On Tue, Dec 13, 2016 at 10:03 AM, Richard Guy Briggs <r...@redhat.com> wrote: > Resetting audit_sock appears to be racy. > > audit_sock was being copied and dereferenced without using a refcount on > the source sock. > > Bump the refcount on the underlying sock when we store a refrence in > audit_sock and release it when we reset audit_sock. audit_sock > modification needs the audit_cmd_mutex. > > See: https://lkml.org/lkml/2016/11/26/232 > > Thanks to Eric Dumazet <eduma...@google.com> and Cong Wang > <xiyou.wangc...@gmail.com> on ideas how to fix it. > > Signed-off-by: Richard Guy Briggs <r...@redhat.com> > --- > There has been a lot of change in the audit code that is about to go > upstream to address audit queue issues. This patch is based on the > source tree: git://git.infradead.org/users/pcmoore/audit#next > --- > kernel/audit.c | 28 +++++++++++++++++++++++----- > 1 files changed, 23 insertions(+), 5 deletions(-)
This looks more reasonable. I still wonder about synchronization between threads changing the audit_* connection variables and the kauditd_thread, but I guess we can treat that as another issue; this patch fixes a bug and is worth merging now. I'm building a test kernel right now, assuming nothing blows up I'll push this patch with the rest of the audit patches tomorrow; if something bad happens, this is going to miss the first audit pull request. > diff --git a/kernel/audit.c b/kernel/audit.c > index f20eee0..3bb4126 100644 > --- a/kernel/audit.c > +++ b/kernel/audit.c > @@ -446,14 +446,19 @@ static void kauditd_retry_skb(struct sk_buff *skb) > * Description: > * Break the auditd/kauditd connection and move all the records in the retry > * queue into the hold queue in case auditd reconnects. > + * The audit_cmd_mutex must be held when calling this function. > */ Don't resend, but in the future please start comments like this on the previous line.
