[1/4] audit: refactor queue full checks

Message ID	20230508075812.76077-2-eiichi.tsukata@nutanix.com (mailing list archive)
State	Superseded
Delegated to:	Paul Moore
Headers	show Return-Path: <audit-owner@vger.kernel.org> From: Eiichi Tsukata <eiichi.tsukata@nutanix.com> To: paul@paul-moore.com, eparis@redhat.com, linux-kernel@vger.kernel.org, audit@vger.kernel.org Cc: Eiichi Tsukata <eiichi.tsukata@nutanix.com> Subject: [PATCH 1/4] audit: refactor queue full checks Date: Mon, 8 May 2023 07:58:09 +0000 Message-Id: <20230508075812.76077-2-eiichi.tsukata@nutanix.com> In-Reply-To: <20230508075812.76077-1-eiichi.tsukata@nutanix.com> References: <20230508075812.76077-1-eiichi.tsukata@nutanix.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain MIME-Version: 1.0 Precedence: bulk
Series	audit: refactor and fix for potential deadlock \| expand [0/4] audit: refactor and fix for potential deadlock [1/4] audit: refactor queue full checks [2/4] audit: account backlog waiting time in audit_receive() [3/4] audit: convert DECLARE_WAITQUEUE to DEFINE_WAIT [4/4] audit: check if queue is full after prepare_to_wait_exclusive()

Message ID

20230508075812.76077-2-eiichi.tsukata@nutanix.com (mailing list archive)

State

Superseded

Delegated to:

Paul Moore

Headers

From: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
To: paul@paul-moore.com, eparis@redhat.com,
        linux-kernel@vger.kernel.org, audit@vger.kernel.org
Cc: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
Subject: [PATCH 1/4] audit: refactor queue full checks
Date: Mon,  8 May 2023 07:58:09 +0000
Message-Id: <20230508075812.76077-2-eiichi.tsukata@nutanix.com>
In-Reply-To: <20230508075812.76077-1-eiichi.tsukata@nutanix.com>
References: <20230508075812.76077-1-eiichi.tsukata@nutanix.com>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 meh14MsGagUsV/DL6yxsq91wtJK5UDbhCVHw9Ns+1DQHrGqVdzWCUBr76gyo+MAscUl22XVcR4I2v6u1uCFeeYiP0uXXKMim/G57EoFwl9NOb5pC94R7dpOzpja3vyRERgqOBe4A+S+/JRjq061C1bZ2llev7P8Q90nJO63Rl1rM0nkmhlwoVcGnwji0y72w3uRAorl7xXKWeoyZjbw/5mEol9PNULzpk3GDS5//HZ9QxF9DLjEZIL9A9Y0rI4bpqGuUmuayNxlcPqXXVj5au+6kTOC2VS/26MBsYffgej89Yi9E5SxLEh8VBXv4lljGG2hrxMYdlxWQ/ck1dCLVZ4nFs+GEVXCjkIP/ls1kvsF7vBaDuE+zGJxDvlczM6BV8w0HFKVaZzfQ9sgDnI7nY4Kk0m90+OH4oipUvtkn+KCK8/K2UsjXQQDuyu8JYMri9l+0f3ZV0Vt+leoOgwF5K2cOCAQN3LZ4Eiiu3wxr4lyVTZv3SXiaWnoviO7DsDo/k6lYhPwRFKTg7K2tHrNmvaSu/d+HYdVGKFSQ5Ovml+1CPevp/wTnEiYSVvLv8Fdk3PoxvkPAHbNM3uACWutCdMIxcVKklrNKOMwmCwaA4k24QX26/MTXtQwVZVLBGhpi4frpQfgSEAEOKnjvS+AgYK7+M9HZsdGHJDq/Al2HEcCZxklu932hf+33JLTEkyk2/MvV7p+rZh2wmlEYfPPvgB50K6lnUDzxQBawsPETSmjZh1Np1CoA4jBErmtL02svqvgX3loaEKU+m7OyyS5FiCF+Hjl0FtIEBgyhOuQXQOj1d6rbbFk6jTa4swkyMoqYRv8YRcXwSmYM2M+uceFxaMYKoydgXU4NuCfwiKPvLEjgYYF17ljasscKyPzXtnelF+ALj3VjWAWQAkV8qif5mvqmiP6SC1NrDMFXaUYrUEY5H48zGN4YEzCwloM7EDT3vV915GHMoiza2XUCy/dDg8G5T/LoeUvDYir1Nu41vIp0BeMNo/ENuERUBAVntD5anO3GY//Cb6CTCzf1bY6MqfJFz0mG1X+zEpRHpOV3Z7dd3NVZ1DprtPN7Ji/ONCLSxyzj0JbRHDPBwspnIp58ZsmfOFl/NJNsyaGsc0/KNtM/+3ZzhNaQ7hfA5HbqhmUydIiSheuTJHhXOC4Fsrl9JOIWsaS+dO+3uIe3syywZ9KRzqcrocwd6A85qNNNvuhIuWTxmUNBlaYmcwsj0/Q9k7dmc4OZtMDjB1z2J1Jk2Bk/jYCP0gXrbttuzrl9HXgLWAQ1Y38zRnjk+dekZL40We7sIUOy2zWE8ytvM8bgb4zCtkx9kQ7BGGSeKGQa6LO0X0ArmF3WQE+0Rln7e4PvR/qfCFUXYcZ1Bt6CM+DYdjCxybdGkZ87Le0GQFyO2StHZSyCChdnAM16x5avE9jsnpZwZ0QmSZ6CB4+FU5bYY+dyOc907OH7FxeRmg+yjCM50pzr5YDXXJ++198uAf+yO+U0d2iIEFhaOKGrE1QCgbqBFLlLhqGfK/QnKHFLE4pBfxp9y2A74tLzMiO2NfQtwOn1+ynNLqSl3DU75hRnwYl8zTKROCxvQi9bwip6N3MggYwbPOFnGAiE0UwoGdma+Q==
X-OriginatorOrg: nutanix.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 73e9b20c-5ea1-4916-f7a2-08db4f9a0d05
X-MS-Exchange-CrossTenant-AuthSource: CH0PR02MB8041.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 May 2023 07:58:46.6945
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: bb047546-786f-4de1-bd75-24e5b6f79043
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 qVdCVjdWAXl+mQx5KDGMBYOX02g/9vP6PCO4x3SGwpKYqc3ETbUYU/5DKZ7RFABJsrOWqTcOpvt8ywtrixt3ZXZ+RhINH5b5EQj2R1+0q24=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN4PR0201MB8821
X-Proofpoint-GUID: ozbbm-1Dj_EPgrl8u8CWGgYQAzniaqRD
X-Proofpoint-ORIG-GUID: ozbbm-1Dj_EPgrl8u8CWGgYQAzniaqRD
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22
 definitions=2023-05-08_05,2023-05-05_01,2023-02-09_01
X-Proofpoint-Spam-Reason: safe
Precedence: bulk
List-ID: <audit.vger.kernel.org>
X-Mailing-List: audit@vger.kernel.org

