Commit 3c80fe4a authored by Thomas Gleixner's avatar Thomas Gleixner Committed by Al Viro

audit: Call tty_audit_push_task() outside preempt disabled

While auditing all tasklist_lock read_lock sites I stumbled over the
following call chain:

audit_prepare_user_tty()
  read_lock(&tasklist_lock);
  tty_audit_push_task();
     mutex_lock(&buf->mutex);

     --> buf->mutex is locked with preemption disabled.

Solve this by acquiring a reference to the task struct under
rcu_read_lock and call tty_audit_push_task outside of the preempt
disabled region.

Move all code which needs to be protected by sighand lock into
tty_audit_push_task() and use lock/unlock_sighand as we do not hold
tasklist_lock.
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Eric Paris <eparis@redhat.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent f7a998a9
...@@ -189,24 +189,42 @@ void tty_audit_tiocsti(struct tty_struct *tty, char ch) ...@@ -189,24 +189,42 @@ void tty_audit_tiocsti(struct tty_struct *tty, char ch)
/** /**
* tty_audit_push_task - Flush task's pending audit data * tty_audit_push_task - Flush task's pending audit data
* @tsk: task pointer
* @loginuid: sender login uid
* @sessionid: sender session id
*
* Called with a ref on @tsk held. Try to lock sighand and get a
* reference to the tty audit buffer if available.
* Flush the buffer or return an appropriate error code.
*/ */
void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid) int tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid)
{ {
struct tty_audit_buf *buf; struct tty_audit_buf *buf = ERR_PTR(-EPERM);
unsigned long flags;
spin_lock_irq(&tsk->sighand->siglock); if (!lock_task_sighand(tsk, &flags))
return -ESRCH;
if (tsk->signal->audit_tty) {
buf = tsk->signal->tty_audit_buf; buf = tsk->signal->tty_audit_buf;
if (buf) if (buf)
atomic_inc(&buf->count); atomic_inc(&buf->count);
spin_unlock_irq(&tsk->sighand->siglock); }
if (!buf) unlock_task_sighand(tsk, &flags);
return;
/*
* Return 0 when signal->audit_tty set
* but tsk->signal->tty_audit_buf == NULL.
*/
if (!buf || IS_ERR(buf))
return PTR_ERR(buf);
mutex_lock(&buf->mutex); mutex_lock(&buf->mutex);
tty_audit_buf_push(tsk, loginuid, sessionid, buf); tty_audit_buf_push(tsk, loginuid, sessionid, buf);
mutex_unlock(&buf->mutex); mutex_unlock(&buf->mutex);
tty_audit_buf_put(buf); tty_audit_buf_put(buf);
return 0;
} }
/** /**
......
...@@ -541,7 +541,7 @@ extern void tty_audit_exit(void); ...@@ -541,7 +541,7 @@ extern void tty_audit_exit(void);
extern void tty_audit_fork(struct signal_struct *sig); extern void tty_audit_fork(struct signal_struct *sig);
extern void tty_audit_tiocsti(struct tty_struct *tty, char ch); extern void tty_audit_tiocsti(struct tty_struct *tty, char ch);
extern void tty_audit_push(struct tty_struct *tty); extern void tty_audit_push(struct tty_struct *tty);
extern void tty_audit_push_task(struct task_struct *tsk, extern int tty_audit_push_task(struct task_struct *tsk,
uid_t loginuid, u32 sessionid); uid_t loginuid, u32 sessionid);
#else #else
static inline void tty_audit_add_data(struct tty_struct *tty, static inline void tty_audit_add_data(struct tty_struct *tty,
...@@ -560,9 +560,10 @@ static inline void tty_audit_fork(struct signal_struct *sig) ...@@ -560,9 +560,10 @@ static inline void tty_audit_fork(struct signal_struct *sig)
static inline void tty_audit_push(struct tty_struct *tty) static inline void tty_audit_push(struct tty_struct *tty)
{ {
} }
static inline void tty_audit_push_task(struct task_struct *tsk, static inline int tty_audit_push_task(struct task_struct *tsk,
uid_t loginuid, u32 sessionid) uid_t loginuid, u32 sessionid)
{ {
return 0;
} }
#endif #endif
......
...@@ -467,23 +467,16 @@ static int audit_prepare_user_tty(pid_t pid, uid_t loginuid, u32 sessionid) ...@@ -467,23 +467,16 @@ static int audit_prepare_user_tty(pid_t pid, uid_t loginuid, u32 sessionid)
struct task_struct *tsk; struct task_struct *tsk;
int err; int err;
read_lock(&tasklist_lock); rcu_read_lock();
tsk = find_task_by_vpid(pid); tsk = find_task_by_vpid(pid);
err = -ESRCH; if (!tsk) {
if (!tsk) rcu_read_unlock();
goto out; return -ESRCH;
err = 0; }
get_task_struct(tsk);
spin_lock_irq(&tsk->sighand->siglock); rcu_read_unlock();
if (!tsk->signal->audit_tty) err = tty_audit_push_task(tsk, loginuid, sessionid);
err = -EPERM; put_task_struct(tsk);
spin_unlock_irq(&tsk->sighand->siglock);
if (err)
goto out;
tty_audit_push_task(tsk, loginuid, sessionid);
out:
read_unlock(&tasklist_lock);
return err; return err;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment