iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/kernel
History
Paul Moore d978295bb5 audit: ensure userspace is penalized the same as the kernel when under pressure 
[ Upstream commit 8f110f530635af44fff1f4ee100ecef0bac62510 ]

Due to the audit control mutex necessary for serializing audit
userspace messages we haven't been able to block/penalize userspace
processes that attempt to send audit records while the system is
under audit pressure.  The result is that privileged userspace
applications have a priority boost with respect to audit as they are
not bound by the same audit queue throttling as the other tasks on
the system.

This patch attempts to restore some balance to the system when under
audit pressure by blocking these privileged userspace tasks after
they have finished their audit processing, and dropped the audit
control mutex, but before they return to userspace.

Reported-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Tested-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Reviewed-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-01-27 11:04:43 +01:00
..
bpf
bpf: Fix verifier support for validation of async callbacks
2022-01-27 11:03:51 +01:00
cgroup
cgroup: Use open-time cgroup namespace for process migration perm checks
2022-01-11 15:35:15 +01:00
configs
drivers/char: remove /dev/kmem for good
2021-05-07 00:26:34 -07:00
debug
kdb: Adopt scheduler's task classification
2021-11-18 19:17:06 +01:00
dma
dma/pool: create dma atomic pool only if dma zone has managed pages
2022-01-27 11:03:00 +01:00
entry
signal: Replace force_fatal_sig with force_exit_sig when in doubt
2021-11-25 09:49:07 +01:00
events
perf: Protect perf_guest_cbs with RCU
2022-01-20 09:13:14 +01:00
gcov
Kconfig: Introduce ARCH_WANTS_NO_INSTR and CC_HAS_NO_PROFILE_FN_ATTR
2021-06-22 11:07:18 -07:00
irq
PCI/MSI: Move non-mask check back into low level accessors
2021-11-18 19:17:14 +01:00
kcsan
LKMM updates:
2021-09-02 13:00:15 -07:00
livepatch
livepatch: Replace deprecated CPU-hotplug functions.
2021-08-19 12:00:24 +02:00
locking
locking/rtmutex: Fix incorrect condition in rtmutex_spin_on_owner()
2021-12-22 09:32:48 +01:00
power
PM: hibernate: use correct mode for swsusp_close()
2021-12-01 09:04:51 +01:00
printk
printk: restore flushing of NMI buffers on remote CPUs after NMI backtraces
2021-11-25 09:48:45 +01:00
rcu
rcutorture: Avoid soft lockup during cpu stall
2022-01-27 11:04:37 +01:00
sched
psi: Fix PSI_MEM_FULL state when tasks are in memstall and doing reclaim
2022-01-27 11:04:27 +01:00
time
clocksource: Avoid accidental unstable marking of clocksources
2022-01-27 11:04:08 +01:00
trace
bpf: Remove config check to enable bpf support for branch records
2022-01-27 11:03:28 +01:00
.gitignore
.gitignore: prefix local generated files with a slash
2021-05-02 00:43:35 +09:00
acct.c
kernel/acct.c: use dedicated helper to access rlimit values
2021-09-08 11:50:26 -07:00
async.c
kernel/async.c: remove async_unregister_domain()
2021-05-07 00:26:33 -07:00
audit_fsnotify.c
audit_alloc_mark(): don't open-code ERR_CAST()
2021-02-23 10:25:27 -05:00
audit_tree.c
audit: move put_tree() to avoid trim_trees refcount underflow and UAF
2021-08-24 18:52:36 -04:00
audit_watch.c
fsnotify: generalize handle_inode_event()
2020-12-03 14:58:35 +01:00
audit.c
audit: ensure userspace is penalized the same as the kernel when under pressure
2022-01-27 11:04:43 +01:00
audit.h
audit: add header protection to kernel/audit.h
2021-07-19 22:38:24 -04:00
auditfilter.c
lsm: separate security_task_getsecid() into subjective and objective variants
