lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130918015731.GA13962@madcap2.tricolour.ca>
Date:	Tue, 17 Sep 2013 21:57:31 -0400
From:	Richard Guy Briggs <rgb@...hat.com>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	Eric Paris <eparis@...hat.com>,
	Konstantin Khlebnikov <khlebnikov@...nvz.org>,
	Luiz Capitulino <lcapitulino@...hat.com>,
	linux-kernel@...r.kernel.org, oleg@...hat.com
Subject: Re: [RFC] audit: avoid soft lockup in audit_log_start()

On Tue, Sep 17, 2013 at 03:28:42PM -0700, Andrew Morton wrote:
> On Tue, 10 Sep 2013 12:03:25 -0400 Eric Paris <eparis@...hat.com> wrote:
> 
> > > --- a/kernel/audit.c
> > > +++ b/kernel/audit.c
> > > @@ -1215,9 +1215,10 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
> > > 
> > >                          sleep_time = timeout_start + audit_backlog_wait_time -
> > >                                          jiffies;
> > > -                       if ((long)sleep_time > 0)
> > > +                       if ((long)sleep_time > 0) {
> > >                                  wait_for_auditd(sleep_time);
> > > -                       continue;
> > > +                               continue;
> > > +                       }
> > >                  }
> > >                  if (audit_rate_check() && printk_ratelimit())
> > >                          printk(KERN_WARNING
> > 
> > I think this is the right(ish) fix, at least it gets at the real bug.
> > 829199197a430dade2519d54f5545c4a094393b8 definitely is the problem.
> 
> um, which idiot wrote that?

Heh...

> Thngs are somewhat foggy at present.  I have two patches from
> Dan/Chuck:
> 
> Subject: audit: fix soft lockups due to loop in audit_log_start() wh,en audit_backlog_limit exceeded
> Subject: audit: two efficiency fixes for audit mechanism

I have a patchset very similar to the first and breaking up the second,
with some added bits to address other related issues I'll post RSN...

> and two from Luiz:
> 
> Subject: audit: flush_hold_queue(): don't drop queued SKBs
> Subject: audit: kaudit_send_skb(): make non-blocking call to netlink_unicast()
> 
> and now a protopatch from Konstantin which eparis likes.
> 
> So, umm, guys, can you please devote a bit of time to working out what
> we should do here?

It is coming...  I'm hearing reports from others of the same bug, so it
is getting around...


- RGB

--
Richard Guy Briggs <rbriggs@...hat.com>
Senior Software Engineer
Kernel Security
AMER ENG Base Operating Systems
Remote, Ottawa, Canada
Voice: +1.647.777.2635
Internal: (81) 32635
Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