tty_audit: fix tty_audit_add_data live lock on audit disabled
authorXiaotian Feng <dfeng@redhat.com>
Thu, 3 Mar 2011 10:08:24 +0000 (18:08 +0800)
committerGreg Kroah-Hartman <gregkh@suse.de>
Mon, 7 Mar 2011 20:04:50 +0000 (12:04 -0800)
The current tty_audit_add_data code:

        do {
                size_t run;

                run = N_TTY_BUF_SIZE - buf->valid;
                if (run > size)
                        run = size;
                memcpy(buf->data + buf->valid, data, run);
                buf->valid += run;
                data += run;
                size -= run;
                if (buf->valid == N_TTY_BUF_SIZE)
                        tty_audit_buf_push_current(buf);
        } while (size != 0);

If the current buffer is full, kernel will then call tty_audit_buf_push_current
to empty the buffer. But if we disabled audit at the same time, tty_audit_buf_push()
returns immediately if audit_enabled is zero.  Without emptying the buffer.
With obvious effect on tty_audit_add_data() that ends up spinning in that loop,
copying 0 bytes at each iteration and attempting to push each time without any effect.
Holding the lock all along.

Suggested-by: Alexander Viro <aviro@redhat.com>
Signed-off-by: Xiaotian Feng <dfeng@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
drivers/tty/tty_audit.c

index f64582b0f6232994f08213d3ea663e6f79acafc6..7c5866920622911ab608b4da5485ccadb487bedb 100644 (file)
@@ -95,8 +95,10 @@ static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid,
 {
        if (buf->valid == 0)
                return;
-       if (audit_enabled == 0)
+       if (audit_enabled == 0) {
+               buf->valid = 0;
                return;
+       }
        tty_audit_log("tty", tsk, loginuid, sessionid, buf->major, buf->minor,
                      buf->data, buf->valid);
        buf->valid = 0;