mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-13 22:25:03 +00:00
Code Issues Releases Wiki Activity
linux-stable/kernel
History
Paul Moore dcf1d9f76f audit: ensure userspace is penalized the same as the kernel when under pressure 
[ Upstream commit 8f110f5306 ]

Due to the audit control mutex necessary for serializing audit
userspace messages we haven't been able to block/penalize userspace
processes that attempt to send audit records while the system is
under audit pressure.  The result is that privileged userspace
applications have a priority boost with respect to audit as they are
not bound by the same audit queue throttling as the other tasks on
the system.

This patch attempts to restore some balance to the system when under
audit pressure by blocking these privileged userspace tasks after
they have finished their audit processing, and dropped the audit
control mutex, but before they return to userspace.

Reported-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Tested-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Reviewed-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-01-27 09:19:44 +01:00
..
bpf bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc 2021-12-17 10:12:24 +01:00
cgroup cgroup: Make rebind_subsystems() disable v2 controllers all at once 2021-11-17 09:48:34 +01:00
configs
debug kdb: Make memory allocations more robust 2021-03-04 10:26:10 +01:00
dma dma-debug: fix sg checks in debug_dma_map_sg() 2021-10-27 09:54:25 +02:00
events perf: Protect perf_guest_cbs with RCU 2022-01-20 09:19:18 +01:00
gcov gcov: re-fix clang-11+ support 2021-04-14 08:24:10 +02:00
irq genirq/timings: Fix error return code in irq_timings_test_irqs() 2021-09-15 09:47:29 +02:00
livepatch
locking locking/lockdep: Avoid RCU-induced noinstr fail 2021-11-17 09:48:28 +01:00
power PM: hibernate: use correct mode for swsusp_close() 2021-12-01 09:23:33 +01:00
printk printk/console: Allow to disable console output by using console="" or console=null 2021-11-12 14:43:03 +01:00
rcu rcu/exp: Mark current CPU as exp-QS in IPI loop second pass 2022-01-27 09:19:33 +01:00
sched sched/rt: Try to restart rt period timer when rt runtime exceeded 2022-01-27 09:19:33 +01:00
time timekeeping: Really make sure wall_to_monotonic isn't positive 2021-12-22 09:29:39 +01:00
trace tracing: Tag trace_percpu_buffer as a percpu pointer 2022-01-11 15:23:31 +01:00
.gitignore kbuild: update config_data.gz only when the content of .config is changed 2021-05-11 14:04:16 +02:00
acct.c
async.c
audit.c audit: ensure userspace is penalized the same as the kernel when under pressure 2022-01-27 09:19:44 +01:00
audit.h audit: fix a net reference leak in audit_list_rules_send() 2020-06-22 09:30:59 +02:00
audit_fsnotify.c
audit_tree.c audit: move put_tree() to avoid trim_trees refcount underflow and UAF 2021-09-03 10:08:16 +02:00
audit_watch.c audit: CONFIG_CHANGE don't log internal bookkeeping as an event 2020-10-01 13:17:32 +02:00
auditfilter.c audit: fix a net reference leak in audit_list_rules_send() 2020-06-22 09:30:59 +02:00
auditsc.c audit: fix possible null-pointer dereference in audit_filter_rules 2021-10-27 09:54:27 +02:00
backtracetest.c
bounds.c
capability.c
compat.c
configs.c
context_tracking.c
cpu.c cpu/hotplug: Cure the cpusets trainwreck 2021-07-19 08:53:15 +02:00
cpu_pm.c kernel/cpu_pm: Fix uninitted local in cpu_pm 2020-06-22 09:31:22 +02:00
crash_core.c
crash_dump.c
cred.c keys: Fix request_key() cache 2020-01-17 19:48:42 +01:00
delayacct.c
dma.c
exec_domain.c
exit.c don't dump the threads that had been already exiting when zapped. 2020-11-18 19:20:31 +01:00
extable.c
fail_function.c fail_function: Remove a redundant mutex unlock 2020-11-24 13:29:18 +01:00
fork.c mm/hugetlb: initialize hugetlb_usage in mm_init 2021-09-22 12:26:37 +02:00
