Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[PATCH 2/2] audit: fix incorrect set of audit_sock
5 views
Skip to first unread message
Gao feng
Dec 16, 2013, 10:10:02 PM12/16/13
to
NETLINK_CB(skb).sk is the socket of user space process,
netlink_unicast in kauditd_send_skb wants the kernel
side socket. Since the sk_state of audit netlink socket
is not NETLINK_CONNECTED, so the netlink_getsockbyportid
doesn't return -ECONNREFUSED.
And the socket of userspace process can be released anytime,
so the audit_sock may point to invalid socket.
this patch sets the audit_sock to the kernel side audit
netlink socket.
Signed-off-by: Gao feng <gao...@cn.fujitsu.com>
---
kernel/audit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index 041b951..ff1d1d7 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -822,7 +822,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
audit_log_config_change("audit_pid", new_pid, audit_pid, 1);
audit_pid = new_pid;
audit_nlk_portid = NETLINK_CB(skb).portid;
- audit_sock = NETLINK_CB(skb).sk;
+ audit_sock = skb->sk;
}
if (s.mask & AUDIT_STATUS_RATE_LIMIT) {
err = audit_set_rate_limit(s.rate_limit);
--
1.8.3.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majo...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
netlink_unicast in kauditd_send_skb wants the kernel
side socket. Since the sk_state of audit netlink socket
is not NETLINK_CONNECTED, so the netlink_getsockbyportid
doesn't return -ECONNREFUSED.
And the socket of userspace process can be released anytime,
so the audit_sock may point to invalid socket.
this patch sets the audit_sock to the kernel side audit
netlink socket.
Signed-off-by: Gao feng <gao...@cn.fujitsu.com>
---
kernel/audit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index 041b951..ff1d1d7 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -822,7 +822,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
audit_log_config_change("audit_pid", new_pid, audit_pid, 1);
audit_pid = new_pid;
audit_nlk_portid = NETLINK_CB(skb).portid;
- audit_sock = NETLINK_CB(skb).sk;
+ audit_sock = skb->sk;
}
if (s.mask & AUDIT_STATUS_RATE_LIMIT) {
err = audit_set_rate_limit(s.rate_limit);
--
1.8.3.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majo...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Gao feng
Dec 16, 2013, 10:20:01 PM12/16/13
to
print the error message and then return -ENOMEM.
kernel/audit.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index 2a0ed0b..041b951 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1083,12 +1083,11 @@ static int __net_init audit_net_init(struct net *net)
pr_info("audit: initializing netlink socket in namespace\n");
aunet->nlsk = netlink_kernel_create(net, NETLINK_AUDIT, &cfg);
- if (aunet->nlsk == NULL)
- return -ENOMEM;
- if (!aunet->nlsk)
+ if (aunet->nlsk == NULL) {
audit_panic("cannot initialize netlink socket in namespace");
- else
- aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
+ return -ENOMEM;
+ }
+ aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
return 0;
kernel/audit.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index 2a0ed0b..041b951 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1083,12 +1083,11 @@ static int __net_init audit_net_init(struct net *net)
pr_info("audit: initializing netlink socket in namespace\n");
aunet->nlsk = netlink_kernel_create(net, NETLINK_AUDIT, &cfg);
- if (aunet->nlsk == NULL)
- return -ENOMEM;
- if (!aunet->nlsk)
+ if (aunet->nlsk == NULL) {
audit_panic("cannot initialize netlink socket in namespace");
- else
- aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
+ return -ENOMEM;
+ }
+ aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
return 0;
Eric Paris
Dec 17, 2013, 11:00:03 AM12/17/13
to
On Tue, 2013-12-17 at 11:10 +0800, Gao feng wrote:
> print the error message and then return -ENOMEM.
>
> Signed-off-by: Gao feng <gao...@cn.fujitsu.com>
Haha. If it's NULL return. No no, if it's REALLY null audit_panic().
