diff options
| author | Mickaël Salaün <mic@digikod.net> | 2026-05-13 13:51:09 +0300 |
|---|---|---|
| committer | Mickaël Salaün <mic@digikod.net> | 2026-05-21 20:32:13 +0300 |
| commit | d8dfb4c7faa87c3e41a8678f38f136c2c7c036fa (patch) | |
| tree | e90887ccc23712a7dde6917a89cfdd09fe0728bf /include/linux/workqueue_api.h | |
| parent | 26679fad81a471428707d2dd7b0418204c52b7e4 (diff) | |
| download | linux-d8dfb4c7faa87c3e41a8678f38f136c2c7c036fa.tar.xz | |
selftests/landlock: Increase default audit socket timeout
matches_log_fs() and other audit_match_record() callers intermittently
return -EAGAIN under heavy debug configs (KASAN, lockdep). The audit
record delivery pipeline is asynchronous: landlock_log_denial() queues
the record to audit_queue, and kauditd_thread dequeues and delivers via
netlink. Under debug configs, kauditd scheduling between
audit_log_end() and netlink_unicast() can exceed a syscall round trip
(more than 1 usec), which was the value of the socket timeout used for
the recvfrom() calls.
The observed failure [1] is an EAGAIN error code (-11) which means that
the access record had not arrived within the 1 usec timeout of
recvfrom(). The expected record does arrive, but only after
matches_log_fs() has already returned. It is then consumed by a later
audit_count_records() call, making records.access == 1 instead of 0.
Switch the default socket timeout to the slow value (1 second) so all
audit_match_record() callers wait long enough for kauditd delivery, and
lower it to the fast value (1 usec) only on the two paths that expect no
record: audit_count_records() and the expected_domain_id == 0 probe in
matches_log_domain_deallocated(). audit_init() drains stale records
with the fast timeout (terminating on -EAGAIN once the backlog is empty)
and switches to the patient default before returning. 1 second gives
~10x margin over the observed maximum (~100 ms, while the happy path is
~23 us).
Rename the timeval constants to reflect their new roles:
- audit_tv_dom_drop (1 second) -> audit_tv_default: default socket
timeout, patient enough for asynchronous kauditd delivery.
- audit_tv_default (1 usec) -> audit_tv_fast: fast timeout for paths
that expect no record (drain, audit_count_records(), probes).
Invert the conditional in matches_log_domain_deallocated(). Check
setsockopt returns on both the lower and restore paths; preserve the
first error via !err when the restore fails after a prior error so the
actionable return code is not masked by a bookkeeping failure.
Cc: Günther Noack <gnoack@google.com>
Cc: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
Cc: stable@vger.kernel.org
Depends-on: 07c2572a8757 ("selftests/landlock: Skip stale records in audit_match_record()")
Fixes: 6a500b22971c ("selftests/landlock: Add tests for audit flags and domain IDs")
Reported-by: Günther Noack <gnoack3000@gmail.com>
Closes: https://lore.kernel.org/r/20260402.eb5c4e85f472@gnoack.org [1]
Reported-by: kernel test robot <oliver.sang@intel.com>
Closes: https://lore.kernel.org/oe-lkp/202605111649.a8b30a62-lkp@intel.com
Closes: https://lore.kernel.org/oe-lkp/202604300436.a07fae12-lkp@intel.com
Tested-by: Günther Noack <gnoack3000@gmail.com>
Link: https://patch.msgid.link/20260513105112.140137-2-mic@digikod.net
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Diffstat (limited to 'include/linux/workqueue_api.h')
0 files changed, 0 insertions, 0 deletions