From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter Hurley <peter@hurleysoftware.com>
Subject: [PATCH 06/15] tty: audit: Ignore current association for audit push
Date: Tue, 10 Nov 2015 21:05:51 -0500
Message-ID: <1447207560-16410-7-git-send-email-peter@hurleysoftware.com>
References: <1447207560-16410-1-git-send-email-peter@hurleysoftware.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx1.redhat.com (ext-mx01.extmail.prod.ext.phx2.redhat.com
	[10.5.110.25])
	by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id tAB26OPC003186
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NO)
	for <linux-audit@redhat.com>; Tue, 10 Nov 2015 21:06:24 -0500
Received: from mail-io0-f177.google.com (mail-io0-f177.google.com
	[209.85.223.177])
	by mx1.redhat.com (Postfix) with ESMTPS id D1DBC935D4
	for <linux-audit@redhat.com>; Wed, 11 Nov 2015 02:06:23 +0000 (UTC)
Received: by iouu10 with SMTP id u10so12959046iou.0
	for <linux-audit@redhat.com>; Tue, 10 Nov 2015 18:06:23 -0800 (PST)
In-Reply-To: <1447207560-16410-1-git-send-email-peter@hurleysoftware.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: linux-audit@redhat.com, Jiri Slaby <jslaby@suse.cz>, Peter Hurley <peter@hurleysoftware.com>
List-Id: linux-audit@redhat.com

In canonical read mode, each line read and logged is pushed separately
with tty_audit_push(). For all single-threaded processes and multi-threaded
processes reading from only one tty, this patch has no effect; the last line
read will still be the entry pushed to the audit log because the tty
association cannot have changed between tty_audit_add_data() and
tty_audit_push().

For multi-threaded processes reading from different ttys concurrently,
the audit log will have mixed log entries anyway. Consider two ttys
audited concurrently:

CPU0                           CPU1
----------                     ------------
tty_audit_add_data(ttyA)
                               tty_audit_add_data(ttyB)
tty_audit_push()
                               tty_audit_add_data(ttyB)
                               tty_audit_push()

This patch will now cause the ttyB output to be split into separate
audit log entries.

However, this possibility is equally likely without this patch:

CPU0                           CPU1
----------                     ------------
                               tty_audit_add_data(ttyB)
tty_audit_add_data(ttyA)
tty_audit_push()
                               tty_audit_add_data(ttyB)
                               tty_audit_push()

Mixed canonical and non-canonical reads have similar races.

Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
---
 drivers/tty/n_tty.c     |  2 +-
 drivers/tty/tty_audit.c | 11 +++--------
 include/linux/tty.h     |  2 +-
 3 files changed, 5 insertions(+), 10 deletions(-)

diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
index a3ad312..93f85a6 100644
--- a/drivers/tty/n_tty.c
+++ b/drivers/tty/n_tty.c
@@ -2104,7 +2104,7 @@ static int canon_copy_from_read_buf(struct tty_struct *tty,
 			ldata->line_start = ldata->read_tail;
 		else
 			ldata->push = 0;
-		tty_audit_push(tty);
+		tty_audit_push();
 	}
 	return eof_push ? -EAGAIN : 0;
 }
diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c
index 5f65653..5ae4839 100644
--- a/drivers/tty/tty_audit.c
+++ b/drivers/tty/tty_audit.c
@@ -313,9 +313,9 @@ void tty_audit_add_data(struct tty_struct *tty, const void *data, size_t size)
 /**
  *	tty_audit_push	-	Push buffered data out
  *
- *	Make sure no audit data is pending for @tty on the current process.
+ *	Make sure no audit data is pending on the current process.
  */
-void tty_audit_push(struct tty_struct *tty)
+void tty_audit_push(void)
 {
 	struct tty_audit_buf *buf;
 	unsigned long flags;
@@ -331,13 +331,8 @@ void tty_audit_push(struct tty_struct *tty)
 	spin_unlock_irqrestore(&current->sighand->siglock, flags);
 
 	if (buf) {
-		int major, minor;
-
-		major = tty->driver->major;
-		minor = tty->driver->minor_start + tty->index;
 		mutex_lock(&buf->mutex);
-		if (buf->major == major && buf->minor == minor)
-			tty_audit_buf_push(buf);
+		tty_audit_buf_push(buf);
 		mutex_unlock(&buf->mutex);
 		tty_audit_buf_put(buf);
 	}
diff --git a/include/linux/tty.h b/include/linux/tty.h
index f8a20a8..8a73d84 100644
--- a/include/linux/tty.h
+++ b/include/linux/tty.h
@@ -607,7 +607,7 @@ extern void tty_audit_add_data(struct tty_struct *tty, const void *data,
 extern void tty_audit_exit(void);
 extern void tty_audit_fork(struct signal_struct *sig);
 extern void tty_audit_tiocsti(struct tty_struct *tty, char ch);
-extern void tty_audit_push(struct tty_struct *tty);
+extern void tty_audit_push(void);
 extern int tty_audit_push_current(void);
 #else
 static inline void tty_audit_add_data(struct tty_struct *tty, const void *data,
-- 
2.6.3