Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp3592913pxb;
        Mon, 24 Jan 2022 13:03:27 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwZR933hjwjwrl0vHOrTkOaNmv8Y0xN2G1gfBNAMDlFfshX0om19YNsMyQ4Ng7kSnvOsRm/
X-Received: by 2002:a17:90b:17c4:: with SMTP id me4mr141019pjb.243.1643058207083;
        Mon, 24 Jan 2022 13:03:27 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1643058207; cv=none;
        d=google.com; s=arc-20160816;
        b=GO0KdmzVX1eXes7wWIyBfceAQMumN7gnpcMjBnXyO6w2C7NbV6/v02hFDMQFqqikuL
         v5fAqMg4Y/uGhrr95ZlR7VYuqUBFQbedJSlhaycg/AiLigKOM8hW1blRwj1tlNwrBkBt
         DMBEKfSj162nQGfuznAWbP4ZxWHHpDsDu7ezpYTiz2Spc2YdNPXdGklV5bLkAr1gpYOW
         i5E+WWdCAcx+Anc7eqzlJ+Acl6E2g6SoGwlyDZssY2eP5CpQyJmPoMlysAKa/TVgIVKt
         BcJJzCmAXnQ1md6WyzstmvsnLvv7ZGpvWeF6YfeyXmJMURxd3jN1MnHA0VtIbLuAIoDn
         +8tA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=mUDJC7sOpOMpvb1Hh4iH9asYtouKRYmmpV5jbOjo99Q=;
        b=Bnjg7EETnv7kHELnhRkDjOf+qnQQ6QPb1TstLow+att7v3BxwkEwwXSMAHZcr20Md1
         Hx77SXACsC4RihVjB+gV6OYeK7piNCEyPQ8OVXwtQvz+37hlr6gH1ktidbncMnO1stTa
         XCzidN++Rx8NqR5rwu6Cub7/YTeW3pliBaZO8VuWQAemw4EueU7xafNX9OFaudRwJSDf
         YLawpq0N+F0t8eFJ+O/kSTUQWFur50Jivjb3tX7Ne+igBTvAiQjLYajXal38ANrMJPqo
         0XRaFogTmRr6V4PrWXnTrKleFpfnLTU2c9/V3EPlVWcznw6GR70DXgp7tGc1Oum3ksxt
         UDyg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="qayc/WEN";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id r11si12425975plo.45.2022.01.24.13.03.14;
        Mon, 24 Jan 2022 13:03:27 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="qayc/WEN";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1383041AbiAXU0o (ORCPT <rfc822;troverman@gmail.com> + 99 others);
        Mon, 24 Jan 2022 15:26:44 -0500
Received: from dfw.source.kernel.org ([139.178.84.217]:53818 "EHLO
        dfw.source.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1348708AbiAXT7b (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 24 Jan 2022 14:59:31 -0500
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id 85F276090B;
        Mon, 24 Jan 2022 19:59:25 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 67295C340E5;
        Mon, 24 Jan 2022 19:59:24 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1643054365;
        bh=t663/92JMy5zMjLaJe1V6EEdgtY92TPBONg80JAqH8E=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=qayc/WEN9psYlYUWyuH9erv2oKtgPL7EbLcTzFOdNQ9gjWQmuDSA13hSf0iyOE2YV
         zQBqiAlGmRDBGxnhPsVPg5RqNR+fFPoCoU96KevVagregXdqZkgDA7skJWI7zHHNf1
         k4qjI5/cp1oWX/Hk0A8iFRqdlTlFzr79/AUHFpNs=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Gaosheng Cui <cuigaosheng1@huawei.com>,
        Richard Guy Briggs <rgb@redhat.com>,
        Paul Moore <paul@paul-moore.com>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.10 366/563] audit: ensure userspace is penalized the same as the kernel when under pressure
Date:   Mon, 24 Jan 2022 19:42:11 +0100
Message-Id: <20220124184037.079588334@linuxfoundation.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20220124184024.407936072@linuxfoundation.org>
References: <20220124184024.407936072@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Paul Moore <paul@paul-moore.com>

[ Upstream commit 8f110f530635af44fff1f4ee100ecef0bac62510 ]

Due to the audit control mutex necessary for serializing audit
userspace messages we haven't been able to block/penalize userspace
processes that attempt to send audit records while the system is
under audit pressure.  The result is that privileged userspace
applications have a priority boost with respect to audit as they are
not bound by the same audit queue throttling as the other tasks on
the system.

This patch attempts to restore some balance to the system when under
audit pressure by blocking these privileged userspace tasks after
they have finished their audit processing, and dropped the audit
control mutex, but before they return to userspace.

Reported-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Tested-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Reviewed-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/audit.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/kernel/audit.c b/kernel/audit.c
index d784000921da3..2a38cbaf3ddb7 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1540,6 +1540,20 @@ static void audit_receive(struct sk_buff  *skb)
 		nlh = nlmsg_next(nlh, &len);
 	}
 	audit_ctl_unlock();
+
+	/* can't block with the ctrl lock, so penalize the sender now */
+	if (audit_backlog_limit &&
+	    (skb_queue_len(&audit_queue) > audit_backlog_limit)) {
+		DECLARE_WAITQUEUE(wait, current);
+
+		/* wake kauditd to try and flush the queue */
+		wake_up_interruptible(&kauditd_wait);
+
+		add_wait_queue_exclusive(&audit_backlog_wait, &wait);
+		set_current_state(TASK_UNINTERRUPTIBLE);
+		schedule_timeout(audit_backlog_wait_time);
+		remove_wait_queue(&audit_backlog_wait, &wait);
+	}
 }
 
 /* Log information about who is connecting to the audit multicast socket */
@@ -1824,7 +1838,9 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
 	 *    task_tgid_vnr() since auditd_pid is set in audit_receive_msg()
 	 *    using a PID anchored in the caller's namespace
 	 * 2. generator holding the audit_cmd_mutex - we don't want to block
-	 *    while holding the mutex */
+	 *    while holding the mutex, although we do penalize the sender
+	 *    later in audit_receive() when it is safe to block
+	 */
 	if (!(auditd_test_task(current) || audit_ctl_owner_current())) {
 		long stime = audit_backlog_wait_time;
 
-- 
2.34.1