From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932612AbcAJFAp (ORCPT ); Sun, 10 Jan 2016 00:00:45 -0500 Received: from mail-pa0-f53.google.com ([209.85.220.53]:34517 "EHLO mail-pa0-f53.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756860AbcAJE72 (ORCPT ); Sat, 9 Jan 2016 23:59:28 -0500 From: Peter Hurley To: Greg Kroah-Hartman Cc: Jiri Slaby , linux-audit@redhat.com, linux-kernel@vger.kernel.org, Peter Hurley Subject: [RESEND][PATCH 15/15] tty: audit: Poison tty_audit_buf while process exits Date: Sat, 9 Jan 2016 20:59:08 -0800 Message-Id: <1452401948-30790-16-git-send-email-peter@hurleysoftware.com> X-Mailer: git-send-email 2.7.0 In-Reply-To: <1452401948-30790-1-git-send-email-peter@hurleysoftware.com> References: <1447207560-16410-1-git-send-email-peter@hurleysoftware.com> <1452401948-30790-1-git-send-email-peter@hurleysoftware.com> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Warn if tty_audit_buf use is attempted after tty_audit_exit() has already freed it. Signed-off-by: Peter Hurley --- drivers/tty/tty_audit.c | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c index fa461dc..66d53fc 100644 --- a/drivers/tty/tty_audit.c +++ b/drivers/tty/tty_audit.c @@ -21,6 +21,15 @@ struct tty_audit_buf { unsigned char *data; /* Allocated size N_TTY_BUF_SIZE */ }; +static struct tty_audit_buf *tty_audit_buf_ref(void) +{ + struct tty_audit_buf *buf; + + buf = current->signal->tty_audit_buf; + WARN_ON(buf == ERR_PTR(-ESRCH)); + return buf; +} + static struct tty_audit_buf *tty_audit_buf_alloc(void) { struct tty_audit_buf *buf; @@ -106,8 +115,7 @@ void tty_audit_exit(void) { struct tty_audit_buf *buf; - buf = current->signal->tty_audit_buf; - current->signal->tty_audit_buf = NULL; + buf = xchg(¤t->signal->tty_audit_buf, ERR_PTR(-ESRCH)); if (!buf) return; @@ -158,8 +166,8 @@ int tty_audit_push(void) if (~current->signal->audit_tty & AUDIT_TTY_ENABLE) return -EPERM; - buf = current->signal->tty_audit_buf; - if (buf) { + buf = tty_audit_buf_ref(); + if (!IS_ERR_OR_NULL(buf)) { mutex_lock(&buf->mutex); tty_audit_buf_push(buf); mutex_unlock(&buf->mutex); @@ -171,13 +179,14 @@ int tty_audit_push(void) * tty_audit_buf_get - Get an audit buffer. * * Get an audit buffer, allocate it if necessary. Return %NULL - * if out of memory. Otherwise, return a new reference to the buffer. + * if out of memory or ERR_PTR(-ESRCH) if tty_audit_exit() has already + * occurred. Otherwise, return a new reference to the buffer. */ static struct tty_audit_buf *tty_audit_buf_get(void) { struct tty_audit_buf *buf; - buf = current->signal->tty_audit_buf; + buf = tty_audit_buf_ref(); if (buf) return buf; @@ -190,7 +199,7 @@ static struct tty_audit_buf *tty_audit_buf_get(void) /* Race to use this buffer, free it if another wins */ if (cmpxchg(¤t->signal->tty_audit_buf, NULL, buf) != NULL) tty_audit_buf_free(buf); - return current->signal->tty_audit_buf; + return tty_audit_buf_ref(); } /** @@ -220,7 +229,7 @@ void tty_audit_add_data(struct tty_struct *tty, const void *data, size_t size) return; buf = tty_audit_buf_get(); - if (!buf) + if (IS_ERR_OR_NULL(buf)) return; mutex_lock(&buf->mutex); -- 2.7.0