[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1452408939-19380-16-git-send-email-peter@hurleysoftware.com>
Date: Sat, 9 Jan 2016 22:55:39 -0800
From: Peter Hurley <peter@...leysoftware.com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Jiri Slaby <jslaby@...e.cz>, linux-kernel@...r.kernel.org,
Peter Hurley <peter@...leysoftware.com>
Subject: [PATCH v2 15/15] tty: audit: Poison tty_audit_buf while process exits
Warn if tty_audit_buf use is attempted after tty_audit_exit() has
already freed it.
Signed-off-by: Peter Hurley <peter@...leysoftware.com>
---
drivers/tty/tty_audit.c | 25 +++++++++++++++++--------
1 file changed, 17 insertions(+), 8 deletions(-)
diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c
index fa461dc..66d53fc 100644
--- a/drivers/tty/tty_audit.c
+++ b/drivers/tty/tty_audit.c
@@ -21,6 +21,15 @@ struct tty_audit_buf {
unsigned char *data; /* Allocated size N_TTY_BUF_SIZE */
};
+static struct tty_audit_buf *tty_audit_buf_ref(void)
+{
+ struct tty_audit_buf *buf;
+
+ buf = current->signal->tty_audit_buf;
+ WARN_ON(buf == ERR_PTR(-ESRCH));
+ return buf;
+}
+
static struct tty_audit_buf *tty_audit_buf_alloc(void)
{
struct tty_audit_buf *buf;
@@ -106,8 +115,7 @@ void tty_audit_exit(void)
{
struct tty_audit_buf *buf;
- buf = current->signal->tty_audit_buf;
- current->signal->tty_audit_buf = NULL;
+ buf = xchg(¤t->signal->tty_audit_buf, ERR_PTR(-ESRCH));
if (!buf)
return;
@@ -158,8 +166,8 @@ int tty_audit_push(void)
if (~current->signal->audit_tty & AUDIT_TTY_ENABLE)
return -EPERM;
- buf = current->signal->tty_audit_buf;
- if (buf) {
+ buf = tty_audit_buf_ref();
+ if (!IS_ERR_OR_NULL(buf)) {
mutex_lock(&buf->mutex);
tty_audit_buf_push(buf);
mutex_unlock(&buf->mutex);
@@ -171,13 +179,14 @@ int tty_audit_push(void)
* tty_audit_buf_get - Get an audit buffer.
*
* Get an audit buffer, allocate it if necessary. Return %NULL
- * if out of memory. Otherwise, return a new reference to the buffer.
+ * if out of memory or ERR_PTR(-ESRCH) if tty_audit_exit() has already
+ * occurred. Otherwise, return a new reference to the buffer.
*/
static struct tty_audit_buf *tty_audit_buf_get(void)
{
struct tty_audit_buf *buf;
- buf = current->signal->tty_audit_buf;
+ buf = tty_audit_buf_ref();
if (buf)
return buf;
@@ -190,7 +199,7 @@ static struct tty_audit_buf *tty_audit_buf_get(void)
/* Race to use this buffer, free it if another wins */
if (cmpxchg(¤t->signal->tty_audit_buf, NULL, buf) != NULL)
tty_audit_buf_free(buf);
- return current->signal->tty_audit_buf;
+ return tty_audit_buf_ref();
}
/**
@@ -220,7 +229,7 @@ void tty_audit_add_data(struct tty_struct *tty, const void *data, size_t size)
return;
buf = tty_audit_buf_get();
- if (!buf)
+ if (IS_ERR_OR_NULL(buf))
return;
mutex_lock(&buf->mutex);
--
2.7.0
Powered by blists - more mailing lists