moving audit_free() up into do_exit()
Alexander Viro
aviro at redhat.com
Thu Mar 30 09:11:46 UTC 2006
On Thu, Mar 30, 2006 at 01:03:55AM -0800, Andrew Morton wrote:
> > +static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk, gfp_t gfp_mask)
> > {
> > - char name[sizeof(current->comm)];
> > - struct mm_struct *mm = current->mm;
> > + char name[sizeof(tsk->comm)];
> > + struct mm_struct *mm = tsk->mm;
> > struct vm_area_struct *vma;
> >
> > - get_task_comm(name, current);
> > + get_task_comm(name, tsk);
> > audit_log_format(ab, " comm=");
> > audit_log_untrustedstring(ab, name);
> >
>
> Am too lazy to apply the thing and check, but does `tsk' always equal
> `current' here? If not, what pins the mm_struct?
It's either current or something being freed. In the latter case we'd
already got ->mm set to NULL by that point. Note that with the second
patch we'll _always_ have current here and it will have intact ->mm;
current code is called too late to do anything useful and the best we
can do is to avoid using ->mm of unrelated process (deadlock country
if we do that and it ends up non-NULL by accident; that's exactly what
the guy had hit).
More information about the Linux-audit
mailing list