lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <52262DE0.2020708@oracle.com>
Date:	Tue, 03 Sep 2013 13:43:44 -0500
From:	Dave Kleikamp <dave.kleikamp@...cle.com>
To:	Chuck Anderson <chuck.anderson@...cle.com>
CC:	linux-kernel@...r.kernel.org, Al Viro <viro@...iv.linux.org.uk>,
	Eric Paris <eparis@...hat.com>,
	Dan Duval <dan.duval@...cle.com>,
	Luiz Capitulino <lcapitulino@...hat.com>,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [PATCH 2/2] audit: Two efficiency fixes for audit mechanism

Adding my ack.

On 09/02/2013 10:53 PM, Chuck Anderson wrote:
> audit: Two efficiency fixes for audit mechanism
> 
> author: Dan Duval <dan.duval@...cle.com>
> 
> These and similar errors were seen on a patched 3.8 kernel when the
> audit subsystem was overrun during boot:
> 
>   udevd[876]: worker [887] unexpectedly returned with status 0x0100
>   udevd[876]: worker [887] failed while handling
> '/devices/pci0000:00/0000:00:03.0/0000:40:00.0'
>   udevd[876]: worker [880] unexpectedly returned with status 0x0100
>   udevd[876]: worker [880] failed while handling
> '/devices/LNXSYSTM:00/LNXPWRBN:00/input/input1/event1'
> 
>   udevadm settle - timeout of 180 seconds reached, the event queue
> contains:
>     /sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input1/event1 (3995)
>     /sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/INT3F0D:00 (4034)
> 
>   audit: audit_backlog=258 > audit_backlog_limit=256
>   audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=256
> 
> The changes below increase the efficiency of the audit code and
> prevent it from being overrun:
> 
> 1. Only issue a wake_up in kauditd if the length of the skb queue
>    is less than the backlog limit.  Otherwise, threads waiting in
>    wait_for_auditd() will simply wake up, discover that the
>    queue is still too long for them to proceed, and go back
>    to sleep.  This results in wasted context switches and
>    machine cycles.  kauditd_thread() is the only function that
>    removes buffers from audit_skb_queue so we can't race.  If we
>    did, the timeout in wait_for_auditd() would expire and the
>    waiting thread would continue.
> 
> 2. Use add_wait_queue_exclusive() in wait_for_auditd() to put the
>    thread on the wait queue.  When kauditd dequeues an skb, all
>    of the waiting threads are waiting for the same resource, but
>    only one is going to get it, so there's no need to wake up
>    more than one waiter.
> 
> Signed-off-by: Dan Duval <dan.duval@...cle.com>
> Signed-off-by: Chuck Anderson <chuck.anderson@...cle.com>
Acked-by: Dave Kleikamp <dave.kleikamp@...cle.com>
> ---
>  kernel/audit.c |    7 +++++--
>  1 files changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 9a78dde..d87b4dd 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -449,8 +449,11 @@ static int kauditd_thread(void *dummy)
>          flush_hold_queue();
> 
>          skb = skb_dequeue(&audit_skb_queue);
> -        wake_up(&audit_backlog_wait);
> +
>          if (skb) {
> +            if(skb_queue_len(&audit_skb_queue) <= audit_backlog_limi
> t)
> +                wake_up(&audit_backlog_wait);
> +
>              if (audit_pid)
>                  kauditd_send_skb(skb);
>              else
> @@ -1059,7 +1062,7 @@ static void wait_for_auditd(unsigned long
> sleep_time, int
> limit)
>  {
>      DECLARE_WAITQUEUE(wait, current);
>      set_current_state(TASK_UNINTERRUPTIBLE);
> -    add_wait_queue(&audit_backlog_wait, &wait);
> +    add_wait_queue_exclusive(&audit_backlog_wait, &wait);
> 
>      if (audit_backlog_limit &&
>          skb_queue_len(&audit_skb_queue) > limit)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