* [PATCH v2] netlink, audit: prevent false ENOBUFS on timeout expiry
@ 2026-05-13 17:24 Ricardo Robaina
0 siblings, 0 replies; only message in thread
From: Ricardo Robaina @ 2026-05-13 17:24 UTC (permalink / raw)
To: audit, linux-kernel, netdev
Cc: paul, eparis, edumazet, kuba, pabeni, horms, Ricardo Robaina,
Steve Grubb
When auditd is bottlenecked (e.g., by slow disk I/O), kauditd blocks on
the netlink socket. If the wait timeout fully expires (timeo == 0),
netlink mistakenly interprets the zeroed timeout as a non-blocking
request. It then triggers netlink_overrun that drops the event,
completely bypassing the audit subsystem's internal retry queue, and
falsely returns ENOBUFS to user-space, resulting in the following error:
auditd[]: Error receiving audit netlink packet (No buffer space available)
Fix this by detecting when a blocking sender's timeout has expired
(timeo == 0 && !nonblock) in netlink_unicast(). In this case, instead
of retrying with timeo=0 (which would incorrectly trigger netlink_overrun
on the next iteration), safely free the skb and return -EAGAIN, allowing
the audit subsystem to gracefully enqueue the pending event into its
internal backlog.
Suggested-by: Steve Grubb <sgrubb@redhat.com>
Suggested-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Ricardo Robaina <rrobaina@redhat.com>
---
Changes in v2:
- Use the simple check (timeo == 0 && !nonblock) to detect
expired timeout, avoiding adding a new NETLINK flag.
net/netlink/af_netlink.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 2aeb0680807d..fdc3db74b178 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1351,8 +1351,18 @@ int netlink_unicast(struct sock *ssk, struct sk_buff *skb,
}
err = netlink_attachskb(sk, skb, &timeo, ssk);
- if (err == 1)
+ if (err == 1) {
+ /* timeo may have been zeroed by schedule_timeout inside
+ * netlink_attachskb. If the caller is a timed-blocking sender
+ * (not genuinely nonblocking), don't re-enter with timeo=0 as
+ * that would misfire netlink_overrun on the next iteration.
+ */
+ if (timeo == 0 && !nonblock) {
+ kfree_skb(skb);
+ return -EAGAIN;
+ }
goto retry;
+ }
if (err)
return err;
--
2.53.0
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-05-13 17:25 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-13 17:24 [PATCH v2] netlink, audit: prevent false ENOBUFS on timeout expiry Ricardo Robaina
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox