a queue instead of sending;
once we are done, send what we've got on the list.  The former can
be done synchronously while we are handling AUDIT_LIST or AUDIT_LIST_RULES;
we are holding audit_netlink_mutex at that point.  The latter is done
asynchronously and without messing with audit_netlink_mutex.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

1 files changed, 11 insertions, 0 deletions

diff --git a/kernel/audit.h b/kernel/audit.h
index 6f733920fd32..8948fc1e9e54 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -22,6 +22,7 @@
 #include <linux/mutex.h>
 #include <linux/fs.h>
 #include <linux/audit.h>
+#include <linux/skbuff.h>
 
 /* 0 = no checking
    1 = put_count checking
@@ -82,6 +83,9 @@ struct audit_entry {
 extern int audit_pid;
 extern int audit_comparator(const u32 left, const u32 op, const u32 right);
 
+extern struct sk_buff *     audit_make_reply(int pid, int seq, int type,
+                                             int done, int multi,
+                                             void *payload, int size);
 extern void                 audit_send_reply(int pid, int seq, int type,
                                              int done, int multi,
                                              void *payload, int size);
@@ -89,4 +93,11 @@ extern void		    audit_log_lost(const char *message);
 extern void                 audit_panic(const char *message);
 extern struct mutex audit_netlink_mutex;
 
+struct audit_netlink_list {
+        int pid;
+        struct sk_buff_head q;
+};
+
+int audit_send_list(void *);
+
 extern int selinux_audit_rule_update(void);