audit: Send netlink ACK before setting connection in auditd_set (!4084) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Richard Guy Briggs requested to merge rbriggs/centos-stream-9:jr-9096-audit-enobufs into main Apr 18, 2024

JIRA: https://issues.redhat.com/browse/RHEL-9096
Upstream Status: v6.7-rc2

commit 022732e3d846e197539712e51ecada90ded0572a
Author: Chris Riches chris.riches@nutanix.com
Date: Wed Oct 18 09:23:51 2023 +0000

audit: Send netlink ACK before setting connection in auditd_set      
  
When auditd_set sets the auditd_conn pointer, audit messages can      
immediately be put on the socket by other kernel threads. If the backlog      
is large or the rate is high, this can immediately fill the socket      
buffer. If the audit daemon requested an ACK for this operation, a full      
socket buffer causes the ACK to get dropped, also setting ENOBUFS on the      
socket.      
  
To avoid this race and ensure ACKs get through, fast-track the ACK in      
this specific case to ensure it is sent before auditd_conn is set.      
  
Signed-off-by: Chris Riches <chris.riches@nutanix.com>      
[PM: fix some tab vs space damage]      
Signed-off-by: Paul Moore <paul@paul-moore.com>

Signed-off-by: Richard Guy Briggs rgb@redhat.com

d544c254 (Richard Guy Briggs)
audit: Send netlink ACK before setting connection in auditd_set

kernel/audit.c | 31 ++++++++++++++++++++++++-------
1 file changed, 24 insertions(+), 7 deletions(-)

Edited Jul 20, 2024 by Richard Guy Briggs

audit: Send netlink ACK before setting connection in auditd_set

Merge request reports