From: Tetsuo Handa Date: Sat, 2 Apr 2011 15:12:54 +0000 (+0900) Subject: TOMOYO: Fix infinite loop bug when reading /sys/kernel/security/tomoyo/audit X-Git-Tag: 2.1b_release~4124^2~1^2~5 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=c0fa797ae6cd02ff87c0bfe0d509368a3b45640e;p=platform%2Fkernel%2Fkernel-mfld-blackbay.git TOMOYO: Fix infinite loop bug when reading /sys/kernel/security/tomoyo/audit In tomoyo_flush(), head->r.w[0] holds pointer to string data to be printed. But head->r.w[0] was updated only when the string data was partially printed (because head->r.w[0] will be updated by head->r.w[1] later if completely printed). However, regarding /sys/kernel/security/tomoyo/query , an additional '\0' is printed after the string data was completely printed. But if free space for read buffer became 0 before printing the additional '\0', tomoyo_flush() was returning without updating head->r.w[0]. As a result, tomoyo_flush() forever reprints already printed string data. Signed-off-by: Tetsuo Handa Signed-off-by: James Morris --- diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 2b7b1a1..a0d09e5 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -108,10 +108,9 @@ static bool tomoyo_flush(struct tomoyo_io_buffer *head) head->read_user_buf += len; w += len; } - if (*w) { - head->r.w[0] = w; + head->r.w[0] = w; + if (*w) return false; - } /* Add '\0' for query. */ if (head->poll) { if (!head->read_user_buf_avail ||