From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 0CB06C433FE for ; Tue, 14 Dec 2021 16:18:29 +0000 (UTC) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-218-Nw6FGwmeOHmipryRvYgPsQ-1; Tue, 14 Dec 2021 11:18:25 -0500 X-MC-Unique: Nw6FGwmeOHmipryRvYgPsQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 6C427344B4; Tue, 14 Dec 2021 16:18:22 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7D7A81059178; Tue, 14 Dec 2021 16:18:21 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C576A4CA93; Tue, 14 Dec 2021 16:18:18 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 1BEGGWFF018465 for ; Tue, 14 Dec 2021 11:16:32 -0500 Received: by smtp.corp.redhat.com (Postfix) id 76B34140EBFD; Tue, 14 Dec 2021 16:16:32 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7293D141DED4 for ; Tue, 14 Dec 2021 16:16:32 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 58CC2805B25 for ; Tue, 14 Dec 2021 16:16:32 +0000 (UTC) Received: from mail-qt1-f175.google.com (mail-qt1-f175.google.com [209.85.160.175]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-639-05RIga_XPAGfNg6z2RJv_A-1; Tue, 14 Dec 2021 11:16:29 -0500 X-MC-Unique: 05RIga_XPAGfNg6z2RJv_A-1 Received: by mail-qt1-f175.google.com with SMTP id f20so18858360qtb.4 for ; Tue, 14 Dec 2021 08:16:29 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:from:to:cc:date:message-id:user-agent :mime-version:content-transfer-encoding; bh=OdeDWfsGkHeBB0lBt/29W5JTAmYr6lKqzTm/b5ujEJY=; b=LLBY88LbfbPvM0uLehJNDfarAG3nJm65qJEHbWSykh6ni+GdZ//jsUT0c/QHsf+Nyp xF/+hxXng/YLT1Fo2eAyfCbkpiyrizpnjhB6jelYdFQfSElc8kzxkVDT98jWVP3waZse 9wq38BXeJutvc5+2o9jy4HWF4EbTUgnkhn/nNM07i59iHfNVzGAT7HIntClY1fH02XZq XKiFyq+L+KkOoRmd3/B8GN2wg+VNjU2yz0kkIElggftXfevT1pylJOXlx1xagXaft/TA w9ZG0z0ysAaaj3tsz/Ki6Ra0c/bmOesgu+j7A3PuaPcuyG2cq1S7PzTlSXJ7dwB03Jr7 UQ8g== X-Gm-Message-State: AOAM532RXiaDBTyEHU6Z2xt45LTnw9Fpz05NaI41U9pKgXzrRMgSQ1Jo hakb4EpyvqaSsk69HePm1smYT4xa6X9u X-Google-Smtp-Source: ABdhPJySpUQO/PYupckJ+hqtAQ97ct6uuzJjHBOM8Gv7aT3I8QEtyLu+OuW+qBuUFG4rFFDKyVt7Bg== X-Received: by 2002:ac8:5c91:: with SMTP id r17mr1887897qta.339.1639498588539; Tue, 14 Dec 2021 08:16:28 -0800 (PST) Received: from localhost (pool-96-237-52-46.bstnma.fios.verizon.net. [96.237.52.46]) by smtp.gmail.com with ESMTPSA id d17sm206038qtx.96.2021.12.14.08.16.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Dec 2021 08:16:27 -0800 (PST) Subject: [PATCH] audit: ensure userspace is penalized the same as the kernel when under pressure From: Paul Moore To: linux-audit@redhat.com Date: Tue, 14 Dec 2021 11:16:27 -0500 Message-ID: <163949858723.23091.5301356986109432893.stgit@olly> User-Agent: StGit/1.4 MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 X-loop: linux-audit@redhat.com Cc: Gaosheng Cui X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Due to the audit control mutex necessary for serializing audit userspace messages we haven't been able to block/penalize userspace processes that attempt to send audit records while the system is under audit pressure. The result is that privileged userspace applications have a priority boost with respect to audit as they are not bound by the same audit queue throttling as the other tasks on the system. This patch attempts to restore some balance to the system when under audit pressure by blocking these privileged userspace tasks after they have finished their audit processing, and dropped the audit control mutex, but before they return to userspace. Reported-by: Gaosheng Cui Signed-off-by: Paul Moore --- kernel/audit.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/kernel/audit.c b/kernel/audit.c index 4cebadb5f30d..eab7282668ab 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1540,6 +1540,20 @@ static void audit_receive(struct sk_buff *skb) nlh = nlmsg_next(nlh, &len); } audit_ctl_unlock(); + + /* can't block with the ctrl lock, so penalize the sender now */ + if (audit_backlog_limit && + (skb_queue_len(&audit_queue) > audit_backlog_limit)) { + DECLARE_WAITQUEUE(wait, current); + + /* wake kauditd to try and flush the queue */ + wake_up_interruptible(&kauditd_wait); + + add_wait_queue_exclusive(&audit_backlog_wait, &wait); + set_current_state(TASK_UNINTERRUPTIBLE); + schedule_timeout(audit_backlog_wait_time); + remove_wait_queue(&audit_backlog_wait, &wait); + } } /* Log information about who is connecting to the audit multicast socket */ @@ -1824,7 +1838,9 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, * task_tgid_vnr() since auditd_pid is set in audit_receive_msg() * using a PID anchored in the caller's namespace * 2. generator holding the audit_cmd_mutex - we don't want to block - * while holding the mutex */ + * while holding the mutex, although we do penalize the sender + * later in audit_receive() when it is safe to block + */ if (!(auditd_test_task(current) || audit_ctl_owner_current())) { long stime = audit_backlog_wait_time; -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit