Resetting audit_sock appears to be racy.
audit_sock was being copied and dereferenced without using a refcount on
the source sock.
Bump the refcount on the underlying sock when we store a refrence in
audit_sock and release it when we reset audit_sock. audit_sock
modification needs the audit_cmd_
On Tue, Dec 13, 2016 at 10:03 AM, Richard Guy Briggs wrote:
> Resetting audit_sock appears to be racy.
>
> audit_sock was being copied and dereferenced without using a refcount on
> the source sock.
>
> Bump the refcount on the underlying sock when we store a refrence in
> audit_sock and release i
On Tue, Dec 13, 2016 at 7:03 AM, Richard Guy Briggs wrote:
> @@ -1283,8 +1299,10 @@ static void __net_exit audit_net_exit(struct net *net)
> {
> struct audit_net *aunet = net_generic(net, audit_net_id);
> struct sock *sock = aunet->nlsk;
> + mutex_lock(&audit_cmd_mutex);
>
On 2016-12-13 16:19, Cong Wang wrote:
> On Tue, Dec 13, 2016 at 7:03 AM, Richard Guy Briggs wrote:
> > @@ -1283,8 +1299,10 @@ static void __net_exit audit_net_exit(struct net
> > *net)
> > {
> > struct audit_net *aunet = net_generic(net, audit_net_id);
> > struct sock *sock = aun
On Tue, Dec 13, 2016 at 8:00 PM, Richard Guy Briggs wrote:
> On 2016-12-13 16:19, Cong Wang wrote:
>> On Tue, Dec 13, 2016 at 7:03 AM, Richard Guy Briggs wrote:
>> > @@ -1283,8 +1299,10 @@ static void __net_exit audit_net_exit(struct net
>> > *net)
>> > {
>> > struct audit_net *aunet =
