From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965847AbbJVSyy (ORCPT ); Thu, 22 Oct 2015 14:54:54 -0400 Received: from mx1.redhat.com ([209.132.183.28]:46577 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965783AbbJVSyJ (ORCPT ); Thu, 22 Oct 2015 14:54:09 -0400 From: Richard Guy Briggs To: linux-audit@redhat.com, linux-kernel@vger.kernel.org Cc: Richard Guy Briggs , sgrubb@redhat.com, pmoore@redhat.com, eparis@redhat.com, v.rathor@gmail.com, ctcard@hotmail.com Subject: [RFC PATCH 6/7] audit: wake up audit_backlog_wait queue when auditd goes away. Date: Thu, 22 Oct 2015 14:53:19 -0400 Message-Id: <473f52eb9d2c5d218106447084f72f6cb61245de.1445539473.git.rgb@redhat.com> In-Reply-To: References: In-Reply-To: References: Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When auditd goes away (died, killed or shutdown, or net namespace shut down), there is no point in sleeping waiting for auditd to drain the queue since that message would be distined for the hold queue after the timeout anyways. This will needlessly have those processes wait the full default timeout of 60 seconds (audit_backlog_wait_time). Wake up the processes caught in the audit_backlog_wait queue when auditd is no longer present so they can be sent instead to the hold queue. Signed-off-by: Richard Guy Briggs --- kernel/audit.c | 6 +++++- 1 files changed, 5 insertions(+), 1 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 34411af..688fa1e 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -425,6 +425,7 @@ restart: audit_log_lost(s); audit_pid = 0; audit_sock = NULL; + wake_up(&audit_backlog_wait); } else { pr_warn("re-scheduling(#%d) write to audit_pid=%d\n", attempts, audit_pid); @@ -882,6 +883,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) audit_pid = new_pid; audit_nlk_portid = NETLINK_CB(skb).portid; audit_sock = skb->sk; + if (!audit_pid) + wake_up(&audit_backlog_wait); } if (s.mask & AUDIT_STATUS_RATE_LIMIT) { err = audit_set_rate_limit(s.rate_limit); @@ -1154,6 +1157,7 @@ static void __net_exit audit_net_exit(struct net *net) if (sock == audit_sock) { audit_pid = 0; audit_sock = NULL; + wake_up(&audit_backlog_wait); } RCU_INIT_POINTER(aunet->nlsk, NULL); @@ -1393,7 +1397,7 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, sleep_time = timeout_start + audit_backlog_wait_time - jiffies; if (sleep_time > 0) { sleep_time = wait_for_auditd(sleep_time); - if (sleep_time > 0) + if (audit_pid && sleep_time > 0) continue; } } -- 1.7.1