freezer.c
futex.c mm, futex: fix shared futex pgoff on shmem huge page 2021-06-30 08:47:55 -04:00
gen_kheaders.sh kbuild: add variables for compression tools 2020-09-03 11:27:10 +02:00
groups.c
hung_task.c
iomem.c
irq_work.c
jump_label.c
kallsyms.c kallsyms: Refactor kallsyms_show_value() to take cred 2020-07-16 08:16:44 +02:00
kcmp.c exec: Transform exec_update_mutex into a rw_semaphore 2021-01-09 13:44:55 +01:00
Kconfig.freezer
Kconfig.hz
Kconfig.locks
Kconfig.preempt
kcov.c
kexec.c
kexec_core.c kernel: kexec: remove the lock operation of system_transition_mutex 2021-02-03 23:25:56 +01:00
kexec_elf.c
kexec_file.c kernel: kexec_file: fix error return code of kexec_calculate_store_digests() 2021-05-19 10:08:28 +02:00
kexec_internal.h
kheaders.c
kmod.c kmod: make request_module() return an error when autoloading is disabled 2020-04-17 10:50:22 +02:00
kprobes.c kprobes: Limit max data_size of the kretprobe instances 2021-12-08 09:01:10 +01:00
ksysfs.c
kthread.c kthread: Fix PF_KTHREAD vs to_kthread() race 2021-09-12 08:56:39 +02:00
latencytop.c
Makefile kbuild: update config_data.gz only when the content of .config is changed 2021-05-11 14:04:16 +02:00
module-internal.h
module.c module: limit enabling module.sig_enforce 2021-06-30 08:47:42 -04:00
module_signature.c module: harden ELF info handling 2021-04-07 14:47:38 +02:00
module_signing.c module: harden ELF info handling 2021-04-07 14:47:38 +02:00
notifier.c kernel/notifier.c: intercept duplicate registrations to avoid infinite loops 2020-10-01 13:17:23 +02:00
nsproxy.c
padata.c padata: add separate cpuhp node for CPUHP_PADATA_DEAD 2020-06-17 16:40:22 +02:00
panic.c
params.c
pid.c
pid_namespace.c memcg: enable accounting for pids in nested pid namespaces 2021-09-22 12:26:37 +02:00
profile.c profiling: fix shift-out-of-bounds bugs 2021-09-26 14:07:09 +02:00
ptrace.c ptrace: make ptrace() fail if the tracee changed its pid unexpectedly 2021-05-26 12:05:15 +02:00
range.c
reboot.c reboot: fix overflow parsing reboot cpu number 2020-11-18 19:20:30 +01:00
relay.c kernel/relay.c: fix memleak on destroy relay channel 2020-08-26 10:40:51 +02:00
resource.c /dev/mem: Revoke mappings when a driver claims the region 2020-06-24 17:50:35 +02:00
rseq.c
seccomp.c seccomp: Add missing return in non-void function 2021-03-04 10:26:45 +01:00
signal.c signal: Remove the bogus sigkill_pending in ptrace_stop 2021-11-17 09:48:24 +01:00
smp.c smp: Fix smp_call_function_single_async prototype 2021-05-14 09:44:33 +02:00
smpboot.c kthread: Extract KTHREAD_IS_PER_CPU 2021-02-07 15:35:49 +01:00
smpboot.h
softirq.c
stackleak.c
stacktrace.c stacktrace: Don't skip first entry on noncurrent tasks 2019-11-04 21:19:25 +01:00
stop_machine.c
sys.c prctl: allow to setup brk for et_dyn executables 2021-09-26 14:07:08 +02:00
sys_ni.c
sysctl-test.c kernel/sysctl-test: Add null pointer test for sysctl.c:proc_dointvec() 2020-10-01 13:17:10 +02:00
sysctl.c sysctl.c: fix underflow value setting risk in vm_table 2021-03-17 17:03:45 +01:00
sysctl_binary.c
task_work.c
taskstats.c taskstats: fix data-race 2020-01-09 10:19:54 +01:00
test_kprobes.c
torture.c
tracepoint.c tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing 2021-07-14 16:53:08 +02:00
tsacct.c
ucount.c
uid16.c
uid16.h
umh.c usermodehelper: reset umask to default before executing user process 2020-10-14 10:32:58 +02:00
up.c smp: Fix smp_call_function_single_async prototype 2021-05-14 09:44:33 +02:00
user-return-notifier.c
user.c
user_namespace.c
utsname.c
utsname_sysctl.c
watchdog.c watchdog/softlockup: Enforce that timestamp is valid on boot 2020-02-24 08:36:52 +01:00
watchdog_hld.c
workqueue.c workqueue: Fix unbind_workers() VS wq_worker_running() race 2022-01-16 09:15:38 +01:00
workqueue_internal.h