On Wed, Nov 23, 2016 at 8:41 PM, Paul Moore <pmoore(a)redhat.com> wrote:
This patchset started off innocently enough with the goal of moving
the netlink multicast send from audit_log_end() to kauditd_thread().
However, things escalated rather quickly as this uncovered, or made
worse, a number of inherent problems in the audit backlog queues.
This patchset attempts to address both the multicast and queue
problems.
I've spent a few weeks playing with this, stressing it a bit, and
tweaking some of the logic and so far it is performing at least as
well as the existing code for all the scenarios I've thrown at it;
if you happen to have a particularly nasty audit test, I'd
appreciate hearing about it, and I'd appreciate it even more if
you could give it a test too.
I'm posting this patchset as a RFC because this is a pretty big
change to some rather critical code and I thought some review
would be prudent; if I don't see anything substantial by next week
I'll go ahead and merge this into audit#next, along with the
patch from WANG Cong which started the little endeavor (see the
links below). You'll note I'm not including the patch from WANG
Cong in this patchset for the sake of clarity.
Enough from me, please take a look at the patchset that follows
and post any comments you may have to the list. In case you are
running Fedora Rawhide, I've been building some kernels you can
use to test at the link below:
* GitHub Issue Trackers
-
https://github.com/linux-audit/audit-kernel/issues/23
-
https://github.com/linux-audit/audit-kernel/issues/22
* Fedora Rawhide Kernel Builds
-
https://copr.fedorainfracloud.org/coprs/pcmoore/kernel-testing
As a FYI, I just merged these patches into audit#next.
--
paul moore
www.paul-moore.com