diff options
| author | Richard Guy Briggs | 2013-12-02 17:33:01 +0100 |
|---|---|---|
| committer | Eric Paris | 2014-01-14 04:32:11 +0100 |
| commit | 1b7b533f65db9b31f76972b2899ec7ec6433ae77 (patch) | |
| tree | 8b06c5c5fd3a8844647c66a75f63d2bf2197cc6a /kernel/audit.c | |
| parent | smack: call WARN_ONCE() instead of calling audit_log_start() (diff) | |
| download | kernel-qcow2-linux-1b7b533f65db9b31f76972b2899ec7ec6433ae77.tar.gz kernel-qcow2-linux-1b7b533f65db9b31f76972b2899ec7ec6433ae77.tar.xz kernel-qcow2-linux-1b7b533f65db9b31f76972b2899ec7ec6433ae77.zip | |
audit: drop audit_cmd_lock in AUDIT_USER family of cases
We do not need to hold the audit_cmd_mutex for this family of cases. The
possible exception to this is the call to audit_filter_user(), so drop the lock
immediately after. To help in fixing the race we are trying to avoid, make
sure that nothing called by audit_filter_user() calls audit_log_start(). In
particular, watch out for *_audit_rule_match().
This fix will take care of systemd and anything USING audit. It still means
that we could race with something configuring audit and auditd shutting down.
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Reported-by: toshi.okajima@jp.fujitsu.com
Tested-by: toshi.okajima@jp.fujitsu.com
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'kernel/audit.c')
| -rw-r--r-- | kernel/audit.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index ce8514f9aa6c..c05b6027e874 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -876,6 +876,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) if (err) break; } + mutex_unlock(&audit_cmd_mutex); audit_log_common_recv_msg(&ab, msg_type); if (msg_type != AUDIT_USER_TTY) audit_log_format(ab, " msg='%.*s'", @@ -893,6 +894,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } audit_set_portid(ab, NETLINK_CB(skb).portid); audit_log_end(ab); + mutex_lock(&audit_cmd_mutex); } break; case AUDIT_ADD_RULE: |