Series

audit: refactor and fix for potential deadlock | expand

Commit Message

Eiichi Tsukata May 8, 2023, 7:58 a.m. UTC

Currently audit queue full checks are done in multiple places.
Consolidate them into one audit_queue_full().

Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
---
 kernel/audit.c | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

Comments

Rinat Gadelshin May 10, 2023, 6:54 a.m. UTC | #1

Hi Eiichi!

Just one one for your patch.

On 08.05.2023 10:58, Eiichi Tsukata wrote:
> Currently audit queue full checks are done in multiple places.
> Consolidate them into one audit_queue_full().
>
> Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
> ---
>   kernel/audit.c | 21 +++++++++++----------
>   1 file changed, 11 insertions(+), 10 deletions(-)
>
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 9bc0b0301198..c15694e1a76b 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -341,6 +341,12 @@ static inline int audit_rate_check(void)
>   	return retval;
>   }
>   
> +static inline int audit_queue_full(const struct sk_buff_head *queue)
> +{
> +	return audit_backlog_limit &&
> +	       (skb_queue_len(queue) > audit_backlog_limit);
It seems that we should use `>=` here.
> +}
> +
>   /**
>    * audit_log_lost - conditionally log lost audit message event
>    * @message: the message stating reason for lost audit message
> @@ -579,8 +585,7 @@ static void kauditd_hold_skb(struct sk_buff *skb, int error)
>   	 * record on the retry queue unless it's full, in which case drop it
>   	 */
>   	if (error == -EAGAIN) {
> -		if (!audit_backlog_limit ||
> -		    skb_queue_len(&audit_retry_queue) < audit_backlog_limit) {
> +		if (!audit_queue_full(&audit_retry_queue)) {
>   			skb_queue_tail(&audit_retry_queue, skb);
>   			return;
>   		}
> @@ -589,8 +594,7 @@ static void kauditd_hold_skb(struct sk_buff *skb, int error)
>   	}
>   
>   	/* if we have room in the hold queue, queue the message */
> -	if (!audit_backlog_limit ||
> -	    skb_queue_len(&audit_hold_queue) < audit_backlog_limit) {
> +	if (!audit_queue_full(&audit_hold_queue)) {
>   		skb_queue_tail(&audit_hold_queue, skb);
>   		return;
>   	}
> @@ -613,8 +617,7 @@ static void kauditd_hold_skb(struct sk_buff *skb, int error)
>    */
>   static void kauditd_retry_skb(struct sk_buff *skb, __always_unused int error)
>   {
> -	if (!audit_backlog_limit ||
> -	    skb_queue_len(&audit_retry_queue) < audit_backlog_limit) {
> +	if (!audit_queue_full(&audit_retry_queue)) {
>   		skb_queue_tail(&audit_retry_queue, skb);
>   		return;
>   	}
> @@ -1564,8 +1567,7 @@ static void audit_receive(struct sk_buff  *skb)
>   	audit_ctl_unlock();
>   
>   	/* can't block with the ctrl lock, so penalize the sender now */
> -	if (audit_backlog_limit &&
> -	    (skb_queue_len(&audit_queue) > audit_backlog_limit)) {
> +	if (audit_queue_full(&audit_queue)) {
>   		DECLARE_WAITQUEUE(wait, current);
>   
>   		/* wake kauditd to try and flush the queue */
> @@ -1866,8 +1868,7 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
>   	if (!(auditd_test_task(current) || audit_ctl_owner_current())) {
>   		long stime = audit_backlog_wait_time;
>   
> -		while (audit_backlog_limit &&
> -		       (skb_queue_len(&audit_queue) > audit_backlog_limit)) {
> +		while (audit_queue_full(&audit_queue)) {
>   			/* wake kauditd to try and flush the queue */
>   			wake_up_interruptible(&kauditd_wait);
>

Eiichi Tsukata May 10, 2023, 7:17 a.m. UTC | #2

> On May 10, 2023, at 15:54, Rinat Gadelshin <rgadelsh@gmail.com> wrote:
> 
> Hi Eiichi!
> 
> Just one one for your patch.
> 
> On 08.05.2023 10:58, Eiichi Tsukata wrote:
>> Currently audit queue full checks are done in multiple places.
>> Consolidate them into one audit_queue_full().
>> 
>> Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
>> ---
>>  kernel/audit.c | 21 +++++++++++----------
>>  1 file changed, 11 insertions(+), 10 deletions(-)
>> 
>> diff --git a/kernel/audit.c b/kernel/audit.c
>> index 9bc0b0301198..c15694e1a76b 100644
>> --- a/kernel/audit.c
>> +++ b/kernel/audit.c
>> @@ -341,6 +341,12 @@ static inline int audit_rate_check(void)
>>   return retval;
>>  }
>>  +static inline int audit_queue_full(const struct sk_buff_head *queue)
>> +{
>> + return audit_backlog_limit &&
>> +        (skb_queue_len(queue) > audit_backlog_limit);
> It seems that we should use `>=` here.

Hi Rinat

Could you provide the detailed reason?

Currently queue full checks are done with ‘>’,
on the other hand queue NOT full checks are done with ‘<‘.

Looking into other similar checks in the kernel, unix_recvq_full() is using ‘>’.


Paul, how do you think about it?

