From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.3 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A, SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C8C02C4708A for ; Wed, 26 May 2021 01:11:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A3E516142B for ; Wed, 26 May 2021 01:11:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232667AbhEZBMh (ORCPT ); Tue, 25 May 2021 21:12:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50692 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231877AbhEZBMf (ORCPT ); Tue, 25 May 2021 21:12:35 -0400 Received: from mail-pj1-x102b.google.com (mail-pj1-x102b.google.com [IPv6:2607:f8b0:4864:20::102b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 426F9C061760 for ; Tue, 25 May 2021 18:11:04 -0700 (PDT) Received: by mail-pj1-x102b.google.com with SMTP id pi6-20020a17090b1e46b029015cec51d7cdso14182149pjb.5 for ; Tue, 25 May 2021 18:11:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel-dk.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=n1vqEZBGLprA2KRsF5CbYK+jjEOh+Oi6OXwMO+wvSVI=; b=WuYZFf9pPBvFYy2KVJ+JeTztCg54+n2ulU+NAv5b3DeK97olpQ+DI0bkxtj4PEUS/r cJ5ieoM4B4W6rvdU8Jn6ugqpgujukUkcDf4uIlxiJpsYGwScXb9sCO7uQdmwMlkUR+gQ D9f21SnXgMXicqtWAihqgwM8R4JlW1GJM67Z9B99qnP4exZtkg0qPunTxBWSslQhoF52 Gn37vsVBCOExHCikYoDlP2qCU4u+Gp9NA1OGTxKdqf2wZ+y+tv98ulwRY9n/B4MLCLho 9OrmQva35tNquiDhuw4FNI0JAA3jFs2bFKQpP2vuEYxdeAAPrxD1SAB3QoCnBrECtruk vdDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=n1vqEZBGLprA2KRsF5CbYK+jjEOh+Oi6OXwMO+wvSVI=; b=IWRFhTlY7cGMUL2hQ+cXdBLfRkXsUPPxKJz6DDjWL+5BByuvyZZI4vPaS9Rf4WFqIg 21Tlb1nghjaAzlk0Vun8eLem8lrigI/QefxcBTLpummAGnUFVzlWFZgjrWORHU07JKsd +sTWupQvuDA15hlHj0CjjRq5l4wZsQvfY4AtdG29xvspJyBQX/uneV4SaW7WFCTsCymd RAo0fw/RSg/QH+CqtzwohXA3hOKqWyx8+2Kg4eNbQxpCZhHo01gG7cRXEQtEe3gyWbdd hqmwLbTMhuUi7G+SZ447Hn4uFazwMkYkT0yJ24LRBbXL+4q+PIeffuhvnjJ8CpsHa2Wp aGXA== X-Gm-Message-State: AOAM5318U2YxriX/RcNEJG5HuVq293sDT1kekRNDYaNqPPval6yb8Q8p JQmPNrQat3AG1rhaGP6OG2Hh5f3T3FLQWg== X-Google-Smtp-Source: ABdhPJzTq1BXr13mX/eHChxkke6tkaDYa/yW1HITGoscwaWg16pQb3fNkCRib6Tb05YzZyjvZz4LUQ== X-Received: by 2002:a17:90b:1b4f:: with SMTP id nv15mr1202085pjb.56.1621991463564; Tue, 25 May 2021 18:11:03 -0700 (PDT) Received: from [192.168.1.134] ([66.219.217.173]) by smtp.gmail.com with ESMTPSA id m1sm15068322pfb.14.2021.05.25.18.11.02 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 25 May 2021 18:11:03 -0700 (PDT) Subject: Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring To: Paul Moore , Pavel Begunkov Cc: linux-security-module@vger.kernel.org, selinux@vger.kernel.org, linux-audit@redhat.com, io-uring@vger.kernel.org, linux-fsdevel@vger.kernel.org, Kumar Kartikeya Dwivedi , Alexander Viro References: <162163367115.8379.8459012634106035341.stgit@sifl> <162163379461.8379.9691291608621179559.stgit@sifl> <162219f9-7844-0c78-388f-9b5c06557d06@gmail.com> From: Jens Axboe Message-ID: <8943629d-3c69-3529-ca79-d7f8e2c60c16@kernel.dk> Date: Tue, 25 May 2021 19:11:01 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org On 5/24/21 1:59 PM, Paul Moore wrote: > That said, audit is not for everyone, and we have build time and > runtime options to help make life easier. Beyond simply disabling > audit at compile time a number of Linux distributions effectively > shortcut audit at runtime by adding a "never" rule to the audit > filter, for example: > > % auditctl -a task,never As has been brought up, the issue we're facing is that distros have CONFIG_AUDIT=y and hence the above is the best real world case outside of people doing custom kernels. My question would then be how much overhead the above will add, considering it's an entry/exit call per op. If auditctl is turned off, what is the expectation in turns of overhead? My gut feeling tells me it's likely going to be too much. Keep in mind that we're sometimes doing millions of operations per second, per core. aio never had any audit logging as far as I can tell. I think it'd make a lot more sense to selectively enable audit logging only for opcodes that we care about. File open/create/unlink/mkdir etc, that kind of thing. File level operations that people would care about logging. Would they care about logging a buffer registration or a polled read from a device/file? I highly doubt it, and we don't do that for alternative methods either. Doesn't really make sense for a lot of the other operations, imho. -- Jens Axboe From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.3 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE, SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 35A4FC47088 for ; Wed, 26 May 2021 13:54:25 