2021-03-22 15:23:32 -04:00
auditsc.c
audit: fix possible null-pointer dereference in audit_filter_rules
2021-10-18 18:27:47 -04:00
backtracetest.c
bounds.c
capability.c
capability: handle idmapped mounts
2021-01-24 14:27:16 +01:00
cfi.c
cfi: Use rcu_read_{un}lock_sched_notrace
2021-08-11 13:11:12 -07:00
compat.c
arch: remove compat_alloc_user_space
2021-09-08 15:32:35 -07:00
configs.c
context_tracking.c
cpu_pm.c
PM: cpu: Make notifier chain use a raw_spinlock_t
2021-08-16 18:55:32 +02:00
cpu.c
sched/scs: Reset task stack state in bringup_cpu()
2021-12-01 09:04:54 +01:00
crash_core.c
kernel/crash_core: suppress unknown crashkernel parameter warning
2021-12-29 12:28:49 +01:00
crash_dump.c
cred.c
ucounts: Move get_ucounts from cred_alloc_blank to key_change_session_keyring
2021-10-20 10:34:20 -05:00
delayacct.c
delayacct: Add sysctl to enable at runtime
2021-05-12 11:43:25 +02:00
dma.c
exec_domain.c
exit.c
io_uring: remove files pointer in cancellation functions
2021-08-23 13:10:37 -06:00
extable.c
fail_function.c
fault-injection: handle EI_ETYPE_TRUE
2020-12-15 22:46:19 -08:00
fork.c
posix-cpu-timers: Clear task::posix_cputimers_work in copy_process()
2021-11-18 19:17:14 +01:00
freezer.c
sched: Add get_current_state()
2021-06-18 11:43:08 +02:00
futex.c
futex: Remove unused variable 'vpid' in futex_proxy_trylock_atomic()
2021-09-03 23:00:22 +02:00
gen_kheaders.sh
kbuild: clean up ${quiet} checks in shell scripts
2021-05-27 04:01:50 +09:00
groups.c
groups: simplify struct group_info allocation
2021-02-26 09:41:03 -08:00
hung_task.c
Merge branch 'akpm' (patches from Andrew)
2021-07-02 12:08:10 -07:00
iomem.c
irq_work.c
irq_work: Make irq_work_queue() NMI-safe again
2021-06-10 10:00:08 +02:00
jump_label.c
jump_label: Fix jump_label_text_reserved() vs __init
2021-07-05 10:46:20 +02:00
kallsyms.c
module: add printk formats to add module build ID to stacktraces
2021-07-08 11:48:22 -07:00
kcmp.c
Merge branch 'exec-update-lock-for-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2020-12-15 19:36:48 -08:00
Kconfig.freezer
Kconfig.hz
Kconfig.locks
locking/rwlock: Provide RT variant
2021-08-17 17:50:51 +02:00
Kconfig.preempt
sched/core: Disable CONFIG_SCHED_CORE by default
2021-06-28 22:43:05 +02:00
kcov.c
kexec_core.c
Merge branch 'rework/printk_safe-removal' into for-linus
2021-08-30 16:36:10 +02:00
kexec_elf.c
kexec_file.c
kernel: kexec_file: fix error return code of kexec_calculate_store_digests()
2021-05-07 00:26:32 -07:00
kexec_internal.h
kexec: move machine_kexec_post_load() to public interface
2021-02-22 12:33:26 +00:00
kexec.c
kexec: avoid compat_alloc_user_space
2021-09-08 15:32:34 -07:00
kheaders.c
kmod.c
modules: add CONFIG_MODPROBE_PATH
2021-05-07 00:26:33 -07:00
kprobes.c
kprobes: Limit max data_size of the kretprobe instances
2021-12-08 09:04:41 +01:00
ksysfs.c
kthread.c
Merge branch 'akpm' (patches from Andrew)
2021-06-29 17:29:11 -07:00
latencytop.c
Makefile
kbuild: update config_data.gz only when the content of .config is changed
2021-05-02 00:43:35 +09:00
module_signature.c
module: harden ELF info handling
2021-01-19 10:24:45 +01:00
module_signing.c
module: harden ELF info handling
2021-01-19 10:24:45 +01:00
module-internal.h
module.c
module: fix clang CFI with MODULE_UNLOAD=n
2021-09-28 12:56:26 +02:00
notifier.c
notifier: Remove atomic_notifier_call_chain_robust()
2021-08-16 18:55:32 +02:00
nsproxy.c
memcg: enable accounting for new namesapces and struct nsproxy
2021-09-03 09:58:12 -07:00
padata.c
padata: Remove repeated verbose license text
2021-08-27 16:30:18 +08:00
