From: Cui GaoSheng <cuigaosheng1@huawei.com> hulk inclusion category: bugfix bugzilla: 186105, https://gitee.com/openeuler/kernel/issues/I4RGWS?from=project-issue CVE: NA ----------------------------------------------------------------- When we add "audit=1" to the cmdline, if we keep the audit_hold_queue non-empty, flush the hold queue will fall into an infinite loop. So we need to fix it by stoping flush the hold queue when netlink abnormal. Fixes: 3413ddc91e02a ("audit: improve robustness of the audit queue handling") Signed-off-by: Cui GaoSheng <cuigaosheng1@huawei.com> Reviewed-by: Xiu Jianfeng <xiujianfeng@huawei.com> Reviewed-by: weiyang wang <wangweiyang2@huawei.com> Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> --- kernel/audit.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/kernel/audit.c b/kernel/audit.c index c5e034fe14bbb..3de5ebb945592 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -740,6 +740,8 @@ static int kauditd_send_queue(struct sock *sk, u32 portid, if (!sk) { if (err_hook) (*err_hook)(skb); + if (queue == &audit_hold_queue) + goto out; continue; } @@ -756,6 +758,8 @@ static int kauditd_send_queue(struct sock *sk, u32 portid, (*err_hook)(skb); if (rc == -EAGAIN) rc = 0; + if (queue == &audit_hold_queue) + goto out; /* continue to drain the queue */ continue; } else @@ -767,6 +771,7 @@ static int kauditd_send_queue(struct sock *sk, u32 portid, } } +out: return (rc >= 0 ? 0 : rc); } -- 2.25.1