shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-07 11:26:02 +09:00
Code Issues Packages Projects Releases Wiki Activity

Merge tag 'audit-pr-20211216' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit

Browse Source 
Pull audit fix from Paul Moore:
 "A single patch to fix a problem where the audit queue could grow
  unbounded when the audit daemon is forcibly stopped"

* tag 'audit-pr-20211216' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
  audit: improve robustness of the audit queue handling
This commit is contained in:
Linus Torvalds
2021-12-16 15:24:46 -08:00
parent 180f3bcfe3 f4b3ee3c85
commit 6441998e2e
1 changed files with 10 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
kernel/audit.c
View File

@@ -718,7 +718,7 @@ static int kauditd_send_queue(struct sock *sk, u32 portid,
{ {
int rc = 0; int rc = 0;
struct sk_buff *skb; struct sk_buff *skb;
static unsigned int failed = 0; unsigned int failed = 0;
/* NOTE: kauditd_thread takes care of all our locking, we just use /* NOTE: kauditd_thread takes care of all our locking, we just use
* the netlink info passed to us (e.g. sk and portid) */ * the netlink info passed to us (e.g. sk and portid) */
@@ -735,32 +735,30 @@ static int kauditd_send_queue(struct sock *sk, u32 portid,
continue; continue;
} }
retry:
/* grab an extra skb reference in case of error */ /* grab an extra skb reference in case of error */
skb_get(skb); skb_get(skb);
rc = netlink_unicast(sk, skb, portid, 0); rc = netlink_unicast(sk, skb, portid, 0);
if (rc < 0) { if (rc < 0) {
/* fatal failure for our queue flush attempt? */ /* send failed - try a few times unless fatal error */
if (++failed >= retry_limit || if (++failed >= retry_limit ||
rc == -ECONNREFUSED || rc == -EPERM) { rc == -ECONNREFUSED || rc == -EPERM) {
/* yes - error processing for the queue */
sk = NULL; sk = NULL;
if (err_hook) if (err_hook)
(*err_hook)(skb); (*err_hook)(skb);
if (!skb_hook) if (rc == -EAGAIN)
goto out; rc = 0;
/* keep processing with the skb_hook */ /* continue to drain the queue */
continue; continue;
} else } else
/* no - requeue to preserve ordering */ goto retry;
skb_queue_head(queue, skb);
} else { } else {
/* it worked - drop the extra reference and continue */ /* skb sent - drop the extra reference and continue */
consume_skb(skb); consume_skb(skb);
failed = 0; failed = 0;
} }
} }
out:
return (rc >= 0 ? 0 : rc); return (rc >= 0 ? 0 : rc);
} }
@@ -1609,7 +1607,8 @@ static int __net_init audit_net_init(struct net *net)
audit_panic("cannot initialize netlink socket in namespace"); audit_panic("cannot initialize netlink socket in namespace");
return -ENOMEM; return -ENOMEM;
} }
aunet->sk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT; /* limit the timeout in case auditd is blocked/stopped */
aunet->sk->sk_sndtimeo = HZ / 10;
return 0; return 0;
} }