panic.c
Merge branch 'rework/printk_safe-removal' into for-linus
2021-08-30 16:36:10 +02:00
params.c
params: lift param_set_uint_minmax to common code
2021-08-16 14:42:22 +02:00
pid_namespace.c
memcg: enable accounting for new namesapces and struct nsproxy
2021-09-03 09:58:12 -07:00
pid.c
kernel/pid.c: implement additional checks upon pidfd_create() parameters
2021-08-10 12:53:07 +02:00
profile.c
profiling: fix shift-out-of-bounds bugs
2021-09-08 11:50:26 -07:00
ptrace.c
sched: Change task_struct::state
2021-06-18 11:43:09 +02:00
range.c
reboot.c
reboot: Add hardware protection power-off
2021-06-21 13:08:36 +01:00
regset.c
relay.c
relay: allow the use of const callback structs
2020-12-15 22:46:18 -08:00
resource_kunit.c
resource: provide meaningful MODULE_LICENSE() in test suite
2020-11-25 18:52:35 +01:00
resource.c
kernel/resource: fix return code check in __request_free_mem_region
2021-05-14 19:41:32 -07:00
rseq.c
KVM: rseq: Update rseq when processing NOTIFY_RESUME on xfer to KVM guest
2021-09-22 10:24:01 -04:00
scftorture.c
scftorture: Avoid NULL pointer exception on early exit
2021-07-27 11:39:30 -07:00
scs.c
scs: Release kasan vmalloc poison in scs_free process
2021-11-18 19:16:29 +01:00
seccomp.c
Merge branch 'exit-cleanups-for-v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2021-09-01 14:52:05 -07:00
signal.c
signal: Replace force_fatal_sig with force_exit_sig when in doubt
2021-11-25 09:49:07 +01:00
smp.c
smp: Fix all kernel-doc warnings
2021-08-11 14:47:16 +02:00
smpboot.c
smpboot: Replace deprecated CPU-hotplug functions.
2021-08-10 14:57:42 +02:00
smpboot.h
softirq.c
genirq: Change force_irqthreads to a static key
2021-08-10 22:50:07 +02:00
stackleak.c
stacktrace.c
static_call.c
static_call: Fix static_call_text_reserved() vs __init
2021-07-05 10:46:33 +02:00
stop_machine.c
stop_machine: Add caller debug info to queue_stop_cpus_work
2021-03-23 16:01:58 +01:00
sys_ni.c
compat: remove some compat entry points
2021-09-08 15:32:35 -07:00
sys.c
Merge branch 'akpm' (patches from Andrew)
2021-09-08 12:55:35 -07:00
sysctl-test.c
kernel/sysctl-test: Remove some casts which are no-longer required
2021-06-23 16:41:24 -06:00
sysctl.c
Merge branch 'akpm' (patches from Andrew)
2021-09-03 10:08:28 -07:00
task_work.c
kasan: record task_work_add() call stack
2021-04-30 11:20:42 -07:00
taskstats.c
test_kprobes.c
torture.c
torture: Replace deprecated CPU-hotplug functions.
2021-08-10 10:48:07 -07:00
tracepoint.c
tracepoint: Fix kerneldoc comments
2021-08-16 11:39:51 -04:00
tsacct.c
ucount.c
ucounts: Fix rlimit max values check
2021-12-29 12:28:39 +01:00
uid16.c
uid16.h
umh.c
kernel/umh.c: fix some spelling mistakes
2021-05-07 00:26:34 -07:00
up.c
A set of locking related fixes and updates:
2021-05-09 13:07:03 -07:00
user_namespace.c
memcg: enable accounting for new namesapces and struct nsproxy
2021-09-03 09:58:12 -07:00
user-return-notifier.c
user.c
fs/epoll: use a per-cpu counter for user's watches count
2021-09-08 11:50:27 -07:00
usermode_driver.c
Merge branch 'work.namei' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2021-07-03 11:41:14 -07:00
utsname_sysctl.c
utsname.c
watch_queue.c
watch_queue: rectify kernel-doc for init_watch()
2021-01-26 11:16:34 +00:00
watchdog_hld.c
watchdog.c
kernel: watchdog: modify the explanation related to watchdog thread
2021-06-29 10:53:46 -07:00
workqueue_internal.h
workqueue: Assign a color to barrier work items
2021-08-17 07:49:10 -10:00
workqueue.c
workqueue: Fix unbind_workers() VS wq_worker_running() race
2022-01-16 09:12:41 +01:00