* [PATCH 1/2] audit: print error message when fail to create audit socket
@ 2013-12-17 3:10 Gao feng
2013-12-17 3:10 ` [PATCH 2/2] audit: fix incorrect set of audit_sock Gao feng
` (2 more replies)
0 siblings, 3 replies; 11+ messages in thread
From: Gao feng @ 2013-12-17 3:10 UTC (permalink / raw)
To: linux-audit; +Cc: linux-kernel, rgb, eparis, Gao feng
print the error message and then return -ENOMEM.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
kernel/audit.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index 2a0ed0b..041b951 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1083,12 +1083,11 @@ static int __net_init audit_net_init(struct net *net)
pr_info("audit: initializing netlink socket in namespace\n");
aunet->nlsk = netlink_kernel_create(net, NETLINK_AUDIT, &cfg);
- if (aunet->nlsk == NULL)
- return -ENOMEM;
- if (!aunet->nlsk)
+ if (aunet->nlsk == NULL) {
audit_panic("cannot initialize netlink socket in namespace");
- else
- aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
+ return -ENOMEM;
+ }
+ aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
return 0;
}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 2/2] audit: fix incorrect set of audit_sock
2013-12-17 3:10 [PATCH 1/2] audit: print error message when fail to create audit socket Gao feng
@ 2013-12-17 3:10 ` Gao feng
2013-12-17 16:02 ` Eric Paris
2013-12-20 1:38 ` Richard Guy Briggs
2013-12-17 15:56 ` Eric Paris
2014-01-08 0:53 ` Andrew Morton
2 siblings, 2 replies; 11+ messages in thread
From: Gao feng @ 2013-12-17 3:10 UTC (permalink / raw)
To: linux-audit; +Cc: linux-kernel, rgb, eparis, Gao feng
NETLINK_CB(skb).sk is the socket of user space process,
netlink_unicast in kauditd_send_skb wants the kernel
side socket. Since the sk_state of audit netlink socket
is not NETLINK_CONNECTED, so the netlink_getsockbyportid
doesn't return -ECONNREFUSED.
And the socket of userspace process can be released anytime,
so the audit_sock may point to invalid socket.
this patch sets the audit_sock to the kernel side audit
netlink socket.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
kernel/audit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index 041b951..ff1d1d7 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -822,7 +822,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
audit_log_config_change("audit_pid", new_pid, audit_pid, 1);
audit_pid = new_pid;
audit_nlk_portid = NETLINK_CB(skb).portid;
- audit_sock = NETLINK_CB(skb).sk;
+ audit_sock = skb->sk;
}
if (s.mask & AUDIT_STATUS_RATE_LIMIT) {
err = audit_set_rate_limit(s.rate_limit);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH 1/2] audit: print error message when fail to create audit socket
2013-12-17 3:10 [PATCH 1/2] audit: print error message when fail to create audit socket Gao feng
@ 2013-12-17 15:56 ` Eric Paris
2013-12-17 15:56 ` Eric Paris
2014-01-08 0:53 ` Andrew Morton
2 siblings, 0 replies; 11+ messages in thread
From: Eric Paris @ 2013-12-17 15:56 UTC (permalink / raw)
To: Gao feng; +Cc: linux-audit, linux-kernel, rgb
On Tue, 2013-12-17 at 11:10 +0800, Gao feng wrote:
> print the error message and then return -ENOMEM.
>
> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Haha. If it's NULL return. No no, if it's REALLY null audit_panic().
Acked-by: Eric Paris <eparis@redhat.com>
> ---
> kernel/audit.c | 9 ++++-----
> 1 file changed, 4 insertions(+), 5 deletions(-)
>
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 2a0ed0b..041b951 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -1083,12 +1083,11 @@ static int __net_init audit_net_init(struct net *net)
> pr_info("audit: initializing netlink socket in namespace\n");
>
> aunet->nlsk = netlink_kernel_create(net, NETLINK_AUDIT, &cfg);
> - if (aunet->nlsk == NULL)
> - return -ENOMEM;
> - if (!aunet->nlsk)
> + if (aunet->nlsk == NULL) {
> audit_panic("cannot initialize netlink socket in namespace");
> - else
> - aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
> + return -ENOMEM;
> + }
> + aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
> return 0;
> }
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 1/2] audit: print error message when fail to create audit socket
@ 2013-12-17 15:56 ` Eric Paris
0 siblings, 0 replies; 11+ messages in thread
From: Eric Paris @ 2013-12-17 15:56 UTC (permalink / raw)
To: Gao feng; +Cc: rgb, linux-audit, linux-kernel
On Tue, 2013-12-17 at 11:10 +0800, Gao feng wrote:
> print the error message and then return -ENOMEM.
