[PATCH] audit: ensure userspace is penalized the same as the kernel when under pressure
Paul Moore
paul at paul-moore.com
Wed Dec 15 18:15:17 UTC 2021
On Tue, Dec 14, 2021 at 11:16 AM Paul Moore <paul at paul-moore.com> wrote:
>
> Due to the audit control mutex necessary for serializing audit
> userspace messages we haven't been able to block/penalize userspace
> processes that attempt to send audit records while the system is
> under audit pressure. The result is that privileged userspace
> applications have a priority boost with respect to audit as they are
> not bound by the same audit queue throttling as the other tasks on
> the system.
>
> This patch attempts to restore some balance to the system when under
> audit pressure by blocking these privileged userspace tasks after
> they have finished their audit processing, and dropped the audit
> control mutex, but before they return to userspace.
>
> Reported-by: Gaosheng Cui <cuigaosheng1 at huawei.com>
> Signed-off-by: Paul Moore <paul at paul-moore.com>
> ---
> kernel/audit.c | 18 +++++++++++++++++-
> 1 file changed, 17 insertions(+), 1 deletion(-)
FYI, I just merged this into audit/next; thanks for the testing/review
help everyone!
--
paul moore
www.paul-moore.com
More information about the Linux-audit
mailing list