[RFC PATCH 0/9] Move the audit netlink multicast send to the kauditd_thread

Thu Nov 24 01:41:25 UTC 2016

This patchset started off innocently enough with the goal of moving
the netlink multicast send from audit_log_end() to kauditd_thread().
However, things escalated rather quickly as this uncovered, or made
worse, a number of inherent problems in the audit backlog queues.
This patchset attempts to address both the multicast and queue
problems.

I've spent a few weeks playing with this, stressing it a bit, and
tweaking some of the logic and so far it is performing at least as
well as the existing code for all the scenarios I've thrown at it;
if you happen to have a particularly nasty audit test, I'd
appreciate hearing about it, and I'd appreciate it even more if
you could give it a test too.

I'm posting this patchset as a RFC because this is a pretty big
change to some rather critical code and I thought some review
would be prudent; if I don't see anything substantial by next week
I'll go ahead and merge this into audit#next, along with the
patch from WANG Cong which started the little endeavor (see the
links below).  You'll note I'm not including the patch from WANG
Cong in this patchset for the sake of clarity.

Enough from me, please take a look at the patchset that follows
and post any comments you may have to the list.  In case you are
running Fedora Rawhide, I've been building some kernels you can
use to test at the link below:

* GitHub Issue Trackers
- https://github.com/linux-audit/audit-kernel/issues/23
- https://github.com/linux-audit/audit-kernel/issues/22

* Fedora Rawhide Kernel Builds
- https://copr.fedorainfracloud.org/coprs/pcmoore/kernel-testing

---

Paul Moore (8):
      audit: fixup audit_init()
      audit: queue netlink multicast sends just like we do for unicast sends
      audit: rename the queues and kauditd related functions
      audit: rework the audit queue handling
      audit: rework audit_log_start()
      audit: wake up kauditd_thread after auditd registers
      audit: handle a clean auditd shutdown with grace
      audit: don't ever sleep on a command record/message

Richard Guy Briggs (1):
      audit: move kaudit thread start from auditd registration to kaudit init (#2)

 kernel/audit.c |  508 +++++++++++++++++++++++++++++++++-----------------------
 1 file changed, 302 insertions(+), 206 deletions(-)