>
> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Haha. If it's NULL return. No no, if it's REALLY null audit_panic().
Acked-by: Eric Paris <eparis@redhat.com>
> ---
> kernel/audit.c | 9 ++++-----
> 1 file changed, 4 insertions(+), 5 deletions(-)
>
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 2a0ed0b..041b951 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -1083,12 +1083,11 @@ static int __net_init audit_net_init(struct net *net)
> pr_info("audit: initializing netlink socket in namespace\n");
>
> aunet->nlsk = netlink_kernel_create(net, NETLINK_AUDIT, &cfg);
> - if (aunet->nlsk == NULL)
> - return -ENOMEM;
> - if (!aunet->nlsk)
> + if (aunet->nlsk == NULL) {
> audit_panic("cannot initialize netlink socket in namespace");
> - else
> - aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
> + return -ENOMEM;
> + }
> + aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
> return 0;
> }
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 2/2] audit: fix incorrect set of audit_sock
2013-12-17 3:10 ` [PATCH 2/2] audit: fix incorrect set of audit_sock Gao feng
@ 2013-12-17 16:02 ` Eric Paris
2013-12-20 1:38 ` Richard Guy Briggs
1 sibling, 0 replies; 11+ messages in thread
From: Eric Paris @ 2013-12-17 16:02 UTC (permalink / raw)
To: Gao feng; +Cc: linux-audit, linux-kernel, rgb
On Tue, 2013-12-17 at 11:10 +0800, Gao feng wrote:
> NETLINK_CB(skb).sk is the socket of user space process,
> netlink_unicast in kauditd_send_skb wants the kernel
> side socket. Since the sk_state of audit netlink socket
> is not NETLINK_CONNECTED, so the netlink_getsockbyportid
> doesn't return -ECONNREFUSED.
>
> And the socket of userspace process can be released anytime,
> so the audit_sock may point to invalid socket.
>
> this patch sets the audit_sock to the kernel side audit
> netlink socket.
>
> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Acked-by: Eric Paris <eparis@redhat.com>
> ---
> kernel/audit.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 041b951..ff1d1d7 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -822,7 +822,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
> audit_log_config_change("audit_pid", new_pid, audit_pid, 1);
> audit_pid = new_pid;
> audit_nlk_portid = NETLINK_CB(skb).portid;
> - audit_sock = NETLINK_CB(skb).sk;
> + audit_sock = skb->sk;
> }
> if (s.mask & AUDIT_STATUS_RATE_LIMIT) {
> err = audit_set_rate_limit(s.rate_limit);
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 1/2] audit: print error message when fail to create audit socket
2013-12-17 15:56 ` Eric Paris
@ 2013-12-20 1:34 ` Richard Guy Briggs
-1 siblings, 0 replies; 11+ messages in thread
From: Richard Guy Briggs @ 2013-12-20 1:34 UTC (permalink / raw)
To: Eric Paris; +Cc: Gao feng, linux-audit, linux-kernel
On 13/12/17, Eric Paris wrote:
> On Tue, 2013-12-17 at 11:10 +0800, Gao feng wrote:
> > print the error message and then return -ENOMEM.
> >
> > Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
>
> Haha. If it's NULL return. No no, if it's REALLY null audit_panic().
Wow, who committed *that* crap!?! :P
Thanks for the catch.
> Acked-by: Eric Paris <eparis@redhat.com>
> > ---
> > kernel/audit.c | 9 ++++-----
> > 1 file changed, 4 insertions(+), 5 deletions(-)
> >
> > diff --git a/kernel/audit.c b/kernel/audit.c
> > index 2a0ed0b..041b951 100644
> > --- a/kernel/audit.c
> > +++ b/kernel/audit.c
> > @@ -1083,12 +1083,11 @@ static int __net_init audit_net_init(struct net *net)
> > pr_info("audit: initializing netlink socket in namespace\n");
> >
> > aunet->nlsk = netlink_kernel_create(net, NETLINK_AUDIT, &cfg);
> > - if (aunet->nlsk == NULL)
> > - return -ENOMEM;
> > - if (!aunet->nlsk)
> > + if (aunet->nlsk == NULL) {
> > audit_panic("cannot initialize netlink socket in namespace");
> > - else
> > - aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
> > + return -ENOMEM;
> > + }
> > + aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
> > return 0;
> > }
- RGB
--
Richard Guy Briggs <rbriggs@redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 1/2] audit: print error message when fail to create audit socket
@ 2013-12-20 1:34 ` Richard Guy Briggs
0 siblings, 0 replies; 11+ messages in thread
From: Richard Guy Briggs @ 2013-12-20 1:34 UTC (permalink / raw)
To: Eric Paris; +Cc: linux-audit, linux-kernel
On 13/12/17, Eric Paris wrote:
> On Tue, 2013-12-17 at 11:10 +0800, Gao feng wrote:
> > print the error message and then return -ENOMEM.
