Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp4893212rwd; Tue, 23 May 2023 14:24:49 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4NT5PyVLRE46HlS4fSPn3+Zpb8jMq2/19eIAOXv5E8/cvr3V3PAgB6uCVTqUJxp3skEs2J X-Received: by 2002:a05:6a20:4320:b0:100:6a95:c289 with SMTP id h32-20020a056a20432000b001006a95c289mr18395167pzk.5.1684877089683; Tue, 23 May 2023 14:24:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684877089; cv=none; d=google.com; s=arc-20160816; b=MuvE4Q2zdvMSjfBYqMr8MQ3CCSZUFIYHm9wQM/5Qh1bt/zoHNvOQNaxbCKBF/Aud9I v/5tS7KA7QvLR73uoFcEax7rTGdh9Gy3dUy485DlrLODvwhX72rkaAZhKkK0/Iy4SMRN WYAPm/rYBXtVyRgjJs1G5bL7/s3UmXTTMMuJ9SqJSMcM5ijGGNCVhN6FdcVjapMASUPC Sdf2/sT9D1t9yKMkGR577LDleN9fcRDyaIR7CVoO39KRc8YlaX+9xEUjHWk+mbZ3LDmo +oR+SjD5espom9wzYyRU8dX7pBoS4vpNRNuTlV9w5kxxgs+Y8UerBPNhs72im9JGllG3 F+Iw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=bVP5LzI/ve6jH4tK/34zZWM+53m2j3w2mH0VmjtpPeA=; b=obX5p4bT9jfjb8S4Vq/ZyGVH0UmvDR3K7OHGNSrg7/wIdLAZRckAsx2GyITCEBDSRW V5M7V6RKaivvciuL+NFLY+0+Sanfbcsay97v5IiKTpAuuQ+R3G73SmbdgniehCDEPVjb 1Oa5uEiPton42EjQWRFF5O/peN5bFMw7p8TKieQjOv6PosMSOUBDayjk+xJgvXm2KhWT zqx0BQmoFSvtbV7y4YVbRVJghR8WMJvofvhEEAWkGQlOuW+YSplZjES/Ycvv9kH2UF6R znsRJWC6ril2EBe6bNYmGR/3hBn/vjnGf+nHKwKQ2QImThazUtZjGifase/dIgy/JWFM glaA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=BfOSh5wS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y2-20020aa79e02000000b0063b7790fde1si5343584pfq.284.2023.05.23.14.24.35; Tue, 23 May 2023 14:24:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=BfOSh5wS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233956AbjEWVHm (ORCPT + 99 others); Tue, 23 May 2023 17:07:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53404 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229574AbjEWVHl (ORCPT ); Tue, 23 May 2023 17:07:41 -0400 Received: from mail-yw1-x112e.google.com (mail-yw1-x112e.google.com [IPv6:2607:f8b0:4864:20::112e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 22970DD for ; Tue, 23 May 2023 14:07:40 -0700 (PDT) Received: by mail-yw1-x112e.google.com with SMTP id 00721157ae682-56204ac465fso2592757b3.2 for ; Tue, 23 May 2023 14:07:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1684876059; x=1687468059; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=bVP5LzI/ve6jH4tK/34zZWM+53m2j3w2mH0VmjtpPeA=; b=BfOSh5wSWWFyUGOELRl6BA8JloMrd9gWi6XndKWHrmOVB5kj5WEP34HTYQDJ9svaJl TCBbGCVgjgvMYBYMZRpiYR2GyoNTtlbh2ZI+2FYb+Us3BFX5qwLFUfBqzJ1uVw3HRgWv rsOAQWREV1qadXXmHnJIrlCZRJV2Wdg5RDl2tF4Nb6qtELTj0Z5noRMAIEhD6CoCRAzl SH1VMw49JC4YVgu6nut/Gz/9U8JH/90UEKQMV8GBQBSNy/sZ96uT6dxGr+KztfWC9kTn yw+N8XIxDkbtkOvC4ZkqNxhbH68wTiYNDOcyDUppC5EgSdSllj7ipLr1kudbcR0W6Fjr Bs1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684876059; x=1687468059; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bVP5LzI/ve6jH4tK/34zZWM+53m2j3w2mH0VmjtpPeA=; b=BQ9HHTEhVLumdISvSs0PlRjcn7DE+TmOK2fnBtqS7HoEn8BoaN+AMKDWmkRaM4Dw7U Ql3plgeCx+RIAKP76/tmdO9osweTo32KmP3fBtRHyFVtbOFQtLzeb8Mm7axHfEAsOJjh