Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp3715462pxb; Mon, 24 Jan 2022 16:09:12 -0800 (PST) X-Google-Smtp-Source: ABdhPJwUfV71NR4pfN0w5xRGRrXSEOBUf3OkYyillON6Nd1nxv+o9jv7XizLb4lZCiKiOXcz9VxQ X-Received: by 2002:a17:902:bd0a:b0:148:b21d:bf92 with SMTP id p10-20020a170902bd0a00b00148b21dbf92mr16363080pls.16.1643069352169; Mon, 24 Jan 2022 16:09:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643069352; cv=none; d=google.com; s=arc-20160816; b=ry9HPSOewrtywqHxKnIlKQoVe5OqMqzzsKWlIR7j+R323k+1Gcbj82z5xlUx61iv6A AXx/aNONVPA7xFFdYMXTwu3aAd+qhYUFUYFOL6Nz25S/ra1mdorzvoCCGAHcaR9PB8TN I+Nk3Sf0Wnv+cpSlakI0d31uaj5patoHFYDPzus3KFxtnDJENC7fvjHD3KnrqNzWaw+v 81ZadMRu98R+FyC3VWC6J93XwWbpMKEnDn7eqAqzeKmCOroUHcTIzZhJoHNeZXIEfjN0 4SFWhyL3T798O2n2heZI80imlZ3hMckbBpUjnWCa+ArYbsi0Lbo+BqnL58BbRWDiVZAQ dBQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Uuv9QZns7SJLJzKYSjJ34vn1cnxcDInGM/+D26sos0c=; b=NiB6+ROzLwqV4wxJ5ELrtw5/PKG51y1mqhdKae2tLIPuah4I0W0A+L7PXVjad0M4w5 bBVqfvs16Lp/TZ1ZZ5l/39zLxoD7nFMRyBHIyoaj7Fu2ntFWb5V7EGjkUhcLGDrjPooa XIu3uSPfJoDVGeaKZ3xxYtmJOHzdvfgNfPPZGCFHBnjjFlv3ZqD/WVw7V3JKjwZaCU5E RPBvSRlr54tfw/j2E37/8zXV1yyxENRJd9jffMXDMBLi3nUpQa7PN33ESisNBdulZ2qu kVViLQZ98UGh20Nk9rLKyWZnL0GiirRigHU1sgFfO2CZdxZadpfGmONn8vzy4tF9g1Cw PISw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=d8gd01X5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k72si10988572pfd.254.2022.01.24.16.08.59; Mon, 24 Jan 2022 16:09:12 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=d8gd01X5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2370690AbiAYAF6 (ORCPT + 99 others); Mon, 24 Jan 2022 19:05:58 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51466 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1847531AbiAXXUA (ORCPT ); Mon, 24 Jan 2022 18:20:00 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A3C20C073200; Mon, 24 Jan 2022 13:27:49 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 4467E614B4; Mon, 24 Jan 2022 21:27:49 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 24592C340E4; Mon, 24 Jan 2022 21:27:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1643059668; bh=vNMezxssj6VcvR7r/jjQIM53BOA5+j+5fVwfrXZIJ98=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=d8gd01X5rBiDj5JKcrUWS+Sg37wFauSZdE1khSLIQOyIhkQEYGOHFNtcWPhbS97lR MlJ9q6vxgK8WDQcVWadtl4y4MfSd+EvOvD4rcXkF8lts89u2z/T6yqqweWxh+21Y/f wpQVec7VLJoLQxiNwNBArtvFiC5cpuR7UciQ06qw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Gaosheng Cui , Richard Guy Briggs , Paul Moore , Sasha Levin Subject: [PATCH 5.16 0660/1039] audit: ensure userspace is penalized the same as the kernel when under pressure Date: Mon, 24 Jan 2022 19:40:49 +0100 Message-Id: <20220124184147.548711418@linuxfoundation.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220124184125.121143506@linuxfoundation.org> References: <20220124184125.121143506@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Paul Moore [ Upstream commit 8f110f530635af44fff1f4ee100ecef0bac62510 ] Due to the audit control mutex necessary for serializing audit userspace messages we haven't been able to block/penalize userspace processes that attempt to send audit records while the system is under audit pressure. The result is that privileged userspace applications have a priority boost with respect to audit as they are not bound by the same audit queue throttling as the other tasks on the system. This patch attempts to restore some balance to the system when under audit pressure by blocking these privileged userspace tasks after they have finished their audit processing, and dropped the audit control mutex, but before they return to userspace. Reported-by: Gaosheng Cui Tested-by: Gaosheng Cui Reviewed-by: Richard Guy Briggs Signed-off-by: Paul Moore Signed-off-by: Sasha Levin --- kernel/audit.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/kernel/audit.c b/kernel/audit.c index 4cebadb5f30db..eab7282668ab9 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1540,6 +1540,20 @@ static void audit_receive(struct sk_buff *skb) nlh = nlmsg_next(nlh, &len); } audit_ctl_unlock(); + + /* can't block with the ctrl lock, so penalize the sender now */ + if (audit_backlog_limit && + (skb_queue_len(&audit_queue) > audit_backlog_limit)) { + DECLARE_WAITQUEUE(wait, current); + + /* wake kauditd to try and flush the queue */ + wake_up_interruptible(&kauditd_wait); + + add_wait_queue_exclusive(&audit_backlog_wait, &wait); + set_current_state(TASK_UNINTERRUPTIBLE); + schedule_timeout(audit_backlog_wait_time); + remove_wait_queue(&audit_backlog_wait, &wait); + } } /* Log information about who is connecting to the audit multicast socket */ @@ -1824,7 +1838,9 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, * task_tgid_vnr() since auditd_pid is set in audit_receive_msg() * using a PID anchored in the caller's namespace * 2. generator holding the audit_cmd_mutex - we don't want to block - * while holding the mutex */ + * while holding the mutex, although we do penalize the sender + * later in audit_receive() when it is safe to block + */ if (!(auditd_test_task(current) || audit_ctl_owner_current())) { long stime = audit_backlog_wait_time; -- 2.34.1