audit: Use rcu for task lookup protection (ab263f47) · Commits · e / devices / android_kernel_fairphone_FP4

kernel/audit.c

+14 −16

Original line number	Diff line number	Diff line
		@@ -873,17 +873,16 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
		case AUDIT_TTY_GET: {
		struct audit_tty_status s;
		struct task_struct *tsk;
		unsigned long flags;

		read_lock(&tasklist_lock);
		rcu_read_lock();
		tsk = find_task_by_vpid(pid);
		if (!tsk)
		err = -ESRCH;
		else {
		spin_lock_irq(&tsk->sighand->siglock);
		if (tsk && lock_task_sighand(tsk, &flags)) {
		s.enabled = tsk->signal->audit_tty != 0;
		spin_unlock_irq(&tsk->sighand->siglock);
		}
		read_unlock(&tasklist_lock);
		unlock_task_sighand(tsk, &flags);
		} else
		err = -ESRCH;
		rcu_read_unlock();

		if (!err)
		audit_send_reply(NETLINK_CB(skb).pid, seq,
		@@ -893,22 +892,21 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
		case AUDIT_TTY_SET: {
		struct audit_tty_status *s;
		struct task_struct *tsk;
		unsigned long flags;

		if (nlh->nlmsg_len < sizeof(struct audit_tty_status))
		return -EINVAL;
		s = data;
		if (s->enabled != 0 && s->enabled != 1)
		return -EINVAL;
		read_lock(&tasklist_lock);
		rcu_read_lock();
		tsk = find_task_by_vpid(pid);
		if (!tsk)
		err = -ESRCH;
		else {
		spin_lock_irq(&tsk->sighand->siglock);
		if (tsk && lock_task_sighand(tsk, &flags)) {
		tsk->signal->audit_tty = s->enabled != 0;
		spin_unlock_irq(&tsk->sighand->siglock);
		}
		read_unlock(&tasklist_lock);
		unlock_task_sighand(tsk, &flags);
		} else
		err = -ESRCH;
		rcu_read_unlock();
		break;
		}
		default: