Commit de92fc97e12d4b9170d1ab3dbccbdcb8c56add31
Committed by
Eric Paris
1 parent
11ee39ebf7
Exists in
master
and in
16 other branches
audit: fix incorrect set of audit_sock
NETLINK_CB(skb).sk is the socket of user space process, netlink_unicast in kauditd_send_skb wants the kernel side socket. Since the sk_state of audit netlink socket is not NETLINK_CONNECTED, so the netlink_getsockbyportid doesn't return -ECONNREFUSED. And the socket of userspace process can be released anytime, so the audit_sock may point to invalid socket. this patch sets the audit_sock to the kernel side audit netlink socket. Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com>
Showing 1 changed file with 1 additions and 1 deletions Side-by-side Diff
kernel/audit.c
... | ... | @@ -821,7 +821,7 @@ |
821 | 821 | audit_log_config_change("audit_pid", new_pid, audit_pid, 1); |
822 | 822 | audit_pid = new_pid; |
823 | 823 | audit_nlk_portid = NETLINK_CB(skb).portid; |
824 | - audit_sock = NETLINK_CB(skb).sk; | |
824 | + audit_sock = skb->sk; | |
825 | 825 | } |
826 | 826 | if (s.mask & AUDIT_STATUS_RATE_LIMIT) { |
827 | 827 | err = audit_set_rate_limit(s.rate_limit); |