From: Paul Moore <paul@paul-moore.com>
Date: Tue, 29 Nov 2016 21:53:26 +0000 (-0500)
Subject: audit: handle a clean auditd shutdown with grace
X-Git-Tag: v4.10-rc1~115^2~3
X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=commitdiff_plain;h=6c54e7899693dee3db67ea996e9be0e10f67920f;p=linux.git

audit: handle a clean auditd shutdown with grace

When auditd stops cleanly it sets 'auditd_pid' to 0 with an
AUDIT_SET message, in this case we should reset our backlog
queues via the auditd_reset() function.  This patch also adds
a 'auditd_pid' check to the top of kauditd_send_unicast_skb()
so we can fail quicker.

Signed-off-by: Paul Moore <paul@paul-moore.com>
---

diff --git a/kernel/audit.c b/kernel/audit.c
index 0572e5dcfda7..b447a6b1fdc8 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -468,6 +468,10 @@ static int kauditd_send_unicast_skb(struct sk_buff *skb)
 {
 	int rc;
 
+	/* if we know nothing is connected, don't even try the netlink call */
+	if (!audit_pid)
+		return -ECONNREFUSED;
+
 	/* get an extra skb reference in case we fail to send */
 	skb_get(skb);
 	rc = netlink_unicast(audit_sock, skb, audit_nlk_portid, 0);
@@ -1009,6 +1013,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
 			audit_pid = new_pid;
 			audit_nlk_portid = NETLINK_CB(skb).portid;
 			audit_sock = skb->sk;
+			if (!new_pid)
+				auditd_reset();
 			wake_up_interruptible(&kauditd_wait);
 		}
 		if (s.mask & AUDIT_STATUS_RATE_LIMIT) {