From: Cui GaoSheng <cuigaosheng1@huawei.com> hulk inclusion category: bugfix bugzilla: 186133 https://gitee.com/openeuler/kernel/issues/I4RGWS?from=project-issue CVE: NA ----------------------------------------------------------------- When we add "audit=1" to the cmdline, if we keep the audit_hold_queue non-empty, flush the hold queue will fall into an infinite loop. So we need to fix it by stoping flush the hold queue when netlink abnormal. Fixes: bd8698d87053 ("audit: improve robustness of the audit queue handling") Signed-off-by: Cui GaoSheng <cuigaosheng1@huawei.com> Reviewed-by: weiyang wang <wangweiyang2@huawei.com> Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> --- kernel/audit.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/kernel/audit.c b/kernel/audit.c index 2a38cbaf3ddb..21be62bc8205 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -732,6 +732,8 @@ static int kauditd_send_queue(struct sock *sk, u32 portid, if (!sk) { if (err_hook) (*err_hook)(skb); + if (queue == &audit_hold_queue) + goto out; continue; } @@ -748,6 +750,8 @@ static int kauditd_send_queue(struct sock *sk, u32 portid, (*err_hook)(skb); if (rc == -EAGAIN) rc = 0; + if (queue == &audit_hold_queue) + goto out; /* continue to drain the queue */ continue; } else @@ -759,6 +763,7 @@ static int kauditd_send_queue(struct sock *sk, u32 portid, } } +out: return (rc >= 0 ? 0 : rc); } -- 2.20.1