tty_audit: fix tty_audit_add_data live lock on audit disabled

The current tty_audit_add_data code:

        do {
                size_t run;

                run = N_TTY_BUF_SIZE - buf->valid;
                if (run > size)
                        run = size;
                memcpy(buf->data + buf->valid, data, run);
                buf->valid += run;
                data += run;
                size -= run;
                if (buf->valid == N_TTY_BUF_SIZE)
                        tty_audit_buf_push_current(buf);
        } while (size != 0);

If the current buffer is full, kernel will then call tty_audit_buf_push_current
to empty the buffer. But if we disabled audit at the same time, tty_audit_buf_push()
returns immediately if audit_enabled is zero.  Without emptying the buffer.
With obvious effect on tty_audit_add_data() that ends up spinning in that loop,
copying 0 bytes at each iteration and attempting to push each time without any effect.
Holding the lock all along.

Suggested-by: Alexander Viro <aviro@redhat.com>
Signed-off-by: Xiaotian Feng <dfeng@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c
index f64582b0f6232994f08213d3ea663e6f79acafc6..7c5866920622911ab608b4da5485ccadb487bedb 100644 (file)
--- a/drivers/tty/tty_audit.c
+++ b/drivers/tty/tty_audit.c
@@ -95,8 +95,10 @@ static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid,
 {
        if (buf->valid == 0)
                return;
-       if (audit_enabled == 0)
+       if (audit_enabled == 0) {
+               buf->valid = 0;
                return;
+       }
        tty_audit_log("tty", tsk, loginuid, sessionid, buf->major, buf->minor,
                      buf->data, buf->valid);
        buf->valid = 0;