[RFC PATCH 0/9] Move the audit netlink multicast send to the kauditd_thread

[Paul Moore]

On Wed, Nov 23, 2016 at 8:41 PM, Paul Moore <pmoore at redhat.com> wrote:
> This patchset started off innocently enough with the goal of moving
> the netlink multicast send from audit_log_end() to kauditd_thread().
> However, things escalated rather quickly as this uncovered, or made
> worse, a number of inherent problems in the audit backlog queues.
> This patchset attempts to address both the multicast and queue
> problems.
>
> I've spent a few weeks playing with this, stressing it a bit, and
> tweaking some of the logic and so far it is performing at least as
> well as the existing code for all the scenarios I've thrown at it;
> if you happen to have a particularly nasty audit test, I'd
> appreciate hearing about it, and I'd appreciate it even more if
> you could give it a test too.
>
> I'm posting this patchset as a RFC because this is a pretty big
> change to some rather critical code and I thought some review
> would be prudent; if I don't see anything substantial by next week
> I'll go ahead and merge this into audit#next, along with the
> patch from WANG Cong which started the little endeavor (see the
> links below).  You'll note I'm not including the patch from WANG
> Cong in this patchset for the sake of clarity.
>
> Enough from me, please take a look at the patchset that follows
> and post any comments you may have to the list.  In case you are
> running Fedora Rawhide, I've been building some kernels you can
> use to test at the link below:
>
> * GitHub Issue Trackers
> - https://github.com/linux-audit/audit-kernel/issues/23
> - https://github.com/linux-audit/audit-kernel/issues/22
>
> * Fedora Rawhide Kernel Builds
> - https://copr.fedorainfracloud.org/coprs/pcmoore/kernel-testing

As a FYI, I just merged these patches into audit#next.

-- 
paul moore
www.paul-moore.com