projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f874738)
audit: get comm using lock to avoid race in string printing
authorRichard Guy Briggs <rgb@redhat.com>
Sat, 15 Mar 2014 22:42:34 +0000 (18:42 -0400)
committerEric Paris <eparis@redhat.com>
Tue, 23 Sep 2014 20:37:56 +0000 (16:37 -0400)
When task->comm is passed directly to audit_log_untrustedstring() without
getting a copy or using the task_lock, there is a race that could happen that
would output a NULL (\0) in the output string that would effectively truncate
the rest of the report text after the comm= field in the audit, losing fields.

Use get_task_comm() to get a copy while acquiring the task_lock to prevent
this and to prevent the result from being a mixture of old and new values of
comm.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
kernel/audit.c patch | blob | blame | history
kernel/auditsc.c patch | blob | blame | history

diff --git a/kernel/audit.c b/kernel/audit.c
index 3a80abb6eaa145cc27f642ec97ba7dd9be6fbbda..53bb39bf79e2aca9f2b83023a6102ebf072ac2c6 100644 (file)
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1850,7 +1850,7 @@ EXPORT_SYMBOL(audit_log_task_context);
 void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
 {
        const struct cred *cred;
-       char name[sizeof(tsk->comm)];
+       char comm[sizeof(tsk->comm)];
        struct mm_struct *mm = tsk->mm;
        char *tty;
 
@@ -1884,9 +1884,8 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
                         from_kgid(&init_user_ns, cred->fsgid),
                         tty, audit_get_sessionid(tsk));
 
-       get_task_comm(name, tsk);
        audit_log_format(ab, " comm=");
-       audit_log_untrustedstring(ab, name);
+       audit_log_untrustedstring(ab, get_task_comm(comm, tsk));
 
        if (mm) {
                down_read(&mm->mmap_sem);
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 63a74a703c976787fbd76996d5ace745b3ec6e58..89335723fb2a5f580a91627a8c868dbc31e6886e 100644 (file)
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2424,6 +2424,7 @@ static void audit_log_task(struct audit_buffer *ab)
        kgid_t gid;
        unsigned int sessionid;
        struct mm_struct *mm = current->mm;
+       char comm[sizeof(current->comm)];
 
        auid = audit_get_loginuid(current);
        sessionid = audit_get_sessionid(current);
@@ -2436,7 +2437,7 @@ static void audit_log_task(struct audit_buffer *ab)
                         sessionid);
        audit_log_task_context(ab);
        audit_log_format(ab, " pid=%d comm=", task_pid_nr(current));
-       audit_log_untrustedstring(ab, current->comm);
+       audit_log_untrustedstring(ab, get_task_comm(comm, current));
        if (mm) {
                down_read(&mm->mmap_sem);
                if (mm->exe_file)