> >
> > Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
>
> Haha. If it's NULL return. No no, if it's REALLY null audit_panic().
Wow, who committed *that* crap!?! :P
Thanks for the catch.
> Acked-by: Eric Paris <eparis@redhat.com>
> > ---
> > kernel/audit.c | 9 ++++-----
> > 1 file changed, 4 insertions(+), 5 deletions(-)
> >
> > diff --git a/kernel/audit.c b/kernel/audit.c
> > index 2a0ed0b..041b951 100644
> > --- a/kernel/audit.c
> > +++ b/kernel/audit.c
> > @@ -1083,12 +1083,11 @@ static int __net_init audit_net_init(struct net *net)
> > pr_info("audit: initializing netlink socket in namespace\n");
> >
> > aunet->nlsk = netlink_kernel_create(net, NETLINK_AUDIT, &cfg);
> > - if (aunet->nlsk == NULL)
> > - return -ENOMEM;
> > - if (!aunet->nlsk)
> > + if (aunet->nlsk == NULL) {
> > audit_panic("cannot initialize netlink socket in namespace");
> > - else
> > - aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
> > + return -ENOMEM;
> > + }
> > + aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
> > return 0;
> > }
- RGB
--
Richard Guy Briggs <rbriggs@redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 2/2] audit: fix incorrect set of audit_sock
2013-12-17 3:10 ` [PATCH 2/2] audit: fix incorrect set of audit_sock Gao feng
2013-12-17 16:02 ` Eric Paris
@ 2013-12-20 1:38 ` Richard Guy Briggs
1 sibling, 0 replies; 11+ messages in thread
From: Richard Guy Briggs @ 2013-12-20 1:38 UTC (permalink / raw)
To: Gao feng; +Cc: linux-audit, linux-kernel
On 13/12/17, Gao feng wrote:
> NETLINK_CB(skb).sk is the socket of user space process,
> netlink_unicast in kauditd_send_skb wants the kernel
> side socket. Since the sk_state of audit netlink socket
> is not NETLINK_CONNECTED, so the netlink_getsockbyportid
> doesn't return -ECONNREFUSED.
>
> And the socket of userspace process can be released anytime,
> so the audit_sock may point to invalid socket.
>
> this patch sets the audit_sock to the kernel side audit
> netlink socket.
Thank you.
> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
> ---
> kernel/audit.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 041b951..ff1d1d7 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -822,7 +822,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
> audit_log_config_change("audit_pid", new_pid, audit_pid, 1);
> audit_pid = new_pid;
> audit_nlk_portid = NETLINK_CB(skb).portid;
> - audit_sock = NETLINK_CB(skb).sk;
> + audit_sock = skb->sk;
> }
> if (s.mask & AUDIT_STATUS_RATE_LIMIT) {
> err = audit_set_rate_limit(s.rate_limit);
> --
> 1.8.3.1
- RGB
--
Richard Guy Briggs <rbriggs@redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 1/2] audit: print error message when fail to create audit socket
2013-12-17 3:10 [PATCH 1/2] audit: print error message when fail to create audit socket Gao feng
2013-12-17 3:10 ` [PATCH 2/2] audit: fix incorrect set of audit_sock Gao feng
2013-12-17 15:56 ` Eric Paris
@ 2014-01-08 0:53 ` Andrew Morton
2014-01-08 1:18 ` Gao feng
2 siblings, 1 reply; 11+ messages in thread
From: Andrew Morton @ 2014-01-08 0:53 UTC (permalink / raw)
To: Gao feng; +Cc: linux-audit, linux-kernel, rgb, eparis
On Tue, 17 Dec 2013 11:10:41 +0800 Gao feng <gaofeng@cn.fujitsu.com> wrote:
> print the error message and then return -ENOMEM.
>
> ...
>
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -1083,12 +1083,11 @@ static int __net_init audit_net_init(struct net *net)
> pr_info("audit: initializing netlink socket in namespace\n");
>
> aunet->nlsk = netlink_kernel_create(net, NETLINK_AUDIT, &cfg);
> - if (aunet->nlsk == NULL)
> - return -ENOMEM;
> - if (!aunet->nlsk)
> + if (aunet->nlsk == NULL) {
> audit_panic("cannot initialize netlink socket in namespace");
> - else
> - aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
> + return -ENOMEM;
> + }
> + aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
> return 0;
> }
What kernel version are these against? Something ancient, I expect -
audit_net_init() doesn't exist.
