• Peter Hurley's avatar
    tty: audit: Ignore current association for audit push · b50819f4
    Peter Hurley authored
    In canonical read mode, each line read and logged is pushed separately
    with tty_audit_push(). For all single-threaded processes and multi-threaded
    processes reading from only one tty, this patch has no effect; the last line
    read will still be the entry pushed to the audit log because the tty
    association cannot have changed between tty_audit_add_data() and
    tty_audit_push().
    
    For multi-threaded processes reading from different ttys concurrently,
    the audit log will have mixed log entries anyway. Consider two ttys
    audited concurrently:
    
    CPU0                           CPU1
    ----------                     ------------
    tty_audit_add_data(ttyA)
                                   tty_audit_add_data(ttyB)
    tty_audit_push()
                                   tty_audit_add_data(ttyB)
                                   tty_audit_push()
    
    This patch will now cause the ttyB output to be split into separate
    audit log entries.
    
    However, this possibility is equally likely without this patch:
    
    CPU0                           CPU1
    ----------                     ------------
                                   tty_audit_add_data(ttyB)
    tty_audit_add_data(ttyA)
    tty_audit_push()
                                   tty_audit_add_data(ttyB)
                                   tty_audit_push()
    
    Mixed canonical and non-canonical reads have similar races.
    Signed-off-by: default avatarPeter Hurley <peter@hurleysoftware.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    b50819f4
n_tty.c 61.8 KB