AUDIT: Stop waiting for backlog after audit_panic() happens (ac4cec44) · Commits · 戴 / test

kernel/audit.c

+10 −5

Original line number	Diff line number	Diff line
		@@ -79,6 +79,8 @@ static int audit_rate_limit;

		/* Number of outstanding audit_buffers allowed. */
		static int audit_backlog_limit = 64;
		static int audit_backlog_wait_time = 60 * HZ;
		static int audit_backlog_wait_overflow = 0;

		/* The identity of the user shutting down the audit system. */
		uid_t audit_sig_uid = -1;
		@@ -655,6 +657,7 @@ struct audit_buffer audit_log_start(struct audit_context ctx, int gfp_mask,
		struct timespec t;
		unsigned int serial;
		int reserve;
		unsigned long timeout_start = jiffies;

		if (!audit_initialized)
		return NULL;
		@@ -667,8 +670,9 @@ struct audit_buffer audit_log_start(struct audit_context ctx, int gfp_mask,

		while (audit_backlog_limit
		&& skb_queue_len(&audit_skb_queue) > audit_backlog_limit + reserve) {
		if (gfp_mask & __GFP_WAIT) {
		int ret = 1;
		if (gfp_mask & __GFP_WAIT && audit_backlog_wait_time
		&& time_before(jiffies, timeout_start + audit_backlog_wait_time)) {

		/* Wait for auditd to drain the queue a little */
		DECLARE_WAITQUEUE(wait, current);
		set_current_state(TASK_INTERRUPTIBLE);
		@@ -676,11 +680,10 @@ struct audit_buffer audit_log_start(struct audit_context ctx, int gfp_mask,

		if (audit_backlog_limit &&
		skb_queue_len(&audit_skb_queue) > audit_backlog_limit)
		ret = schedule_timeout(HZ * 60);
		schedule_timeout(timeout_start + audit_backlog_wait_time - jiffies);

		__set_current_state(TASK_RUNNING);
		remove_wait_queue(&audit_backlog_wait, &wait);
		if (ret)
		continue;
		}
		if (audit_rate_check())
		@@ -690,6 +693,8 @@ struct audit_buffer audit_log_start(struct audit_context ctx, int gfp_mask,
		skb_queue_len(&audit_skb_queue),
		audit_backlog_limit);
		audit_log_lost("backlog limit exceeded");
		audit_backlog_wait_time = audit_backlog_wait_overflow;
		wake_up(&audit_backlog_wait);
		return NULL;
		}

Admin message