From: Paul Moore <paul@paul-moore.com>
To: Richard Guy Briggs <rgb@redhat.com>
Cc: linux-audit@redhat.com, linux-kernel@vger.kernel.org, v.rathor@gmail.com
Subject: Re: [RFC PATCH 6/7] audit: wake up audit_backlog_wait queue when auditd goes away.
Date: Thu, 05 Nov 2015 20:21:46 -0500 [thread overview]
Message-ID: <1794726.CVITkAglxc@sifl> (raw)
In-Reply-To: <473f52eb9d2c5d218106447084f72f6cb61245de.1445539473.git.rgb@redhat.com>
On Thursday, October 22, 2015 02:53:19 PM Richard Guy Briggs wrote:
> When auditd goes away (died, killed or shutdown, or net namespace shut
> down), there is no point in sleeping waiting for auditd to drain the
> queue since that message would be distined for the hold queue after the
> timeout anyways. This will needlessly have those processes wait the
> full default timeout of 60 seconds (audit_backlog_wait_time).
>
> Wake up the processes caught in the audit_backlog_wait queue when auditd
> is no longer present so they can be sent instead to the hold queue.
>
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> ---
> kernel/audit.c | 6 +++++-
> 1 files changed, 5 insertions(+), 1 deletions(-)
>
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 34411af..688fa1e 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -425,6 +425,7 @@ restart:
> audit_log_lost(s);
> audit_pid = 0;
> audit_sock = NULL;
> + wake_up(&audit_backlog_wait);
> } else {
> pr_warn("re-scheduling(#%d) write to audit_pid=%d\n",
> attempts, audit_pid);
> @@ -882,6 +883,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct
> nlmsghdr *nlh) audit_pid = new_pid;
> audit_nlk_portid = NETLINK_CB(skb).portid;
> audit_sock = skb->sk;
> + if (!audit_pid)
> + wake_up(&audit_backlog_wait);
> }
> if (s.mask & AUDIT_STATUS_RATE_LIMIT) {
> err = audit_set_rate_limit(s.rate_limit);
I'm thinking it might be time for two small, static helper functions,
auditd_register() and auditd_unregister() (or similar, feel free to suggest
other names), that set/reset the various auditd state variables and handle the
wake_up() call. We're duplicating some code that is starting to get non-
trivial.
I'd also add a comment about why you are calling wake_up() in the unregister
function.
> @@ -1154,6 +1157,7 @@ static void __net_exit audit_net_exit(struct net *net)
> if (sock == audit_sock) {
> audit_pid = 0;
> audit_sock = NULL;
> + wake_up(&audit_backlog_wait);
> }
>
> RCU_INIT_POINTER(aunet->nlsk, NULL);
> @@ -1393,7 +1397,7 @@ struct audit_buffer *audit_log_start(struct
> audit_context *ctx, gfp_t gfp_mask, sleep_time = timeout_start +
> audit_backlog_wait_time - jiffies; if (sleep_time > 0) {
> sleep_time = wait_for_auditd(sleep_time);
> - if (sleep_time > 0)
> + if (audit_pid && sleep_time > 0)
> continue;
Perhaps handle this in wait_for_auditd()? Right now this is the only caller,
but if we use it elsewhere it seems like we would want the same logic.
--
paul moore
www.paul-moore.com
next prev parent reply other threads:[~2015-11-06 1:21 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-22 18:53 [RFC PATCH 0/7] audit: clean up audit queue handling Richard Guy Briggs
2015-10-22 18:53 ` Richard Guy Briggs
2015-10-22 18:53 ` [RFC PATCH 1/7] audit: don't needlessly reset valid wait time Richard Guy Briggs
2015-10-22 18:53 ` Richard Guy Briggs
2015-11-04 23:03 ` Paul Moore
2015-11-05 3:13 ` Richard Guy Briggs
2015-11-05 15:17 ` Paul Moore
2015-10-22 18:53 ` [RFC PATCH 2/7] audit: include auditd's threads in audit_log_start() wait exception Richard Guy Briggs
2015-11-04 23:08 ` Paul Moore
2015-10-22 18:53 ` [RFC PATCH 3/7] audit: allow systemd to use queue reserves Richard Guy Briggs
2015-10-22 18:53 ` Richard Guy Briggs
2015-10-22 19:26 ` Steve Grubb
2015-10-22 19:51 ` Richard Guy Briggs
2015-11-05 22:38 ` Paul Moore
2016-06-15 17:35 ` Richard Guy Briggs
2015-10-22 18:53 ` [RFC PATCH 4/7] audit: wake up threads if queue switched from limited to unlimited Richard Guy Briggs
2015-10-22 18:53 ` Richard Guy Briggs
2015-11-06 0:05 ` Paul Moore
2015-10-22 18:53 ` [RFC PATCH 5/7] audit: allow audit_cmd_mutex holders to use reserves Richard Guy Briggs
2015-10-22 18:53 ` Richard Guy Briggs
2015-11-06 0:48 ` Paul Moore
2015-10-22 18:53 ` [RFC PATCH 6/7] audit: wake up audit_backlog_wait queue when auditd goes away Richard Guy Briggs
2015-10-22 18:53 ` Richard Guy Briggs
2015-11-06 1:21 ` Paul Moore [this message]
2015-10-22 18:53 ` [RFC PATCH 7/7] audit: wake up kauditd_thread after auditd registers Richard Guy Briggs
2015-11-06 1:23 ` Paul Moore
2015-10-27 18:44 ` [RFC PATCH 0/7] audit: clean up audit queue handling Paul Moore
2015-10-28 18:43 ` Richard Guy Briggs
2015-10-28 18:58 ` Paul Moore
2015-10-28 18:58 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1794726.CVITkAglxc@sifl \
--to=paul@paul-moore.com \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rgb@redhat.com \
--cc=v.rathor@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.