Y94dSY5cf02BUUX6JQ0WgYs2V7k50RbRpE+Cfyo6z9Qjy+fJ4kyPzZclTVOejuQ1bL/O ylt7B5YlbojfI4sueiAmW4OOWfOARoBbS8rHN9CzR/pJAT6H3IwufGx/nO/p/P5v0gye bXkswdXgCSyDO0PvLwYihvLtfUhAWCcx+7jaXNeKV20JHqC1z+f7oTadWCMlbckuWz3a Cp5Q== X-Gm-Message-State: AC+VfDwQpawaLQPdr0yp8krbE5g5C7eTKCO6oUgzrS5vlhQu+4bp+KuB xEMJ+4A2Pq5MZk5CSdQHWTVWX1mvOD4IkOShAF5F X-Received: by 2002:a81:9206:0:b0:55a:2ce1:2353 with SMTP id j6-20020a819206000000b0055a2ce12353mr15770843ywg.2.1684876059326; Tue, 23 May 2023 14:07:39 -0700 (PDT) MIME-Version: 1.0 References: <20230511052116.19452-6-eiichi.tsukata@nutanix.com> In-Reply-To: From: Paul Moore Date: Tue, 23 May 2023 17:07:28 -0400 Message-ID: Subject: Re: [PATCH v2 5/5] audit: do not use exclusive wait in audit_receive() To: Eiichi Tsukata Cc: "eparis@redhat.com" , "linux-kernel@vger.kernel.org" , "audit@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, May 22, 2023 at 11:58=E2=80=AFPM Eiichi Tsukata wrote: > > On May 22, 2023, at 13:44, Eiichi Tsukata = wrote: > >> On May 20, 2023, at 5:54, Paul Moore wrote: > >> On May 11, 2023 Eiichi Tsukata wrote: > >>> > >>> kauditd thread issues wake_up() before it goes to sleep. The wake_up(= ) > >>> call wakes up only one process as waiter side uses exclusive wait. > >>> This can be problematic when there are multiple processes (one is in > >>> audit_receive() and others are in audit_log_start()) waiting on > >>> audit_backlog_wait queue. > >>> > >>> For example, if there are two processes waiting: > >>> > >>> Process (A): in audit_receive() > >>> Process (B): in audit_log_start() > >>> > >>> And (A) is at the head of the wait queue. Then kauditd's wake_up() on= ly > >>> wakes up (A) leaving (B) as it is even if @audit_queue is drained. As= a > >>> result, (B) can be blocked for up to backlog_wait_time. > >>> > >>> To prevent the issue, use non-exclusive wait in audit_receive() so th= at > >>> kauditd can wake up all waiters in audit_receive(). > >>> > >>> Fixes: 8f110f530635 ("audit: ensure userspace is penalized the same a= s the kernel when under pressure") > >>> Signed-off-by: Eiichi Tsukata > >>> --- > >>> kernel/audit.c | 17 +++++++++++------ > >>> 1 file changed, 11 insertions(+), 6 deletions(-) > >> > >> This was also discussed in the last patchset. > > > > This bug is much easily reproducible on real environments and can cause= problematic > > user space failure like SSH connection timeout. > > Let=E2=80=99s not keep the bug unfixed. > > (Of course we=E2=80=99ve already carefully tuned audit related params a= nd user space auditd config so that our product won=E2=80=99t hit backlog f= ull.) Good. Resolving your issues through audit runtime configuration is the proper solution to this. > > BTW, the default backlog_wait_time is 60 * HZ which seems pretty large. > > I=E2=80=99d appreciate if you could tell me the reason behind that valu= e. I do not recall the original logic behind that value. It is likely that the original value predated my maintenance of the audit subsystem. --=20 paul-moore.com