[PATCH] audit: ensure userspace is penalized the same as the kernel when under pressure
cuigaosheng
cuigaosheng1 at huawei.com
Wed Dec 15 01:26:31 UTC 2021
在 2021/12/15 0:16, Paul Moore 写道:
> Due to the audit control mutex necessary for serializing audit
> userspace messages we haven't been able to block/penalize userspace
> processes that attempt to send audit records while the system is
> under audit pressure. The result is that privileged userspace
> applications have a priority boost with respect to audit as they are
> not bound by the same audit queue throttling as the other tasks on
> the system.
>
> This patch attempts to restore some balance to the system when under
> audit pressure by blocking these privileged userspace tasks after
> they have finished their audit processing, and dropped the audit
> control mutex, but before they return to userspace.
>
> Reported-by: Gaosheng Cui <cuigaosheng1 at huawei.com>
> Signed-off-by: Paul Moore <paul at paul-moore.com>
> ---
> kernel/audit.c | 18 +++++++++++++++++-
> 1 file changed, 17 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 4cebadb5f30d..eab7282668ab 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -1540,6 +1540,20 @@ static void audit_receive(struct sk_buff *skb)
> nlh = nlmsg_next(nlh, &len);
> }
> audit_ctl_unlock();
> +
> + /* can't block with the ctrl lock, so penalize the sender now */
> + if (audit_backlog_limit &&
> + (skb_queue_len(&audit_queue) > audit_backlog_limit)) {
> + DECLARE_WAITQUEUE(wait, current);
> +
> + /* wake kauditd to try and flush the queue */
> + wake_up_interruptible(&kauditd_wait);
> +
> + add_wait_queue_exclusive(&audit_backlog_wait, &wait);
> + set_current_state(TASK_UNINTERRUPTIBLE);
> + schedule_timeout(audit_backlog_wait_time);
> + remove_wait_queue(&audit_backlog_wait, &wait);
> + }
> }
>
> /* Log information about who is connecting to the audit multicast socket */
> @@ -1824,7 +1838,9 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
> * task_tgid_vnr() since auditd_pid is set in audit_receive_msg()
> * using a PID anchored in the caller's namespace
> * 2. generator holding the audit_cmd_mutex - we don't want to block
> - * while holding the mutex */
> + * while holding the mutex, although we do penalize the sender
> + * later in audit_receive() when it is safe to block
> + */
> if (!(auditd_test_task(current) || audit_ctl_owner_current())) {
> long stime = audit_backlog_wait_time;
>
Tested-by: Gaosheng Cui<cuigaosheng1 at huawei.com>
More information about the Linux-audit
mailing list