CVE-2023-54045

In the Linux kernel, the following vulnerability has been resolved:

audit: fix possible soft lockup in __auditinodechild()

Tracefs or debugfs maybe cause hundreds to thousands of PATH records, too many PATH records maybe cause soft lockup.

For example: 1. CONFIGKASAN=y && CONFIGPREEMPTION=n 2. auditctl -a exit,always -S open -k key 3. sysctl -w kernel.watchdog_thresh=5 4. mkdir /sys/kernel/debug/tracing/instances/test

There may be a soft lockup as follows: watchdog: BUG: soft lockup - CPU#45 stuck for 7s! [mkdir:15498] Kernel panic - not syncing: softlockup: hung tasks Call trace: dumpbacktrace+0x0/0x30c showstack+0x20/0x30 dumpstack+0x11c/0x174 panic+0x27c/0x494 watchdogtimer_fn+0x2bc/0x390 __run_hrtimer+0x148/0x4fc __hrtimerrunqueues+0x154/0x210 hrtimerinterrupt+0x2c4/0x760 archtimerhandlerphys+0x48/0x60 handlepercpudevid_irq+0xe0/0x340 __handledomainirq+0xbc/0x130 gichandleirq+0x78/0x460 el1_irq+0xb8/0x140 __auditinodechild+0x240/0x7bc tracefscreatefile+0x1b8/0x2a0 tracecreatefile+0x18/0x50 eventcreatedir+0x204/0x30c __traceaddnewevent+0xac/0x100 eventtraceaddtracer+0xa0/0x130 tracearraycreatedir+0x60/0x140 tracearraycreate+0x1e0/0x370 instancemkdir+0x90/0xd0 tracefssyscallmkdir+0x68/0xa0 vfsmkdir+0x21c/0x34c domkdirat+0x1b4/0x1d4 __arm64sysmkdirat+0x4c/0x60 el0svccommon.constprop.0+0xa8/0x240 doel0svc+0x8c/0xc0 el0svc+0x20/0x30 el0synchandler+0xb0/0xb4 el0sync+0x160/0x180

Therefore, we add cond_resched() to __auditinodechild() to fix it.