lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon,  6 Dec 2021 16:51:42 -0800
From:   Eric Dumazet <eric.dumazet@...il.com>
To:     "David S . Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>
Cc:     netdev <netdev@...r.kernel.org>,
        Eric Dumazet <edumazet@...gle.com>,
        Eric Dumazet <eric.dumazet@...il.com>
Subject: [PATCH net-next 17/17] audit: add netns refcount tracker to struct audit_netlink_list

From: Eric Dumazet <edumazet@...gle.com>

Signed-off-by: Eric Dumazet <edumazet@...gle.com>
---
 kernel/audit.c       | 2 +-
 kernel/audit.h       | 2 ++
 kernel/auditfilter.c | 3 ++-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/kernel/audit.c b/kernel/audit.c
index 493365899d205c12338323b5a6ca6a30609a3d6a..a5b360ecb379426bbfc743f13beeb6cddc96f068 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -901,7 +901,7 @@ int audit_send_list_thread(void *_dest)
 	while ((skb = __skb_dequeue(&dest->q)) != NULL)
 		netlink_unicast(sk, skb, dest->portid, 0);
 
-	put_net(dest->net);
+	put_net_track(dest->net, &dest->ns_tracker);
 	kfree(dest);
 
 	return 0;
diff --git a/kernel/audit.h b/kernel/audit.h
index c4498090a5bd66e5c620368381c89d4dda14d851..ffa8b18d84ad170f8c76a213dba610b0e4986319 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -15,6 +15,7 @@
 #include <uapi/linux/mqueue.h>
 #include <linux/tty.h>
 #include <uapi/linux/openat2.h> // struct open_how
+#include <net/net_trackers.h>
 
 /* AUDIT_NAMES is the number of slots we reserve in the audit_context
  * for saving names from getname().  If we get more names we will allocate
@@ -236,6 +237,7 @@ extern void		    audit_panic(const char *message);
 struct audit_netlink_list {
 	__u32 portid;
 	struct net *net;
+	netns_tracker ns_tracker;
 	struct sk_buff_head q;
 };
 
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index d75acb014ccdcba2a0bed0646323f5427757e493..2ea0c2ea9b7272a8abcd4c36a4d35f17e75e92e3 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1182,7 +1182,8 @@ int audit_list_rules_send(struct sk_buff *request_skb, int seq)
 	dest = kmalloc(sizeof(*dest), GFP_KERNEL);
 	if (!dest)
 		return -ENOMEM;
-	dest->net = get_net(sock_net(NETLINK_CB(request_skb).sk));
+	dest->net = get_net_track(sock_net(NETLINK_CB(request_skb).sk),
+				  &dest->ns_tracker, GFP_KERNEL);
 	dest->portid = NETLINK_CB(request_skb).portid;
 	skb_queue_head_init(&dest->q);
 
-- 
2.34.1.400.ga245620fadb-goog

Powered by blists - more mailing lists