On 2017-06-15 11:29, Paul Moore wrote: > From: Paul Moore <[email protected]> > > When the auditd connection is reset, either intentionally or due to > a failure, any records that were in the main backlog queue would not > be sent in a multicast broadcast. This patch fixes this problem by > not flushing the main backlog queue on a connection reset, the main > kauditd_thread() will take care of that normally. > > Resolves: https://github.com/linux-audit/audit-kernel/issues/41 > Signed-off-by: Paul Moore <[email protected]>
Looks good to me. Reviewed-by: Richard Guy Briggs <[email protected]> > --- > kernel/audit.c | 5 ++--- > 1 file changed, 2 insertions(+), 3 deletions(-) > > diff --git a/kernel/audit.c b/kernel/audit.c > index e1e2b3abfb93..7cad70214b81 100644 > --- a/kernel/audit.c > +++ b/kernel/audit.c > @@ -605,11 +605,10 @@ static void auditd_reset(const struct auditd_connection > *ac) > if (ac_old) > call_rcu(&ac_old->rcu, auditd_conn_free); > > - /* flush all of the main and retry queues to the hold queue */ > + /* flush the retry queue to the hold queue, but don't touch the main > + * queue since we need to process that normally for multicast */ > while ((skb = skb_dequeue(&audit_retry_queue))) > kauditd_hold_skb(skb); > - while ((skb = skb_dequeue(&audit_queue))) > - kauditd_hold_skb(skb); > } > > /** - RGB -- Richard Guy Briggs <[email protected]> Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
