audit: Call tty_audit_push_task() outside preempt disabled
While auditing all tasklist_lock read_lock sites I stumbled over the following call chain: audit_prepare_user_tty() read_lock(&tasklist_lock); tty_audit_push_task(); mutex_lock(&buf->mutex); --> buf->mutex is locked with preemption disabled. Solve this by acquiring a reference to the task struct under rcu_read_lock and call tty_audit_push_task outside of the preempt disabled region. Move all code which needs to be protected by sighand lock into tty_audit_push_task() and use lock/unlock_sighand as we do not hold tasklist_lock. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Eric Paris <eparis@redhat.com> Cc: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
parent
f7a998a949
commit
3c80fe4ac9
|
@ -188,25 +188,43 @@ void tty_audit_tiocsti(struct tty_struct *tty, char ch)
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* tty_audit_push_task - Flush task's pending audit data
|
* tty_audit_push_task - Flush task's pending audit data
|
||||||
|
* @tsk: task pointer
|
||||||
|
* @loginuid: sender login uid
|
||||||
|
* @sessionid: sender session id
|
||||||
|
*
|
||||||
|
* Called with a ref on @tsk held. Try to lock sighand and get a
|
||||||
|
* reference to the tty audit buffer if available.
|
||||||
|
* Flush the buffer or return an appropriate error code.
|
||||||
*/
|
*/
|
||||||
void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid)
|
int tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid)
|
||||||
{
|
{
|
||||||
struct tty_audit_buf *buf;
|
struct tty_audit_buf *buf = ERR_PTR(-EPERM);
|
||||||
|
unsigned long flags;
|
||||||
|
|
||||||
spin_lock_irq(&tsk->sighand->siglock);
|
if (!lock_task_sighand(tsk, &flags))
|
||||||
buf = tsk->signal->tty_audit_buf;
|
return -ESRCH;
|
||||||
if (buf)
|
|
||||||
atomic_inc(&buf->count);
|
if (tsk->signal->audit_tty) {
|
||||||
spin_unlock_irq(&tsk->sighand->siglock);
|
buf = tsk->signal->tty_audit_buf;
|
||||||
if (!buf)
|
if (buf)
|
||||||
return;
|
atomic_inc(&buf->count);
|
||||||
|
}
|
||||||
|
unlock_task_sighand(tsk, &flags);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Return 0 when signal->audit_tty set
|
||||||
|
* but tsk->signal->tty_audit_buf == NULL.
|
||||||
|
*/
|
||||||
|
if (!buf || IS_ERR(buf))
|
||||||
|
return PTR_ERR(buf);
|
||||||
|
|
||||||
mutex_lock(&buf->mutex);
|
mutex_lock(&buf->mutex);
|
||||||
tty_audit_buf_push(tsk, loginuid, sessionid, buf);
|
tty_audit_buf_push(tsk, loginuid, sessionid, buf);
|
||||||
mutex_unlock(&buf->mutex);
|
mutex_unlock(&buf->mutex);
|
||||||
|
|
||||||
tty_audit_buf_put(buf);
|
tty_audit_buf_put(buf);
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -541,8 +541,8 @@ extern void tty_audit_exit(void);
|
||||||
extern void tty_audit_fork(struct signal_struct *sig);
|
extern void tty_audit_fork(struct signal_struct *sig);
|
||||||
extern void tty_audit_tiocsti(struct tty_struct *tty, char ch);
|
extern void tty_audit_tiocsti(struct tty_struct *tty, char ch);
|
||||||
extern void tty_audit_push(struct tty_struct *tty);
|
extern void tty_audit_push(struct tty_struct *tty);
|
||||||
extern void tty_audit_push_task(struct task_struct *tsk,
|
extern int tty_audit_push_task(struct task_struct *tsk,
|
||||||
uid_t loginuid, u32 sessionid);
|
uid_t loginuid, u32 sessionid);
|
||||||
#else
|
#else
|
||||||
static inline void tty_audit_add_data(struct tty_struct *tty,
|
static inline void tty_audit_add_data(struct tty_struct *tty,
|
||||||
unsigned char *data, size_t size)
|
unsigned char *data, size_t size)
|
||||||
|
@ -560,9 +560,10 @@ static inline void tty_audit_fork(struct signal_struct *sig)
|
||||||
static inline void tty_audit_push(struct tty_struct *tty)
|
static inline void tty_audit_push(struct tty_struct *tty)
|
||||||
{
|
{
|
||||||
}
|
}
|
||||||
static inline void tty_audit_push_task(struct task_struct *tsk,
|
static inline int tty_audit_push_task(struct task_struct *tsk,
|
||||||
uid_t loginuid, u32 sessionid)
|
uid_t loginuid, u32 sessionid)
|
||||||
{
|
{
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
@ -467,23 +467,16 @@ static int audit_prepare_user_tty(pid_t pid, uid_t loginuid, u32 sessionid)
|
||||||
struct task_struct *tsk;
|
struct task_struct *tsk;
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
read_lock(&tasklist_lock);
|
rcu_read_lock();
|
||||||
tsk = find_task_by_vpid(pid);
|
tsk = find_task_by_vpid(pid);
|
||||||
err = -ESRCH;
|
if (!tsk) {
|
||||||
if (!tsk)
|
rcu_read_unlock();
|
||||||
goto out;
|
return -ESRCH;
|
||||||
err = 0;
|
}
|
||||||
|
get_task_struct(tsk);
|
||||||
spin_lock_irq(&tsk->sighand->siglock);
|
rcu_read_unlock();
|
||||||
if (!tsk->signal->audit_tty)
|
err = tty_audit_push_task(tsk, loginuid, sessionid);
|
||||||
err = -EPERM;
|
put_task_struct(tsk);
|
||||||
spin_unlock_irq(&tsk->sighand->siglock);
|
|
||||||
if (err)
|
|
||||||
goto out;
|
|
||||||
|
|
||||||
tty_audit_push_task(tsk, loginuid, sessionid);
|
|
||||||
out:
|
|
||||||
read_unlock(&tasklist_lock);
|
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue