* [PATCH 1/2] fix audit skb leak on congested netlink socket
@ 2005-01-26 0:32 Chris Wright
2005-01-26 0:33 ` [PATCH 2/2] some minor cleanups for audit_log_lost() messages Chris Wright
0 siblings, 1 reply; 2+ messages in thread
From: Chris Wright @ 2005-01-26 0:32 UTC (permalink / raw)
To: akpm; +Cc: linux-audit, linux-kernel
When auditd is congested the kernel's audit system leaks skb's. First,
it takes them off the audit_buffer sklist at which point they are lost,
second, it allocates a new skb with 0 length payload. Then (likely still
congested), it repeats this losing the new skb. Plug the leak by making
sure to requeue the skb, and avoid audit_log_move() on 0 len audit_buffer.
Signed-off-by: Chris Wright <chrisw@osdl.org>
===== kernel/audit.c 1.6 vs edited =====
--- 1.6/kernel/audit.c 2005-01-20 20:56:04 -08:00
+++ edited/kernel/audit.c 2005-01-25 14:34:32 -08:00
@@ -494,6 +494,10 @@ static void audit_log_move(struct audit_
char *start;
int extra = ab->nlh ? 0 : NLMSG_SPACE(0);
+ /* possible resubmission */
+ if (ab->len == 0)
+ return;
+
skb = skb_peek(&ab->sklist);
if (!skb || skb_tailroom(skb) <= ab->len + extra) {
skb = alloc_skb(2 * ab->len + extra, GFP_ATOMIC);
@@ -535,6 +539,7 @@ static inline int audit_log_drain(struct
}
if (retval == -EAGAIN && ab->count < 5) {
++ab->count;
+ skb_queue_tail(&ab->sklist, skb);
audit_log_end_irq(ab);
return 1;
}
^ permalink raw reply [flat|nested] 2+ messages in thread
* [PATCH 2/2] some minor cleanups for audit_log_lost() messages
2005-01-26 0:32 [PATCH 1/2] fix audit skb leak on congested netlink socket Chris Wright
@ 2005-01-26 0:33 ` Chris Wright
0 siblings, 0 replies; 2+ messages in thread
From: Chris Wright @ 2005-01-26 0:33 UTC (permalink / raw)
To: akpm; +Cc: linux-audit, linux-kernel
Some minor cleanups for audit_log_lost() messages.
Signed-off-by: Chris Wright <chrisw@osdl.org>
===== kernel/audit.c 1.7 vs edited =====
--- 1.7/kernel/audit.c 2005-01-25 14:35:07 -08:00
+++ edited/kernel/audit.c 2005-01-25 14:35:54 -08:00
@@ -160,7 +160,7 @@ static void audit_panic(const char *mess
printk(KERN_ERR "audit: %s\n", message);
break;
case AUDIT_FAIL_PANIC:
- panic(message);
+ panic("audit: %s\n", message);
break;
}
}
@@ -663,10 +663,10 @@ struct audit_buffer *audit_log_start(str
if (!ab)
ab = kmalloc(sizeof(*ab), GFP_ATOMIC);
- if (!ab)
- audit_log_lost("audit: out of memory in audit_log_start");
- if (!ab)
+ if (!ab) {
+ audit_log_lost("out of memory in audit_log_start");
return NULL;
+ }
atomic_inc(&audit_backlog);
skb_queue_head_init(&ab->sklist);
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-01-26 0:37 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-01-26 0:32 [PATCH 1/2] fix audit skb leak on congested netlink socket Chris Wright
2005-01-26 0:33 ` [PATCH 2/2] some minor cleanups for audit_log_lost() messages Chris Wright
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).