From fcfdde9cfc503cfd191b7286f9c48077fb5bf420 Mon Sep 17 00:00:00 2001
From: Cui GaoSheng <cuigaosheng1@huawei.com>
Date: Sat, 22 Jan 2022 17:58:22 +0800
Subject: [PATCH] audit: bugfix for infinite loop when flush the hold queue

hulk inclusion
category: bugfix
bugzilla: 186133 https://gitee.com/openeuler/kernel/issues/I4RGWS?from=project-issue
CVE: NA

-----------------------------------------------------------------

When we add "audit=1" to the cmdline, if we keep the audit_hold_queue
non-empty, flush the hold queue will fall into an infinite loop. So we
need to fix it by stoping flush the hold queue when netlink abnormal.

Fixes: bd8698d87053 ("audit: improve robustness of the audit queue handling")
Signed-off-by: Cui GaoSheng <cuigaosheng1@huawei.com>
Reviewed-by: weiyang wang <wangweiyang2@huawei.com>
Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com>
---
 kernel/audit.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/kernel/audit.c b/kernel/audit.c
index 2a38cbaf3ddb..21be62bc8205 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -732,6 +732,8 @@ static int kauditd_send_queue(struct sock *sk, u32 portid,
 		if (!sk) {
 			if (err_hook)
 				(*err_hook)(skb);
+			if (queue == &audit_hold_queue)
+				goto out;
 			continue;
 		}
 
@@ -748,6 +750,8 @@ static int kauditd_send_queue(struct sock *sk, u32 portid,
 					(*err_hook)(skb);
 				if (rc == -EAGAIN)
 					rc = 0;
+				if (queue == &audit_hold_queue)
+					goto out;
 				/* continue to drain the queue */
 				continue;
 			} else
@@ -759,6 +763,7 @@ static int kauditd_send_queue(struct sock *sk, u32 portid,
 		}
 	}
 
+out:
 	return (rc >= 0 ? 0 : rc);
 }
 
-- 
GitLab