Commit 00bff392 authored Mar 03, 2011 by Xiaotian Feng Committed by Greg Kroah-Hartman Mar 07, 2011

tty_audit: fix tty_audit_add_data live lock on audit disabled



The current tty_audit_add_data code:

        do {
                size_t run;

                run = N_TTY_BUF_SIZE - buf->valid;
                if (run > size)
                        run = size;
                memcpy(buf->data + buf->valid, data, run);
                buf->valid += run;
                data += run;
                size -= run;
                if (buf->valid == N_TTY_BUF_SIZE)
                        tty_audit_buf_push_current(buf);
        } while (size != 0);

If the current buffer is full, kernel will then call tty_audit_buf_push_current
to empty the buffer. But if we disabled audit at the same time, tty_audit_buf_push()
returns immediately if audit_enabled is zero.  Without emptying the buffer.
With obvious effect on tty_audit_add_data() that ends up spinning in that loop,
copying 0 bytes at each iteration and attempting to push each time without any effect.
Holding the lock all along.

Suggested-by: Alexander Viro <aviro@redhat.com>
Signed-off-by: Xiaotian Feng <dfeng@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

parent b71dc887

drivers/tty/tty_audit.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -95,8 +95,10 @@ static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid,
		{
		if (buf->valid == 0)
		return;
		if (audit_enabled == 0)
		if (audit_enabled == 0) {
		buf->valid = 0;
		return;
		}
		tty_audit_log("tty", tsk, loginuid, sessionid, buf->major, buf->minor,
		buf->data, buf->valid);
		buf->valid = 0;

Admin message