> print the error message and then return -ENOMEM.
>
> Signed-off-by: Gao feng <gao...@cn.fujitsu.com>
Acked-by: Eric Paris <epa...@redhat.com>
> ---
> kernel/audit.c | 9 ++++-----
> 1 file changed, 4 insertions(+), 5 deletions(-)
>
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 2a0ed0b..041b951 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -1083,12 +1083,11 @@ static int __net_init audit_net_init(struct net *net)
> pr_info("audit: initializing netlink socket in namespace\n");
>
> aunet->nlsk = netlink_kernel_create(net, NETLINK_AUDIT, &cfg);
> - if (aunet->nlsk == NULL)
> - return -ENOMEM;
> - if (!aunet->nlsk)
> + if (aunet->nlsk == NULL) {
> audit_panic("cannot initialize netlink socket in namespace");
> - else
> - aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
> + return -ENOMEM;
> + }
> + aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
> return 0;
> }
>
--
> kernel/audit.c | 9 ++++-----
> 1 file changed, 4 insertions(+), 5 deletions(-)
>
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 2a0ed0b..041b951 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -1083,12 +1083,11 @@ static int __net_init audit_net_init(struct net *net)
> pr_info("audit: initializing netlink socket in namespace\n");
>
> aunet->nlsk = netlink_kernel_create(net, NETLINK_AUDIT, &cfg);
> - if (aunet->nlsk == NULL)
> - return -ENOMEM;
> - if (!aunet->nlsk)
> + if (aunet->nlsk == NULL) {
> audit_panic("cannot initialize netlink socket in namespace");
> - else
> - aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
> + return -ENOMEM;
> + }
> + aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
> return 0;
> }
>
--
Eric Paris
Dec 17, 2013, 11:10:02 AM12/17/13
to
On Tue, 2013-12-17 at 11:10 +0800, Gao feng wrote:
> NETLINK_CB(skb).sk is the socket of user space process,
> netlink_unicast in kauditd_send_skb wants the kernel
> side socket. Since the sk_state of audit netlink socket
> is not NETLINK_CONNECTED, so the netlink_getsockbyportid
> doesn't return -ECONNREFUSED.
>
> And the socket of userspace process can be released anytime,
> so the audit_sock may point to invalid socket.
>
> this patch sets the audit_sock to the kernel side audit
> netlink socket.
>
> Signed-off-by: Gao feng <gao...@cn.fujitsu.com>
Acked-by: Eric Paris <epa...@redhat.com>
> netlink_unicast in kauditd_send_skb wants the kernel
> side socket. Since the sk_state of audit netlink socket
> is not NETLINK_CONNECTED, so the netlink_getsockbyportid
> doesn't return -ECONNREFUSED.
>
> And the socket of userspace process can be released anytime,
> so the audit_sock may point to invalid socket.
>
> this patch sets the audit_sock to the kernel side audit
> netlink socket.
>
> Signed-off-by: Gao feng <gao...@cn.fujitsu.com>
> ---
> kernel/audit.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 041b951..ff1d1d7 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -822,7 +822,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
> audit_log_config_change("audit_pid", new_pid, audit_pid, 1);
> audit_pid = new_pid;
> audit_nlk_portid = NETLINK_CB(skb).portid;
> - audit_sock = NETLINK_CB(skb).sk;
> + audit_sock = skb->sk;
> }
> if (s.mask & AUDIT_STATUS_RATE_LIMIT) {
> err = audit_set_rate_limit(s.rate_limit);
--
Richard Guy Briggs
Dec 19, 2013, 8:40:02 PM12/19/13
to
On 13/12/17, Eric Paris wrote:
> On Tue, 2013-12-17 at 11:10 +0800, Gao feng wrote:
> > print the error message and then return -ENOMEM.
> >
> > Signed-off-by: Gao feng <gao...@cn.fujitsu.com>
>
> Haha. If it's NULL return. No no, if it's REALLY null audit_panic().
