On Tue, Dec 14, 2021 at 11:16 AM Paul Moore <[email protected]> wrote: > > Due to the audit control mutex necessary for serializing audit > userspace messages we haven't been able to block/penalize userspace > processes that attempt to send audit records while the system is > under audit pressure. The result is that privileged userspace > applications have a priority boost with respect to audit as they are > not bound by the same audit queue throttling as the other tasks on > the system. > > This patch attempts to restore some balance to the system when under > audit pressure by blocking these privileged userspace tasks after > they have finished their audit processing, and dropped the audit > control mutex, but before they return to userspace. > > Reported-by: Gaosheng Cui <[email protected]> > Signed-off-by: Paul Moore <[email protected]> > --- > kernel/audit.c | 18 +++++++++++++++++- > 1 file changed, 17 insertions(+), 1 deletion(-)
FYI, I just merged this into audit/next; thanks for the testing/review help everyone! -- paul moore www.paul-moore.com -- Linux-audit mailing list [email protected] https://listman.redhat.com/mailman/listinfo/linux-audit
