Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp3386983pxb;
        Mon, 17 Jan 2022 19:19:06 -0800 (PST)
X-Google-Smtp-Source: ABdhPJyos0PTFlZ2H89GXtvg4KMlYfSLCBnrYL22pUxGsuJZLVR4vU8R5x3M5dZLRgm7tzrkx0fH
X-Received: by 2002:a17:90b:1a84:: with SMTP id ng4mr7036872pjb.237.1642475946088;
        Mon, 17 Jan 2022 19:19:06 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1642475946; cv=none;
        d=google.com; s=arc-20160816;
        b=t+wsIUy8nlZulOjDLapj0C7IKzv9PTG6ayV0i810IJWj5JoX4bUlcvFECEtREHOlR4
         JUPtyVxeGiJJJ79xg46oFUba9+I1R08tSGTPJnWQIPner6hAGvkLE6XZNnqPBzpn1d5H
         GiqfC9lR/19Nnp30O9+E1K00vznx5dDZqPlAMSeKRR6zWYMv9aMEmi53sHVMFsHJiT2d
         kyh0TnYTjJWq+eA1X672lFHpDPmjaKQ4nPCsqX69fjTwcY4QAWwKhCvE4hWzKiKj7QZK
         0PlS2K4l/Re9FwP0zLJGBxl0RO6XHpsgXsVjlMuAizdKjeb/Yf8yS54RJxgZ32UMOxcn
         baxg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=Uuv9QZns7SJLJzKYSjJ34vn1cnxcDInGM/+D26sos0c=;
        b=bVIHmoqVLG0H5yDO2JCyOj6Aov6lWi/u3iYWjYhthZrrfm8NI79VAwvcCPR5RESXyF
         DypE/FHHpxm8uWJh0O1cJ+Z6m/ofaUtnomIy8cvoRdxo0y5b/fhmsTSqg3WiTBWIMbtL
         aMILDyrjH1AyGui+NM9xe9Btggz3+r30go6Sb1t054nYQvyMvli4gv5B4GL+WQZpxjV8
         NuSKBZSvLTMcvnV1XH6/ovKBoLAJ7Xx73EVC+XH6Eva+bGLSH2cGbF3IALK5wdq5xxek
         wW4rO3Nb90rAMmxvWnZm5J3o8c7s/yM3NDAIEeQE6FEl87RHz3eI1J+pjx1ceVDdnPqb
         m6uQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=RIv3sOdf;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id z16si8498151pfe.359.2022.01.17.19.18.54;
        Mon, 17 Jan 2022 19:19:06 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=RIv3sOdf;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S245166AbiARC3K (ORCPT <rfc822;shakeebbk@gmail.com> + 99 others);
        Mon, 17 Jan 2022 21:29:10 -0500
Received: from ams.source.kernel.org ([145.40.68.75]:40464 "EHLO
        ams.source.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S245255AbiARC1F (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 17 Jan 2022 21:27:05 -0500
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id 83F4FB81250;
        Tue, 18 Jan 2022 02:27:02 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 77D0DC36AF4;
        Tue, 18 Jan 2022 02:27:00 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1642472821;
        bh=vNMezxssj6VcvR7r/jjQIM53BOA5+j+5fVwfrXZIJ98=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=RIv3sOdf7ChWhZLYRXkrSJUMhyfLYW6pYLIFH5vsn2fgzrBZo3S38GrFLTmqoUOmv
         MGv+ooOcKXfp+o3647mt88YG73bz9P81NPt4jg3VOYvOmt/KXg4KpuFvL5Z9NVDjkz
         wQHiC3haqphM0IaQcUWx7/NkqW3tLc6BW+vQ3QdOtOxFam7MYH131Jak8RVb/5DO23
         ykjVBqhQtba1m2muCUAj3+eBjmKJNnjQH89XklotOXqYvJUxnghKG4IDvkmi+ZM5O6
         1/nYZ3xvDuDXDuyQolYd/r7NHkhbefyjlHsdYTtVSfrouzz56nsTb0IRwQV/d3J8Vh
         z9pR+FHd7EdtQ==
From:   Sasha Levin <sashal@kernel.org>
To:     linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc:     Paul Moore <paul@paul-moore.com>,
        Gaosheng Cui <cuigaosheng1@huawei.com>,
        Richard Guy Briggs <rgb@redhat.com>,
        Sasha Levin <sashal@kernel.org>, eparis@redhat.com,
        linux-audit@redhat.com
Subject: [PATCH AUTOSEL 5.16 142/217] audit: ensure userspace is penalized the same as the kernel when under pressure
Date:   Mon, 17 Jan 2022 21:18:25 -0500
Message-Id: <20220118021940.1942199-142-sashal@kernel.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20220118021940.1942199-1-sashal@kernel.org>
References: <20220118021940.1942199-1-sashal@kernel.org>
MIME-Version: 1.0
X-stable: review
X-Patchwork-Hint: Ignore
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Paul Moore <paul@paul-moore.com>

[ Upstream commit 8f110f530635af44fff1f4ee100ecef0bac62510 ]

Due to the audit control mutex necessary for serializing audit
userspace messages we haven't been able to block/penalize userspace
processes that attempt to send audit records while the system is
under audit pressure.  The result is that privileged userspace
applications have a priority boost with respect to audit as they are
not bound by the same audit queue throttling as the other tasks on
the system.

This patch attempts to restore some balance to the system when under
audit pressure by blocking these privileged userspace tasks after
they have finished their audit processing, and dropped the audit
control mutex, but before they return to userspace.

Reported-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Tested-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Reviewed-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/audit.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/kernel/audit.c b/kernel/audit.c
index 4cebadb5f30db..eab7282668ab9 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1540,6 +1540,20 @@ static void audit_receive(struct sk_buff  *skb)
 		nlh = nlmsg_next(nlh, &len);
 	}
 	audit_ctl_unlock();
+
+	/* can't block with the ctrl lock, so penalize the sender now */
+	if (audit_backlog_limit &&
+	    (skb_queue_len(&audit_queue) > audit_backlog_limit)) {
+		DECLARE_WAITQUEUE(wait, current);
+
+		/* wake kauditd to try and flush the queue */
+		wake_up_interruptible(&kauditd_wait);
+
+		add_wait_queue_exclusive(&audit_backlog_wait, &wait);
+		set_current_state(TASK_UNINTERRUPTIBLE);
+		schedule_timeout(audit_backlog_wait_time);
+		remove_wait_queue(&audit_backlog_wait, &wait);
+	}
 }
 
 /* Log information about who is connecting to the audit multicast socket */
@@ -1824,7 +1838,9 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
 	 *    task_tgid_vnr() since auditd_pid is set in audit_receive_msg()
 	 *    using a PID anchored in the caller's namespace
 	 * 2. generator holding the audit_cmd_mutex - we don't want to block
-	 *    while holding the mutex */
+	 *    while holding the mutex, although we do penalize the sender
+	 *    later in audit_receive() when it is safe to block
+	 */
 	if (!(auditd_test_task(current) || audit_ctl_owner_current())) {
 		long stime = audit_backlog_wait_time;
 
-- 
2.34.1