tree 13b64537abe906645ee22843e146e21958236219
parent 865108d13801d39ec038bdc82b5bec5e1eaffa9d
author Stephen Smalley <[EMAIL PROTECTED]> Tue, 19 Apr 2005 00:47:35 -0700
committer Linus Torvalds <[EMAIL PROTECTED]> Tue, 19 Apr 2005 00:47:35 -0700
[PATCH] SELinux: fix deadlock on dcache lock
This fixes a deadlock on the dcache lock detected during testing at IBM
by moving the logging of the current executable information from the
SELinux avc_audit function to audit_log_exit (via an audit_log_task_info
helper) for processing upon syscall exit.
For consistency, the patch also removes the logging of other
task-related information from avc_audit, deferring handling to
audit_log_exit instead.
This allows simplification of the avc_audit code, allows the exe
information to be obtained more reliably, always includes the comm
information (useful for scripts), and avoids including bogus task
information for checks performed from irq or softirq.
Signed-off-by: Stephen Smalley <[EMAIL PROTECTED]>
Signed-off-by: James Morris <[EMAIL PROTECTED]>
Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]>
auditsc.c | 28 ++++++++++++++++++++++++++++
selinux/avc.c | 34 ----------------------------------
2 files changed, 28 insertions(+), 34 deletions(-)
Index: kernel/auditsc.c
===================================================================
--- bfeb17a5c4eb933099eaf9e4d35df43e2fed5635/kernel/auditsc.c (mode:100644
sha1:8c454852d6a52a8cb9e37f75b90e68ca61d7cd28)
+++ 13b64537abe906645ee22843e146e21958236219/kernel/auditsc.c (mode:100644
sha1:6f1931381bc9eae1ff454c943036c5b077c4a8a6)
@@ -610,6 +610,33 @@
printk(KERN_ERR "audit: freed %d contexts\n", count);
}
+static void audit_log_task_info(struct audit_buffer *ab)
+{
+ char name[sizeof(current->comm)];
+ struct mm_struct *mm = current->mm;
+ struct vm_area_struct *vma;
+
+ get_task_comm(name, current);
+ audit_log_format(ab, " comm=%s", name);
+
+ if (!mm)
+ return;
+
+ down_read(&mm->mmap_sem);
+ vma = mm->mmap;
+ while (vma) {
+ if ((vma->vm_flags & VM_EXECUTABLE) &&
+ vma->vm_file) {
+ audit_log_d_path(ab, "exe=",
+ vma->vm_file->f_dentry,
+ vma->vm_file->f_vfsmnt);
+ break;
+ }
+ vma = vma->vm_next;
+ }
+ up_read(&mm->mmap_sem);
+}
+
static void audit_log_exit(struct audit_context *context)
{
int i;
@@ -639,6 +666,7 @@
context->gid,
context->euid, context->suid, context->fsuid,
context->egid, context->sgid, context->fsgid);
+ audit_log_task_info(ab);
audit_log_end(ab);
while (context->aux) {
struct audit_aux_data *aux;
Index: security/selinux/avc.c
===================================================================
--- bfeb17a5c4eb933099eaf9e4d35df43e2fed5635/security/selinux/avc.c
(mode:100644 sha1:fe6285e5c68f8989710e5a498637f8e494668ef1)
+++ 13b64537abe906645ee22843e146e21958236219/security/selinux/avc.c
(mode:100644 sha1:85a6f66a873f5194bc2f32908fb18a9ada1df2de)
@@ -532,7 +532,6 @@
u16 tclass, u32 requested,
struct av_decision *avd, int result, struct avc_audit_data *a)
{
- struct task_struct *tsk = current;
struct inode *inode = NULL;
u32 denied, audited;
struct audit_buffer *ab;
@@ -556,39 +555,6 @@
audit_log_format(ab, "avc: %s ", denied ? "denied" : "granted");
avc_dump_av(ab, tclass,audited);
audit_log_format(ab, " for ");
- if (a && a->tsk)
- tsk = a->tsk;
- if (tsk && tsk->pid) {
- struct mm_struct *mm;
- struct vm_area_struct *vma;
- audit_log_format(ab, " pid=%d", tsk->pid);
- if (tsk == current)
- mm = current->mm;
- else
- mm = get_task_mm(tsk);
- if (mm) {
- if (down_read_trylock(&mm->mmap_sem)) {
- vma = mm->mmap;
- while (vma) {
- if ((vma->vm_flags & VM_EXECUTABLE) &&
- vma->vm_file) {
- audit_log_d_path(ab, "exe=",
- vma->vm_file->f_dentry,
- vma->vm_file->f_vfsmnt);
- break;
- }
- vma = vma->vm_next;
- }
- up_read(&mm->mmap_sem);
- } else {
- audit_log_format(ab, " comm=%s", tsk->comm);
- }
- if (tsk != current)
- mmput(mm);
- } else {
- audit_log_format(ab, " comm=%s", tsk->comm);
- }
- }
if (a) {
switch (a->type) {
case AVC_AUDIT_DATA_IPC:
-
To unsubscribe from this list: send the line "unsubscribe bk-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