Wow, who committed *that* crap!?! :P
> On Tue, 2013-12-17 at 11:10 +0800, Gao feng wrote:
> > print the error message and then return -ENOMEM.
> >
> > Signed-off-by: Gao feng <gao...@cn.fujitsu.com>
>
> Haha. If it's NULL return. No no, if it's REALLY null audit_panic().
Thanks for the catch.
> Acked-by: Eric Paris <epa...@redhat.com>
> > ---
> > kernel/audit.c | 9 ++++-----
> > 1 file changed, 4 insertions(+), 5 deletions(-)
> >
> > diff --git a/kernel/audit.c b/kernel/audit.c
> > index 2a0ed0b..041b951 100644
> > --- a/kernel/audit.c
> > +++ b/kernel/audit.c
> > @@ -1083,12 +1083,11 @@ static int __net_init audit_net_init(struct net *net)
> > pr_info("audit: initializing netlink socket in namespace\n");
> >
> > aunet->nlsk = netlink_kernel_create(net, NETLINK_AUDIT, &cfg);
> > - if (aunet->nlsk == NULL)
> > - return -ENOMEM;
> > - if (!aunet->nlsk)
> > + if (aunet->nlsk == NULL) {
> > audit_panic("cannot initialize netlink socket in namespace");
> > - else
> > - aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
> > + return -ENOMEM;
> > + }
> > + aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
> > return 0;
> > }
--
Richard Guy Briggs <rbr...@redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
Richard Guy Briggs
Dec 19, 2013, 8:40:02 PM12/19/13
to
On 13/12/17, Gao feng wrote:
> NETLINK_CB(skb).sk is the socket of user space process,
> netlink_unicast in kauditd_send_skb wants the kernel
> side socket. Since the sk_state of audit netlink socket
> is not NETLINK_CONNECTED, so the netlink_getsockbyportid
> doesn't return -ECONNREFUSED.
>
> And the socket of userspace process can be released anytime,
> so the audit_sock may point to invalid socket.
>
> this patch sets the audit_sock to the kernel side audit
> netlink socket.
Thank you.
> NETLINK_CB(skb).sk is the socket of user space process,
> netlink_unicast in kauditd_send_skb wants the kernel
> side socket. Since the sk_state of audit netlink socket
> is not NETLINK_CONNECTED, so the netlink_getsockbyportid
> doesn't return -ECONNREFUSED.
>
> And the socket of userspace process can be released anytime,
> so the audit_sock may point to invalid socket.
>
> this patch sets the audit_sock to the kernel side audit
> netlink socket.
> Signed-off-by: Gao feng <gao...@cn.fujitsu.com>
> ---
> kernel/audit.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 041b951..ff1d1d7 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -822,7 +822,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
> audit_log_config_change("audit_pid", new_pid, audit_pid, 1);
> audit_pid = new_pid;
> audit_nlk_portid = NETLINK_CB(skb).portid;
> - audit_sock = NETLINK_CB(skb).sk;
> + audit_sock = skb->sk;
> }
> if (s.mask & AUDIT_STATUS_RATE_LIMIT) {
> err = audit_set_rate_limit(s.rate_limit);
> --
> 1.8.3.1
- RGB
--
Richard Guy Briggs <rbr...@redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
Richard Guy Briggs <rbr...@redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
Andrew Morton
Jan 7, 2014, 8:00:02 PM1/7/14
to
On Tue, 17 Dec 2013 11:10:41 +0800 Gao feng <gao...@cn.fujitsu.com> wrote:
> print the error message and then return -ENOMEM.
>
> ...
> print the error message and then return -ENOMEM.
