Re: [RFC] audit: avoid soft lockup in audit_log_start()

From: Richard Guy Briggs
Date: Tue Sep 17 2013 - 21:57:47 EST

Next message: Al Viro: "Re: linux-next: manual merge of the vfs tree with the aio-direct tree"
Previous message: Felipe Balbi: "Re: [PATCH 1/4] usb: musb: Call atomic_notifier_call_chain whenstatus is changed"
In reply to: Luiz Capitulino: "Re: [RFC] audit: avoid soft lockup in audit_log_start()"
Next in thread: Konstantin Khlebnikov: "[PATCH] audit: fix endless wait in audit_log_start()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Sep 17, 2013 at 03:28:42PM -0700, Andrew Morton wrote:
> On Tue, 10 Sep 2013 12:03:25 -0400 Eric Paris <eparis@xxxxxxxxxx> wrote:
>
> > > --- a/kernel/audit.c
> > > +++ b/kernel/audit.c
> > > @@ -1215,9 +1215,10 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
> > >
> > > sleep_time = timeout_start + audit_backlog_wait_time -
> > > jiffies;
> > > - if ((long)sleep_time > 0)
> > > + if ((long)sleep_time > 0) {
> > > wait_for_auditd(sleep_time);
> > > - continue;
> > > + continue;
> > > + }
> > > }
> > > if (audit_rate_check() && printk_ratelimit())
> > > printk(KERN_WARNING
> >
> > I think this is the right(ish) fix, at least it gets at the real bug.
> > 829199197a430dade2519d54f5545c4a094393b8 definitely is the problem.
>
> um, which idiot wrote that?

Heh...

> Thngs are somewhat foggy at present. I have two patches from
> Dan/Chuck:
>
> Subject: audit: fix soft lockups due to loop in audit_log_start() wh,en audit_backlog_limit exceeded
> Subject: audit: two efficiency fixes for audit mechanism

I have a patchset very similar to the first and breaking up the second,
with some added bits to address other related issues I'll post RSN...

> and two from Luiz:
>
> Subject: audit: flush_hold_queue(): don't drop queued SKBs
> Subject: audit: kaudit_send_skb(): make non-blocking call to netlink_unicast()
>
> and now a protopatch from Konstantin which eparis likes.
>
> So, umm, guys, can you please devote a bit of time to working out what
> we should do here?

It is coming... I'm hearing reports from others of the same bug, so it
is getting around...

- RGB

--
Richard Guy Briggs <rbriggs@xxxxxxxxxx>
Senior Software Engineer
Kernel Security
AMER ENG Base Operating Systems
Remote, Ottawa, Canada
Voice: +1.647.777.2635
Internal: (81) 32635
Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Al Viro: "Re: linux-next: manual merge of the vfs tree with the aio-direct tree"
Previous message: Felipe Balbi: "Re: [PATCH 1/4] usb: musb: Call atomic_notifier_call_chain whenstatus is changed"
In reply to: Luiz Capitulino: "Re: [RFC] audit: avoid soft lockup in audit_log_start()"
Next in thread: Konstantin Khlebnikov: "[PATCH] audit: fix endless wait in audit_log_start()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]