lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130917185402.601e524d@redhat.com>
Date:	Tue, 17 Sep 2013 18:54:02 -0400
From:	Luiz Capitulino <lcapitulino@...hat.com>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	Eric Paris <eparis@...hat.com>,
	Konstantin Khlebnikov <khlebnikov@...nvz.org>,
	linux-kernel@...r.kernel.org, oleg@...hat.com, rgb@...hat.com
Subject: Re: [RFC] audit: avoid soft lockup in audit_log_start()

On Tue, 17 Sep 2013 15:28:42 -0700
Andrew Morton <akpm@...ux-foundation.org> wrote:

> On Tue, 10 Sep 2013 12:03:25 -0400 Eric Paris <eparis@...hat.com> wrote:
> 
> > > --- a/kernel/audit.c
> > > +++ b/kernel/audit.c
> > > @@ -1215,9 +1215,10 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
> > > 
> > >                          sleep_time = timeout_start + audit_backlog_wait_time -
> > >                                          jiffies;
> > > -                       if ((long)sleep_time > 0)
> > > +                       if ((long)sleep_time > 0) {
> > >                                  wait_for_auditd(sleep_time);
> > > -                       continue;
> > > +                               continue;
> > > +                       }
> > >                  }
> > >                  if (audit_rate_check() && printk_ratelimit())
> > >                          printk(KERN_WARNING
> > 
> > I think this is the right(ish) fix, at least it gets at the real bug.
> > 829199197a430dade2519d54f5545c4a094393b8 definitely is the problem.
> 
> um, which idiot wrote that?

LOL!

> Thngs are somewhat foggy at present.  I have two patches from
> Dan/Chuck:
> 
> Subject: audit: fix soft lockups due to loop in audit_log_start() wh,en audit_backlog_limit exceeded
> Subject: audit: two efficiency fixes for audit mechanism
> 
> and two from Luiz:
> 
> Subject: audit: flush_hold_queue(): don't drop queued SKBs
> Subject: audit: kaudit_send_skb(): make non-blocking call to netlink_unicast()
> 
> and now a protopatch from Konstantin which eparis likes.
> 
> So, umm, guys, can you please devote a bit of time to working out what
> we should do here?

You can drop my patches. Konstantin's patch is a better version of my
first RFC. My second series is kind of a new concept which the audit
team seems to disagree with, and I won't push hard on it.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