[PATCH] fix audit skb leak on congested netlink socket

When auditd is congested the kernel's audit system leaks skb's. First, it takes them off the audit_buffer sklist at which point they are lost, second, it allocates a new skb with 0 length payload. Then (likely still congested), it repeats this losing the new skb. Plug the leak by making sure to requeue the skb, and avoid audit_log_move() on 0 len audit_buffer. Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: Chris Wright <chrisw@osdl.org> 2005-02-01 16:30:46 -0800
committer: Linus Torvalds <torvalds@ppc970.osdl.org> 2005-02-01 16:30:46 -0800
commit: be875f828bcf48e7bb909727fcbb72b70d8e076b (patch)
tree: 0131191ba52d7149f0eafd1997503e45b719ec2c /kernel
parent: de93c78da669070dead18f2f466d638c08293a2e (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 5deb43753406..283d1baec6c4 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -494,6 +494,10 @@ static void audit_log_move(struct audit_buffer *ab)
 	char		*start;
 	int		extra = ab->nlh ? 0 : NLMSG_SPACE(0);
 
+	/* possible resubmission */
+	if (ab->len == 0)
+		return;
+
 	skb = skb_peek(&ab->sklist);
 	if (!skb || skb_tailroom(skb) <= ab->len + extra) {
 		skb = alloc_skb(2 * ab->len + extra, GFP_ATOMIC);
@@ -535,6 +539,7 @@ static inline int audit_log_drain(struct audit_buffer *ab)
 		}
 		if (retval == -EAGAIN && ab->count < 5) {
 			++ab->count;
+			skb_queue_tail(&ab->sklist, skb);
 			audit_log_end_irq(ab);
 			return 1;
 		}
author	Chris Wright <chrisw@osdl.org>	2005-02-01 16:30:46 -0800
committer	Linus Torvalds <torvalds@ppc970.osdl.org>	2005-02-01 16:30:46 -0800
commit	be875f828bcf48e7bb909727fcbb72b70d8e076b (patch)
tree	0131191ba52d7149f0eafd1997503e45b719ec2c /kernel
parent	de93c78da669070dead18f2f466d638c08293a2e (diff)