On 13/12/17, Gao feng wrote: > NETLINK_CB(skb).sk is the socket of user space process, > netlink_unicast in kauditd_send_skb wants the kernel > side socket. Since the sk_state of audit netlink socket > is not NETLINK_CONNECTED, so the netlink_getsockbyportid > doesn't return -ECONNREFUSED. > > And the socket of userspace process can be released anytime, > so the audit_sock may point to invalid socket. > > this patch sets the audit_sock to the kernel side audit > netlink socket.
Thank you. > Signed-off-by: Gao feng <gaof...@cn.fujitsu.com> > --- > kernel/audit.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/audit.c b/kernel/audit.c > index 041b951..ff1d1d7 100644 > --- a/kernel/audit.c > +++ b/kernel/audit.c > @@ -822,7 +822,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct > nlmsghdr *nlh) > audit_log_config_change("audit_pid", new_pid, > audit_pid, 1); > audit_pid = new_pid; > audit_nlk_portid = NETLINK_CB(skb).portid; > - audit_sock = NETLINK_CB(skb).sk; > + audit_sock = skb->sk; > } > if (s.mask & AUDIT_STATUS_RATE_LIMIT) { > err = audit_set_rate_limit(s.rate_limit); > -- > 1.8.3.1 - RGB -- Richard Guy Briggs <rbri...@redhat.com> Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat Remote, Ottawa, Canada Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545 -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit