On 13/12/17, Gao feng wrote:
> NETLINK_CB(skb).sk is the socket of user space process,
> netlink_unicast in kauditd_send_skb wants the kernel
> side socket. Since the sk_state of audit netlink socket
> is not NETLINK_CONNECTED, so the netlink_getsockbyportid
> doesn't return -ECONNREFUSED.
>
> And the socket of userspace process can be released anytime,
> so the audit_sock may point to invalid socket.
>
> this patch sets the audit_sock to the kernel side audit
> netlink socket.
Thank you.
> Signed-off-by: Gao feng <gaof...@cn.fujitsu.com>
> ---
> kernel/audit.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 041b951..ff1d1d7 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -822,7 +822,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct
> nlmsghdr *nlh)
> audit_log_config_change("audit_pid", new_pid,
> audit_pid, 1);
> audit_pid = new_pid;
> audit_nlk_portid = NETLINK_CB(skb).portid;
> - audit_sock = NETLINK_CB(skb).sk;
> + audit_sock = skb->sk;
> }
> if (s.mask & AUDIT_STATUS_RATE_LIMIT) {
> err = audit_set_rate_limit(s.rate_limit);
> --
> 1.8.3.1
- RGB
--
Richard Guy Briggs <rbri...@redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red
Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