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 27F64610A6 for ; Wed, 26 May 2021 13:54:24 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 27F64610A6 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.dk Authentication-Results: mail.kernel.org; spf=tempfail smtp.mailfrom=linux-audit-bounces@redhat.com Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-141-prrMqECDPzOq7M-MrJvbCQ-1; Wed, 26 May 2021 09:54:20 -0400 X-MC-Unique: prrMqECDPzOq7M-MrJvbCQ-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id AB6C1803621; Wed, 26 May 2021 13:54:16 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 937DE17A7B; Wed, 26 May 2021 13:54:16 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5AA7755345; Wed, 26 May 2021 13:54:16 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 14Q1BBVr020505 for ; Tue, 25 May 2021 21:11:11 -0400 Received: by smtp.corp.redhat.com (Postfix) id 5AA1C10F26F2; Wed, 26 May 2021 01:11:11 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 55E4910F26EE for ; Wed, 26 May 2021 01:11:07 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8108485828E for ; Wed, 26 May 2021 01:11:07 +0000 (UTC) Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com [209.85.216.49]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-396-8y7O08LhNPyOr138YdMvsA-1; Tue, 25 May 2021 21:11:04 -0400 X-MC-Unique: 8y7O08LhNPyOr138YdMvsA-1 Received: by mail-pj1-f49.google.com with SMTP id ne24-20020a17090b3758b029015f2dafecb0so13028708pjb.4 for ; Tue, 25 May 2021 18:11:04 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=n1vqEZBGLprA2KRsF5CbYK+jjEOh+Oi6OXwMO+wvSVI=; b=jmT0wxqZ06z+HCtEg/+qlIXCsyAlArDSY+xIClvBlQfxeMSQjqoCj01vN9HgQDE17l +4oAVGnzBgRxkTtxuPv7OvTwvwkx/nYuwhAk962OWuZkEK885vtsM8py1UwyJJ9j7kOO Fkrsu2MgcNtlnKv+r/ezi8CdP2Dwcg3QEcEJTnuHj5l9rZjuDyJsFBGVXFJjQptRvas7 wrp1q8txiwXN87PGFJAMJu/lnsp5BFyL9cIqQ0sUoMXLHGsf2jIVW3OlLB9UBnYeXwAu QE7pcVf/gmGdr1bhvQAW4a9OOBRGDRcYjf5uvUEdAmS63Wg9hl+odFpOK9OmivjfC03v eu0w== X-Gm-Message-State: AOAM5320rrzm0OJ07mCTB4nxTDNjk5XzgZVY+vNWSqOL5iIt8KYmh+Od vn/4fGK1ycdKyhPR4m78YOaInA== X-Google-Smtp-Source: ABdhPJzTq1BXr13mX/eHChxkke6tkaDYa/yW1HITGoscwaWg16pQb3fNkCRib6Tb05YzZyjvZz4LUQ== X-Received: by 2002:a17:90b:1b4f:: with SMTP id nv15mr1202085pjb.56.1621991463564; Tue, 25 May 2021 18:11:03 -0700 (PDT) Received: from [192.168.1.134] ([66.219.217.173]) by smtp.gmail.com with ESMTPSA id m1sm15068322pfb.14.2021.05.25.18.11.02 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 25 May 2021 18:11:03 -0700 (PDT) Subject: Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring To: Paul Moore , Pavel Begunkov References: <162163367115.8379.8459012634106035341.stgit@sifl> <162163379461.8379.9691291608621179559.stgit@sifl> <162219f9-7844-0c78-388f-9b5c06557d06@gmail.com> From: Jens Axboe Message-ID: <8943629d-3c69-3529-ca79-d7f8e2c60c16@kernel.dk> Date: Tue, 25 May 2021 19:11:01 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: linux-audit@redhat.com X-Mailman-Approved-At: Wed, 26 May 2021 09:54:00 -0400 Cc: selinux@vger.kernel.org, linux-security-module@vger.kernel.org, linux-audit@redhat.com, Kumar Kartikeya Dwivedi , linux-fsdevel@vger.kernel.org, io-uring@vger.kernel.org, Alexander Viro X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit On 5/24/21 1:59 PM, Paul Moore wrote: > That said, audit is not for everyone, and we have build time and > runtime options to help make life easier. Beyond simply disabling > audit at compile time a number of Linux distributions effectively > shortcut audit at runtime by adding a "never" rule to the audit > filter, for example: > > % auditctl -a task,never As has been brought up, the issue we're facing is that distros have CONFIG_AUDIT=y and hence the above is the best real world case outside of people doing custom kernels. My question would then be how much overhead the above will add, considering it's an entry/exit call per op. If auditctl is turned off, what is the expectation in turns of overhead? My gut feeling tells me it's likely going to be too much. Keep in mind that we're sometimes doing millions of operations per second, per core. aio never had any audit logging as far as I can tell. I think it'd make a lot more sense to selectively enable audit logging only for opcodes that we care about. File open/create/unlink/mkdir etc, that kind of thing. File level operations that people would care about logging. Would they care about logging a buffer registration or a polled read from a device/file? I highly doubt it, and we don't do that for alternative methods either. Doesn't really make sense for a lot of the other operations, imho. -- Jens Axboe -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit