Eric Lee / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit f09ac9db2aafe36fde9ebd63c8c5d776f6e7bd41

Authored by Eric Paris
Committed by Al Viro
1 parent f3d357b092
Exists in master and in 39 other branches 8mp-imx_5.4.70_2.3.0, 8qm-imx_5.4.70_2.3.0, emb_imx_lf-5.15.y, emb_lf-6.1.y, imx_3.0.35_4.1.0, imx_3.10.17_1.0.1_ga, imx_3.10.53_1.1.0_ga, imx_3.14.28_1.0.0_ga, imx_4.1.15_1.0.0_ga, pitx_8mp_lf-5.10.y, rt-smarc-imx_4.1.15_1.0.0_ga, rt_linux_5.15.71, smarc-8m-android-11.0.0_2.0.0, smarc-imx6_4.14.98_2.0.0_ga, smarc-imx6_4.9.88_2.0.0_ga, smarc-imx7_4.14.98_2.0.0_ga, smarc-imx7_4.9.11_1.0.0_ga, smarc-imx7_4.9.88_2.0.0_ga, smarc-imx_3.10.53_1.1.0_ga, smarc-imx_3.14.28_1.0.0_ga, smarc-imx_4.1.15_1.0.0_ga, smarc-imx_4.9.11_1.0.0_ga, smarc-imx_4.9.51_imx8m_ga, smarc-imx_4.9.88_2.0.0_ga, smarc-m6.0.1_2.1.0-ga, smarc-n7.1.2_2.0.0-ga, smarc-rel_imx_4.1.15_1.2.0_ga, smarc_8m_00d0_imx_4.14.98_2.0.0_ga, smarc_8m_imx_4.14.78_1.0.0_ga, smarc_8m_imx_4.14.98_2.0.0_ga, smarc_8m_imx_4.19.35_1.1.0, smarc_8mm_imx_4.14.78_1.0.0_ga, smarc_8mm_imx_4.14.98_2.0.0_ga, smarc_8mm_imx_4.19.35_1.1.0, smarc_8mm_imx_5.4.24_2.1.0, smarc_8mp_lf-5.10.y, smarc_8mq_imx_5.4.24_2.1.0, smarc_8mq_lf-5.10.y, smarc_imx_lf-5.15.y

Audit: stop deadlock from signals under load 

A deadlock is possible between kauditd and auditd under load if auditd
receives a signal.  When auditd receives a signal it sends a netlink
message to the kernel asking for information about the sender of the
signal.  In that same context the audit system will attempt to send a
netlink message back to the userspace auditd.  If kauditd has already
filled the socket buffer (see netlink_attachskb()) auditd will now put
itself to sleep waiting for room to send the message.  Since auditd is
responsible for draining that socket we have a deadlock.  The fix, since
the response from the kernel does not need to be synchronous is to send
the signal information back to auditd in a separate thread.  And thus
auditd can continue to drain the audit queue normally.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Showing 1 changed file with 35 additions and 5 deletions Side-by-side Diff

... ... @@ -156,6 +156,11 @@
156 156 gfp_t gfp_mask;
157 157 };
158 158  
  159 +struct audit_reply {
  160 + int pid;
  161 + struct sk_buff *skb;
  162 +};
  163 +
159 164 static void audit_set_pid(struct audit_buffer *ab, pid_t pid)
160 165 {
161 166 if (ab) {
... ... @@ -528,6 +533,19 @@
528 533 return NULL;
529 534 }
530 535  
  536 +static int audit_send_reply_thread(void *arg)
  537 +{
  538 + struct audit_reply *reply = (struct audit_reply *)arg;
  539 +
  540 + mutex_lock(&audit_cmd_mutex);
  541 + mutex_unlock(&audit_cmd_mutex);
  542 +
  543 + /* Ignore failure. It'll only happen if the sender goes away,
  544 + because our timeout is set to infinite. */
  545 + netlink_unicast(audit_sock, reply->skb, reply->pid, 0);
  546 + kfree(reply);
  547 + return 0;
  548 +}
531 549 /**
532 550 * audit_send_reply - send an audit reply message via netlink
533 551 * @pid: process id to send reply to
534 552  
... ... @@ -544,14 +562,26 @@
544 562 void audit_send_reply(int pid, int seq, int type, int done, int multi,
545 563 void *payload, int size)
546 564 {
547   - struct sk_buff *skb;
  565 + struct sk_buff *skb;
  566 + struct task_struct *tsk;
  567 + struct audit_reply *reply = kmalloc(sizeof(struct audit_reply),
  568 + GFP_KERNEL);
  569 +
  570 + if (!reply)
  571 + return;
  572 +
548 573 skb = audit_make_reply(pid, seq, type, done, multi, payload, size);
549 574 if (!skb)
550 575 return;
551   - /* Ignore failure. It'll only happen if the sender goes away,
552   - because our timeout is set to infinite. */
553   - netlink_unicast(audit_sock, skb, pid, 0);
554   - return;
  576 +
  577 + reply->pid = pid;
  578 + reply->skb = skb;
  579 +
  580 + tsk = kthread_run(audit_send_reply_thread, reply, "audit_send_reply");
  581 + if (IS_ERR(tsk)) {
  582 + kfree(reply);
  583 + kfree_skb(skb);
  584 + }
555 585 }
556 586  
557 587 /*