diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2005-04-18 13:47:35 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2005-04-18 13:47:35 -0400 |
commit | 219f0817038cabc722968e914490adf6b686499e (patch) | |
tree | 13b64537abe906645ee22843e146e21958236219 /kernel | |
parent | 865108d13801d39ec038bdc82b5bec5e1eaffa9d (diff) |
[PATCH] SELinux: fix deadlock on dcache lock
This fixes a deadlock on the dcache lock detected during testing at IBM
by moving the logging of the current executable information from the
SELinux avc_audit function to audit_log_exit (via an audit_log_task_info
helper) for processing upon syscall exit.
For consistency, the patch also removes the logging of other
task-related information from avc_audit, deferring handling to
audit_log_exit instead.
This allows simplification of the avc_audit code, allows the exe
information to be obtained more reliably, always includes the comm
information (useful for scripts), and avoids including bogus task
information for checks performed from irq or softirq.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/auditsc.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 8c454852d6a5..6f1931381bc9 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -610,6 +610,33 @@ static inline void audit_free_context(struct audit_context *context) | |||
610 | printk(KERN_ERR "audit: freed %d contexts\n", count); | 610 | printk(KERN_ERR "audit: freed %d contexts\n", count); |
611 | } | 611 | } |
612 | 612 | ||
613 | static void audit_log_task_info(struct audit_buffer *ab) | ||
614 | { | ||
615 | char name[sizeof(current->comm)]; | ||
616 | struct mm_struct *mm = current->mm; | ||
617 | struct vm_area_struct *vma; | ||
618 | |||
619 | get_task_comm(name, current); | ||
620 | audit_log_format(ab, " comm=%s", name); | ||
621 | |||
622 | if (!mm) | ||
623 | return; | ||
624 | |||
625 | down_read(&mm->mmap_sem); | ||
626 | vma = mm->mmap; | ||
627 | while (vma) { | ||
628 | if ((vma->vm_flags & VM_EXECUTABLE) && | ||
629 | vma->vm_file) { | ||
630 | audit_log_d_path(ab, "exe=", | ||
631 | vma->vm_file->f_dentry, | ||
632 | vma->vm_file->f_vfsmnt); | ||
633 | break; | ||
634 | } | ||
635 | vma = vma->vm_next; | ||
636 | } | ||
637 | up_read(&mm->mmap_sem); | ||
638 | } | ||
639 | |||
613 | static void audit_log_exit(struct audit_context *context) | 640 | static void audit_log_exit(struct audit_context *context) |
614 | { | 641 | { |
615 | int i; | 642 | int i; |
@@ -639,6 +666,7 @@ static void audit_log_exit(struct audit_context *context) | |||
639 | context->gid, | 666 | context->gid, |
640 | context->euid, context->suid, context->fsuid, | 667 | context->euid, context->suid, context->fsuid, |
641 | context->egid, context->sgid, context->fsgid); | 668 | context->egid, context->sgid, context->fsgid); |
669 | audit_log_task_info(ab); | ||
642 | audit_log_end(ab); | 670 | audit_log_end(ab); |
643 | while (context->aux) { | 671 | while (context->aux) { |
644 | struct audit_aux_data *aux; | 672 | struct audit_aux_data *aux; |