[PATCH 4/8] audit: efficiency fix 1: only wake up if queue shorter than backlog limit

From: Richard Guy Briggs
Date: Wed Sep 18 2013 - 15:07:58 EST

Next message: Richard Guy Briggs: "[PATCH 8/8] audit: add audit_backlog_wait_time configuration option"
Previous message: Eduardo Valentin: "[PATCHv3 02/16] drivers: thermal: introduce device tree parser"
In reply to: Richard Guy Briggs: "[PATCH 0/8] Audit backlog queue fixes related to soft lockup"
Next in thread: Richard Guy Briggs: "[PATCH 8/8] audit: add audit_backlog_wait_time configuration option"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

author: Dan Duval <dan.duval@xxxxxxxxxx>

These and similar errors were seen on a patched 3.8 kernel when the
audit subsystem was overrun during boot:

udevd[876]: worker [887] unexpectedly returned with status 0x0100
udevd[876]: worker [887] failed while handling
'/devices/pci0000:00/0000:00:03.0/0000:40:00.0'
udevd[876]: worker [880] unexpectedly returned with status 0x0100
udevd[876]: worker [880] failed while handling
'/devices/LNXSYSTM:00/LNXPWRBN:00/input/input1/event1'

udevadm settle - timeout of 180 seconds reached, the event queue
contains:
/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input1/event1 (3995)
/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/INT3F0D:00 (4034)

audit: audit_backlog=258 > audit_backlog_limit=256
audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=256

The change below increases the efficiency of the audit code and prevents it
from being overrun:

Only issue a wake_up in kauditd if the length of the skb queue is less than the
backlog limit. Otherwise, threads waiting in wait_for_auditd() will simply
wake up, discover that the queue is still too long for them to proceed, and go
back to sleep. This results in wasted context switches and machine cycles.
kauditd_thread() is the only function that removes buffers from audit_skb_queue
so we can't race. If we did, the timeout in wait_for_auditd() would expire and
the waiting thread would continue.

See: https://lkml.org/lkml/2013/9/2/479

Signed-off-by: Dan Duval <dan.duval@xxxxxxxxxx>
Signed-off-by: Chuck Anderson <chuck.anderson@xxxxxxxxxx>
Signed-off-by: Richard Guy Briggs <rgb@xxxxxxxxxx>
---
kernel/audit.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/kernel/audit.c b/kernel/audit.c
index 42c68db..25fab2d 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -448,8 +448,10 @@ static int kauditd_thread(void *dummy)
flush_hold_queue();

skb = skb_dequeue(&audit_skb_queue);
- wake_up(&audit_backlog_wait);
+
if (skb) {
+ if(skb_queue_len(&audit_skb_queue) <= audit_backlog_limit)
+ wake_up(&audit_backlog_wait);
if (audit_pid)
kauditd_send_skb(skb);
else
--
1.7.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Richard Guy Briggs: "[PATCH 8/8] audit: add audit_backlog_wait_time configuration option"
Previous message: Eduardo Valentin: "[PATCHv3 02/16] drivers: thermal: introduce device tree parser"
In reply to: Richard Guy Briggs: "[PATCH 0/8] Audit backlog queue fixes related to soft lockup"
Next in thread: Richard Guy Briggs: "[PATCH 8/8] audit: add audit_backlog_wait_time configuration option"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]