TOMOYO: Fix infinite loop bug when reading /sys/kernel/security/tomoyo/audit
In tomoyo_flush(), head->r.w[0] holds pointer to string data to be printed. But head->r.w[0] was updated only when the string data was partially printed (because head->r.w[0] will be updated by head->r.w[1] later if completely printed). However, regarding /sys/kernel/security/tomoyo/query , an additional '\0' is printed after the string data was completely printed. But if free space for read buffer became 0 before printing the additional '\0', tomoyo_flush() was returning without updating head->r.w[0]. As a result, tomoyo_flush() forever reprints already printed string data. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
e4f5f26d83
commit
c0fa797ae6
1 changed files with 2 additions and 3 deletions
|
@ -108,10 +108,9 @@ static bool tomoyo_flush(struct tomoyo_io_buffer *head)
|
||||||
head->read_user_buf += len;
|
head->read_user_buf += len;
|
||||||
w += len;
|
w += len;
|
||||||
}
|
}
|
||||||
if (*w) {
|
|
||||||
head->r.w[0] = w;
|
head->r.w[0] = w;
|
||||||
|
if (*w)
|
||||||
return false;
|
return false;
|
||||||
}
|
|
||||||
/* Add '\0' for query. */
|
/* Add '\0' for query. */
|
||||||
if (head->poll) {
|
if (head->poll) {
|
||||||
if (!head->read_user_buf_avail ||
|
if (!head->read_user_buf_avail ||
|
||||||
|
|
Loading…
Reference in a new issue