>
>
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -1083,12 +1083,11 @@ static int __net_init audit_net_init(struct net *net)
> pr_info("audit: initializing netlink socket in namespace\n");
>
> aunet->nlsk = netlink_kernel_create(net, NETLINK_AUDIT, &cfg);
> - if (aunet->nlsk == NULL)
> - return -ENOMEM;
> - if (!aunet->nlsk)
> + if (aunet->nlsk == NULL) {
> audit_panic("cannot initialize netlink socket in namespace");
> - else
> - aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
> + return -ENOMEM;
> + }
> + aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
> return 0;
> }
What kernel version are these against? Something ancient, I expect -
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -1083,12 +1083,11 @@ static int __net_init audit_net_init(struct net *net)
> pr_info("audit: initializing netlink socket in namespace\n");
>
> aunet->nlsk = netlink_kernel_create(net, NETLINK_AUDIT, &cfg);
> - if (aunet->nlsk == NULL)
> - return -ENOMEM;
> - if (!aunet->nlsk)
> + if (aunet->nlsk == NULL) {
> audit_panic("cannot initialize netlink socket in namespace");
> - else
> - aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
> + return -ENOMEM;
> + }
> + aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
> return 0;
> }
audit_net_init() doesn't exist.
Please check current kernels, redo and resend the patches if anything
needs changing?
Gao feng
Jan 7, 2014, 8:20:02 PM1/7/14
to
On 01/08/2014 08:53 AM, Andrew Morton wrote:
> On Tue, 17 Dec 2013 11:10:41 +0800 Gao feng <gao...@cn.fujitsu.com> wrote:
>
>> print the error message and then return -ENOMEM.
>>
>> ...
>>
>> --- a/kernel/audit.c
>> +++ b/kernel/audit.c
>> @@ -1083,12 +1083,11 @@ static int __net_init audit_net_init(struct net *net)
>> pr_info("audit: initializing netlink socket in namespace\n");
>>
>> aunet->nlsk = netlink_kernel_create(net, NETLINK_AUDIT, &cfg);
>> - if (aunet->nlsk == NULL)
>> - return -ENOMEM;
>> - if (!aunet->nlsk)
>> + if (aunet->nlsk == NULL) {
>> audit_panic("cannot initialize netlink socket in namespace");
>> - else
>> - aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
>> + return -ENOMEM;
>> + }
>> + aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
>> return 0;
>> }
>
> What kernel version are these against? Something ancient, I expect -
> audit_net_init() doesn't exist.
>
> Please check current kernels, redo and resend the patches if anything
> needs changing?
This patch is against Richard Guy Briggs's audit tree. the current kernel
> On Tue, 17 Dec 2013 11:10:41 +0800 Gao feng <gao...@cn.fujitsu.com> wrote:
>
>> print the error message and then return -ENOMEM.
>>
>> ...
>>
>> --- a/kernel/audit.c
>> +++ b/kernel/audit.c
>> @@ -1083,12 +1083,11 @@ static int __net_init audit_net_init(struct net *net)
>> pr_info("audit: initializing netlink socket in namespace\n");
>>
>> aunet->nlsk = netlink_kernel_create(net, NETLINK_AUDIT, &cfg);
>> - if (aunet->nlsk == NULL)
>> - return -ENOMEM;
>> - if (!aunet->nlsk)
>> + if (aunet->nlsk == NULL) {
>> audit_panic("cannot initialize netlink socket in namespace");
>> - else
>> - aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
>> + return -ENOMEM;
>> + }
>> + aunet->nlsk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
>> return 0;
>> }
>
> What kernel version are these against? Something ancient, I expect -
> audit_net_init() doesn't exist.
>
> Please check current kernels, redo and resend the patches if anything
> needs changing?
doesn't have this problem.
BTW, Richard & Eric, when do you plan to push these changes to the upstream?
there are a lot of changes in Richard's tree.
Richard Guy Briggs
Jan 7, 2014, 10:40:01 PM1/7/14
to
- RGB
--
Richard Guy Briggs <rbr...@redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
0 new messages