audit: use proper refcount locking on audit_sock
authorRichard Guy Briggs <rgb@redhat.com>
Tue, 13 Dec 2016 15:03:01 +0000 (10:03 -0500)
committerPaul Moore <paul@paul-moore.com>
Wed, 14 Dec 2016 18:06:04 +0000 (13:06 -0500)
commit533c7b69c764ad5febb3e716899f43a75564fcab
treee66c8e368e3450f872cb5bb6f28a4deaac1a4985
parentfba143c66abb81307a450679f38ab953fe96a413
audit: use proper refcount locking on audit_sock

Resetting audit_sock appears to be racy.

audit_sock was being copied and dereferenced without using a refcount on
the source sock.

Bump the refcount on the underlying sock when we store a refrence in
audit_sock and release it when we reset audit_sock.  audit_sock
modification needs the audit_cmd_mutex.

See: https://lkml.org/lkml/2016/11/26/232

Thanks to Eric Dumazet <edumazet@google.com> and Cong Wang
<xiyou.wangcong@gmail.com> on ideas how to fix it.

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Reviewed-by: Cong Wang <xiyou.wangcong@gmail.com>
[PM: fixed the comment block text formatting for auditd_reset()]
Signed-off-by: Paul Moore <paul@paul-moore.com>
kernel/audit.c