Re: moving audit_free() up into do_exit()
On Thu, Mar 30, 2006 at 01:03:55AM -0800, Andrew Morton wrote:
> +static void audit_log_task_info(struct audit_buffer *ab, struct
task_struct *tsk, gfp_t gfp_mask)
> {
> - char name[sizeof(current->comm)];
> - struct mm_struct *mm = current->mm;
> + char name[sizeof(tsk->comm)];
> + struct mm_struct *mm = tsk->mm;
> struct vm_area_struct *vma;
>
> - get_task_comm(name, current);
> + get_task_comm(name, tsk);
> audit_log_format(ab, " comm=");
> audit_log_untrustedstring(ab, name);
>
Am too lazy to apply the thing and check, but does `tsk' always equal
`current' here? If not, what pins the mm_struct?
It's either current or something being freed. In the latter case we'd
already got ->mm set to NULL by that point. Note that with the second
patch we'll _always_ have current here and it will have intact ->mm;
current code is called too late to do anything useful and the best we
can do is to avoid using ->mm of unrelated process (deadlock country
if we do that and it ends up non-NULL by accident; that's exactly what
the guy had hit).