From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter Hurley Subject: [PATCH 15/15] tty: audit: Poison tty_audit_buf while process exits Date: Tue, 10 Nov 2015 21:06:00 -0500 Message-ID: <1447207560-16410-16-git-send-email-peter@hurleysoftware.com> References: <1447207560-16410-1-git-send-email-peter@hurleysoftware.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from mx1.redhat.com (ext-mx03.extmail.prod.ext.phx2.redhat.com [10.5.110.27]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id tAB26Y1n025696 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 10 Nov 2015 21:06:34 -0500 Received: from mail-ig0-f182.google.com (mail-ig0-f182.google.com [209.85.213.182]) by mx1.redhat.com (Postfix) with ESMTPS id ACBEF8FAA5 for ; Wed, 11 Nov 2015 02:06:33 +0000 (UTC) Received: by igl9 with SMTP id 9so67327165igl.0 for ; Tue, 10 Nov 2015 18:06:33 -0800 (PST) In-Reply-To: <1447207560-16410-1-git-send-email-peter@hurleysoftware.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Greg Kroah-Hartman Cc: linux-audit@redhat.com, Jiri Slaby , Peter Hurley List-Id: linux-audit@redhat.com Warn if tty_audit_buf use is attempted after tty_audit_exit() has already freed it. Signed-off-by: Peter Hurley --- drivers/tty/tty_audit.c | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c index fa461dc..66d53fc 100644 --- a/drivers/tty/tty_audit.c +++ b/drivers/tty/tty_audit.c @@ -21,6 +21,15 @@ struct tty_audit_buf { unsigned char *data; /* Allocated size N_TTY_BUF_SIZE */ }; +static struct tty_audit_buf *tty_audit_buf_ref(void) +{ + struct tty_audit_buf *buf; + + buf = current->signal->tty_audit_buf; + WARN_ON(buf == ERR_PTR(-ESRCH)); + return buf; +} + static struct tty_audit_buf *tty_audit_buf_alloc(void) { struct tty_audit_buf *buf; @@ -106,8 +115,7 @@ void tty_audit_exit(void) { struct tty_audit_buf *buf; - buf = current->signal->tty_audit_buf; - current->signal->tty_audit_buf = NULL; + buf = xchg(¤t->signal->tty_audit_buf, ERR_PTR(-ESRCH)); if (!buf) return; @@ -158,8 +166,8 @@ int tty_audit_push(void) if (~current->signal->audit_tty & AUDIT_TTY_ENABLE) return -EPERM; - buf = current->signal->tty_audit_buf; - if (buf) { + buf = tty_audit_buf_ref(); + if (!IS_ERR_OR_NULL(buf)) { mutex_lock(&buf->mutex); tty_audit_buf_push(buf); mutex_unlock(&buf->mutex); @@ -171,13 +179,14 @@ int tty_audit_push(void) * tty_audit_buf_get - Get an audit buffer. * * Get an audit buffer, allocate it if necessary. Return %NULL - * if out of memory. Otherwise, return a new reference to the buffer. + * if out of memory or ERR_PTR(-ESRCH) if tty_audit_exit() has already + * occurred. Otherwise, return a new reference to the buffer. */ static struct tty_audit_buf *tty_audit_buf_get(void) { struct tty_audit_buf *buf; - buf = current->signal->tty_audit_buf; + buf = tty_audit_buf_ref(); if (buf) return buf; @@ -190,7 +199,7 @@ static struct tty_audit_buf *tty_audit_buf_get(void) /* Race to use this buffer, free it if another wins */ if (cmpxchg(¤t->signal->tty_audit_buf, NULL, buf) != NULL) tty_audit_buf_free(buf); - return current->signal->tty_audit_buf; + return tty_audit_buf_ref(); } /** @@ -220,7 +229,7 @@ void tty_audit_add_data(struct tty_struct *tty, const void *data, size_t size) return; buf = tty_audit_buf_get(); - if (!buf) + if (IS_ERR_OR_NULL(buf)) return; mutex_lock(&buf->mutex); -- 2.6.3