• Imre Palik's avatar
    audit: move the tree pruning to a dedicated thread · f1aaf262
    Imre Palik authored
    When file auditing is enabled, during a low memory situation, a memory
    allocation with __GFP_FS can lead to pruning the inode cache.  Which can,
    in turn lead to audit_tree_freeing_mark() being called.  This can call
    audit_schedule_prune(), that tries to fork a pruning thread, and
    waits until the thread is created.  But forking needs memory, and the
    memory allocations there are done with __GFP_FS.
    
    So we are waiting merrily for some __GFP_FS memory allocations to complete,
    while holding some filesystem locks.  This can take a while ...
    
    This patch creates a single thread for pruning the tree from
    audit_add_tree_rule(), and thus avoids the deadlock that the on-demand
    thread creation can cause.
    Reported-by: default avatarMatt Wilson <msw@amazon.com>
    Cc: Matt Wilson <msw@amazon.com>
    Signed-off-by: default avatarImre Palik <imrep@amazon.de>
    Reviewed-by: default avatarRichard Guy Briggs <rgb@redhat.com>
    Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
    f1aaf262
audit_tree.c 22.6 KB