[PATCH 3/3] audit: drop audit_cmd_lock in AUDIT_USER family of cases
Toshiyuki Okajima
toshi.okajima at jp.fujitsu.com
Mon Dec 9 02:31:34 UTC 2013
On Wed, 4 Dec 2013 21:45:56 -0500
Richard Guy Briggs <rgb at redhat.com> wrote:
> We do not need to hold the audit_cmd_mutex for this family of cases. The
> possible exception to this is the call to audit_filter_user(), so drop the lock
> immediately after. To help in fixing the race we are trying to avoid, make
> sure that nothing called by audit_filter_user() calls audit_log_start(). In
> particular, watch out for *_audit_rule_match().
>
> This fix will take care of systemd and anything USING audit. It still means
> that we could race with something configuring audit and auditd shutting down.
>
> Signed-off-by: Richard Guy Briggs <rgb at tricolour.ca>
> Signed-off-by: Richard Guy Briggs <rgb at redhat.com>
When I have tested a patch with my reproducer,
a hangup by this problem doesn't occur.
//// reproducer ////
# auditctl -a exit,always -S all
# reboot
/////////////////////////
So, this fix looks good to me.
Please add:
Reported-by: toshi.okajima at jp.fujitsu.com
Tested-by: toshi.okajima at jp.fujitsu.com
Thanks.
> ---
> kernel/audit.c | 2 ++
> 1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 4689012..4cbc945 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -713,6 +713,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
> if (err)
> break;
> }
> + mutex_unlock(&audit_cmd_mutex);
> audit_log_common_recv_msg(&ab, msg_type);
> if (msg_type != AUDIT_USER_TTY)
> audit_log_format(ab, " msg='%.1024s'",
> @@ -729,6 +730,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
> }
> audit_set_pid(ab, NETLINK_CB(skb).portid);
> audit_log_end(ab);
> + mutex_lock(&audit_cmd_mutex);
> }
> break;
> case AUDIT_ADD_RULE:
> --
> 1.7.1
>
--
Toshiyuki Okajima <toshi.okajima at jp.fujitsu.com>
More information about the Linux-audit
mailing list