Commit c0fa797a authored Apr 03, 2011 by Tetsuo Handa Committed by James Morris Apr 19, 2011

TOMOYO: Fix infinite loop bug when reading /sys/kernel/security/tomoyo/audit

In tomoyo_flush(), head->r.w[0] holds pointer to string data to be printed.
But head->r.w[0] was updated only when the string data was partially
printed (because head->r.w[0] will be updated by head->r.w[1] later if
completely printed). However, regarding /sys/kernel/security/tomoyo/query ,
an additional '\0' is printed after the string data was completely printed.
But if free space for read buffer became 0 before printing the additional '\0',
tomoyo_flush() was returning without updating head->r.w[0]. As a result,
tomoyo_flush() forever reprints already printed string data.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>

parent e4f5f26d

security/tomoyo/common.c

+2 −3

Original line number	Original line	Diff line number	Diff line
	@@ -108,10 +108,9 @@ static bool tomoyo_flush(struct tomoyo_io_buffer *head)
	head->read_user_buf += len;		head->read_user_buf += len;
	w += len;		w += len;
	}		}
	if (*w) {
	head->r.w[0] = w;		head->r.w[0] = w;
			if (*w)
	return false;		return false;
	}
	/* Add '\0' for query. */		/* Add '\0' for query. */
	if (head->poll) {		if (head->poll) {
	if (!head->read_user_buf_avail \|\|		if (!head->read_user_buf_avail \|\|