On Fri, Apr 28, 2017 at 12:13 PM, Paul Moore
<paul(a)paul-moore.com> wrote:
> On Fri, Apr 28, 2017 at 12:09 PM, Paul Moore <pmoore(a)redhat.com> wrote:
>> From: Paul Moore <paul(a)paul-moore.com>
>>
>> Cong Wang correctly pointed out that the RCU read locking of the
>> auditd_connection struct was wrong, this patch correct this by
>> adopting a more traditional, and correct RCU locking model.
>>
>> This patch is heavily based on an earlier prototype by Cong Wang.
>>
>> [XXX: Cong Wang, as mentioned previously, I'd like to add your
>> sign-off; please let me know if that is okay with you.]
>>
>> Cc: <stable(a)vger.kernel.org> # 4.11.x-: 264d509637d9
>> Reported-by: Cong Wang <xiyou.wangcong(a)gmail.com>
>> ??!! -> Signed-off-by: Cong Wang <xiyou.wangcong(a)gmail.com>
>> Signed-off-by: Paul Moore <paul(a)paul-moore.com>
>> ---
>> kernel/audit.c | 157 ++++++++++++++++++++++++++++++++++++--------------------
>> 1 file changed, 100 insertions(+), 57 deletions(-)
>
> A quick note that I haven't tested this yet, I'm in the process of
> building a kernel now, I just wanted to send this out early to in case
> anyone noticed anything incredibly stupid.
I've booted the patch a few times, and run audit-testsuite and
selinux-testsuite against it without problem. I'm currently hitting
the system with a constant stream of audit records while I restart the
audit daemon every five seconds, ~15m and everything still appears to
be working correctly.
In case anyone wants to play with a Fedora kernel build, you can get a
pre-built binary here for x86_64:
https://copr.fedorainfracloud.org/coprs/pcmoore/kernel-testing/build/544810
As a FYI, I've just merged this patch into audit/next and rebased the
branch onto v4.11 as previously discussed. I'm going to do some final
testing of the branch and expect to send the PR to Linux in a day or
two.
--
paul moore