Please check current kernels, redo and resend the patches if anything
needs changing?
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 1/2] audit: print error message when fail to create audit socket
2014-01-08 0:53 ` Andrew Morton
@ 2014-01-08 1:18 ` Gao feng
2014-01-08 3:30 ` Richard Guy Briggs
0 siblings, 1 reply; 11+ messages in thread
From: Gao feng @ 2014-01-08 1:18 UTC (permalink / raw)
To: Andrew Morton; +Cc: linux-audit, linux-kernel, rgb, eparis
On 01/08/2014 08:53 AM, Andrew Morton wrote:
> On Tue, 17 Dec 2013 11:10:41 +0800 Gao feng <gaofeng@cn.fujitsu.com> wrote:
>
>> print the error message and then return -ENOMEM.
>>
>> ...
>>
>> --- a/kernel/audit.c
>> +++ b/kernel/audit.c
>> @@ -1083,12 +1083,11 @@ static int __net_init audit_net_init(struct net *net)
>> pr_info("audit: initializing netlink socket in namespace\n");
>>
>> aunet->nlsk = netlink_kernel_create(net, NETLINK_AUDIT, &cfg);
>> - if (aunet->nlsk == NULL)
>> - return -ENOMEM;
>> - if (!aunet->nlsk)
>> + if (aunet->nlsk == NULL) {
>> audit_panic("cannot initialize netlink socket in namespace");
>> - else
>> - aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
>> + return -ENOMEM;
>> + }
>> + aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
>> return 0;
>> }
>
> What kernel version are these against? Something ancient, I expect -
> audit_net_init() doesn't exist.
>
> Please check current kernels, redo and resend the patches if anything
> needs changing?
This patch is against Richard Guy Briggs's audit tree. the current kernel
doesn't have this problem.
BTW, Richard & Eric, when do you plan to push these changes to the upstream?
there are a lot of changes in Richard's tree.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 1/2] audit: print error message when fail to create audit socket
2014-01-08 1:18 ` Gao feng
@ 2014-01-08 3:30 ` Richard Guy Briggs
0 siblings, 0 replies; 11+ messages in thread
From: Richard Guy Briggs @ 2014-01-08 3:30 UTC (permalink / raw)
To: Gao feng; +Cc: Andrew Morton, linux-audit, linux-kernel, eparis
On 14/01/08, Gao feng wrote:
> On 01/08/2014 08:53 AM, Andrew Morton wrote:
> > On Tue, 17 Dec 2013 11:10:41 +0800 Gao feng <gaofeng@cn.fujitsu.com> wrote:
> >
> >> print the error message and then return -ENOMEM.
> >>
> >> ...
> >>
> >> --- a/kernel/audit.c
> >> +++ b/kernel/audit.c
> >> @@ -1083,12 +1083,11 @@ static int __net_init audit_net_init(struct net *net)
> >> pr_info("audit: initializing netlink socket in namespace\n");
> >>
> >> aunet->nlsk = netlink_kernel_create(net, NETLINK_AUDIT, &cfg);
> >> - if (aunet->nlsk == NULL)
> >> - return -ENOMEM;
> >> - if (!aunet->nlsk)
> >> + if (aunet->nlsk == NULL) {
> >> audit_panic("cannot initialize netlink socket in namespace");
> >> - else
> >> - aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
> >> + return -ENOMEM;
> >> + }
> >> + aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
> >> return 0;
> >> }
> >
> > What kernel version are these against? Something ancient, I expect -
> > audit_net_init() doesn't exist.
> >
> > Please check current kernels, redo and resend the patches if anything
> > needs changing?
>
> This patch is against Richard Guy Briggs's audit tree. the current kernel
> doesn't have this problem.
>
> BTW, Richard & Eric, when do you plan to push these changes to the upstream?
> there are a lot of changes in Richard's tree.
Planning for this merge window.
- RGB
--
Richard Guy Briggs <rbriggs@redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2014-01-08 3:30 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-12-17 3:10 [PATCH 1/2] audit: print error message when fail to create audit socket Gao feng
2013-12-17 3:10 ` [PATCH 2/2] audit: fix incorrect set of audit_sock Gao feng
2013-12-17 16:02 ` Eric Paris
2013-12-20 1:38 ` Richard Guy Briggs
2013-12-17 15:56 ` [PATCH 1/2] audit: print error message when fail to create audit socket Eric Paris
2013-12-17 15:56 ` Eric Paris
2013-12-20 1:34 ` Richard Guy Briggs
2013-12-20 1:34 ` Richard Guy Briggs
2014-01-08 0:53 ` Andrew Morton
2014-01-08 1:18 ` Gao feng
2014-01-08 3:30 ` Richard Guy Briggs
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.