Eiichi

Rinat Gadelshin May 10, 2023, 7:28 a.m. UTC | #3

On 10.05.2023 10:17, Eiichi Tsukata wrote:
>
>> On May 10, 2023, at 15:54, Rinat Gadelshin <rgadelsh@gmail.com> wrote:
>>
>> Hi Eiichi!
>>
>> Just one one for your patch.
>>
>> On 08.05.2023 10:58, Eiichi Tsukata wrote:
>>> Currently audit queue full checks are done in multiple places.
>>> Consolidate them into one audit_queue_full().
>>>
>>> Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
>>> ---
>>>   kernel/audit.c | 21 +++++++++++----------
>>>   1 file changed, 11 insertions(+), 10 deletions(-)
>>>
>>> diff --git a/kernel/audit.c b/kernel/audit.c
>>> index 9bc0b0301198..c15694e1a76b 100644
>>> --- a/kernel/audit.c
>>> +++ b/kernel/audit.c
>>> @@ -341,6 +341,12 @@ static inline int audit_rate_check(void)
>>>    return retval;
>>>   }
>>>   +static inline int audit_queue_full(const struct sk_buff_head *queue)
>>> +{
>>> + return audit_backlog_limit &&
>>> +        (skb_queue_len(queue) > audit_backlog_limit);
>> It seems that we should use `>=` here.
> Hi Rinat
>
> Could you provide the detailed reason?
>
> Currently queue full checks are done with ‘>’,
> on the other hand queue NOT full checks are done with ‘<‘.
>
> Looking into other similar checks in the kernel, unix_recvq_full() is using ‘>’.
Was (OR statement): `if (!audit_backlog_limit || 
skb_queue_len(&audit_retry_queue) < audit_backlog_limit)
For AND-statement it should be `if (audit_backlog_limit && 
(skb_queue_len(&audit_retry_queue) >= audit_backlog_limit))
Otherwise we get false for case `(skb_queue_len(&audit_retry_queue) == 
audit_backlog_limit)` which was true for the old implementation.
>
> Paul, how do you think about it?
>
> Eiichi
>
>

diff --git a/kernel/audit.c b/kernel/audit.c
index 9bc0b0301198..c15694e1a76b 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -341,6 +341,12 @@  static inline int audit_rate_check(void)
 	return retval;
 }
 
+static inline int audit_queue_full(const struct sk_buff_head *queue)
+{
+	return audit_backlog_limit &&
+	       (skb_queue_len(queue) > audit_backlog_limit);
+}
+
 /**
  * audit_log_lost - conditionally log lost audit message event
  * @message: the message stating reason for lost audit message
@@ -579,8 +585,7 @@  static void kauditd_hold_skb(struct sk_buff *skb, int error)
 	 * record on the retry queue unless it's full, in which case drop it
 	 */
 	if (error == -EAGAIN) {
-		if (!audit_backlog_limit ||
-		    skb_queue_len(&audit_retry_queue) < audit_backlog_limit) {
+		if (!audit_queue_full(&audit_retry_queue)) {
 			skb_queue_tail(&audit_retry_queue, skb);
 			return;
 		}
@@ -589,8 +594,7 @@  static void kauditd_hold_skb(struct sk_buff *skb, int error)
 	}
 
 	/* if we have room in the hold queue, queue the message */
-	if (!audit_backlog_limit ||
-	    skb_queue_len(&audit_hold_queue) < audit_backlog_limit) {
+	if (!audit_queue_full(&audit_hold_queue)) {
 		skb_queue_tail(&audit_hold_queue, skb);
 		return;
 	}
@@ -613,8 +617,7 @@  static void kauditd_hold_skb(struct sk_buff *skb, int error)
  */
 static void kauditd_retry_skb(struct sk_buff *skb, __always_unused int error)
 {
-	if (!audit_backlog_limit ||
-	    skb_queue_len(&audit_retry_queue) < audit_backlog_limit) {
+	if (!audit_queue_full(&audit_retry_queue)) {
 		skb_queue_tail(&audit_retry_queue, skb);
 		return;
 	}
@@ -1564,8 +1567,7 @@  static void audit_receive(struct sk_buff  *skb)
 	audit_ctl_unlock();
 
 	/* can't block with the ctrl lock, so penalize the sender now */
-	if (audit_backlog_limit &&
-	    (skb_queue_len(&audit_queue) > audit_backlog_limit)) {
+	if (audit_queue_full(&audit_queue)) {
 		DECLARE_WAITQUEUE(wait, current);
 
 		/* wake kauditd to try and flush the queue */
@@ -1866,8 +1868,7 @@  struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
 	if (!(auditd_test_task(current) || audit_ctl_owner_current())) {
 		long stime = audit_backlog_wait_time;
 
-		while (audit_backlog_limit &&
-		       (skb_queue_len(&audit_queue) > audit_backlog_limit)) {
+		while (audit_queue_full(&audit_queue)) {
 			/* wake kauditd to try and flush the queue */
 			wake_up_interruptible(&kauditd_wait);

[1/4] audit: refactor queue full checks

Commit Message

Comments

Patch