diff options
| author | Serge E. Hallyn <serue@us.ibm.com> | 2006-04-27 17:45:14 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2006-06-20 05:25:23 -0400 |
| commit | 5d136a010de3bc16fe595987feb9ef8868f064c2 (patch) | |
| tree | ce0dbf3d5da61bc9b69fa557f0f578cd980f3147 | |
| parent | 0a3b483e83edb6aa6d3c49db70eeb6f1cd9f6c6b (diff) | |
[PATCH] minor audit updates
Just a few minor proposed updates. Only the last one will
actually affect behavior. The rest are just misleading
code.
Several AUDIT_SET functions return 'old' value, but only
return value <0 is checked for. So just return 0.
propagate audit_set_rate_limit and audit_set_backlog_limit
error values
In audit_buffer_free, the audit_freelist_count was being
incremented even when we discard the return buffer, so
audit_freelist_count can end up wrong. This could cause
the actual freelist to shrink over time, eventually
threatening to degrate audit performance.
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| -rw-r--r-- | kernel/audit.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index bb20922d08cc..0738a4b290e6 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
| @@ -251,7 +251,7 @@ static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sid) | |||
| 251 | "audit_rate_limit=%d old=%d by auid=%u", | 251 | "audit_rate_limit=%d old=%d by auid=%u", |
| 252 | limit, old, loginuid); | 252 | limit, old, loginuid); |
| 253 | audit_rate_limit = limit; | 253 | audit_rate_limit = limit; |
| 254 | return old; | 254 | return 0; |
| 255 | } | 255 | } |
| 256 | 256 | ||
| 257 | static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid) | 257 | static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid) |
| @@ -274,7 +274,7 @@ static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid) | |||
| 274 | "audit_backlog_limit=%d old=%d by auid=%u", | 274 | "audit_backlog_limit=%d old=%d by auid=%u", |
| 275 | limit, old, loginuid); | 275 | limit, old, loginuid); |
| 276 | audit_backlog_limit = limit; | 276 | audit_backlog_limit = limit; |
| 277 | return old; | 277 | return 0; |
| 278 | } | 278 | } |
| 279 | 279 | ||
| 280 | static int audit_set_enabled(int state, uid_t loginuid, u32 sid) | 280 | static int audit_set_enabled(int state, uid_t loginuid, u32 sid) |
| @@ -300,7 +300,7 @@ static int audit_set_enabled(int state, uid_t loginuid, u32 sid) | |||
| 300 | "audit_enabled=%d old=%d by auid=%u", | 300 | "audit_enabled=%d old=%d by auid=%u", |
| 301 | state, old, loginuid); | 301 | state, old, loginuid); |
| 302 | audit_enabled = state; | 302 | audit_enabled = state; |
| 303 | return old; | 303 | return 0; |
| 304 | } | 304 | } |
| 305 | 305 | ||
| 306 | static int audit_set_failure(int state, uid_t loginuid, u32 sid) | 306 | static int audit_set_failure(int state, uid_t loginuid, u32 sid) |
| @@ -328,7 +328,7 @@ static int audit_set_failure(int state, uid_t loginuid, u32 sid) | |||
| 328 | "audit_failure=%d old=%d by auid=%u", | 328 | "audit_failure=%d old=%d by auid=%u", |
| 329 | state, old, loginuid); | 329 | state, old, loginuid); |
| 330 | audit_failure = state; | 330 | audit_failure = state; |
| 331 | return old; | 331 | return 0; |
| 332 | } | 332 | } |
| 333 | 333 | ||
| 334 | static int kauditd_thread(void *dummy) | 334 | static int kauditd_thread(void *dummy) |
| @@ -364,7 +364,6 @@ static int kauditd_thread(void *dummy) | |||
| 364 | remove_wait_queue(&kauditd_wait, &wait); | 364 | remove_wait_queue(&kauditd_wait, &wait); |
| 365 | } | 365 | } |
| 366 | } | 366 | } |
| 367 | return 0; | ||
| 368 | } | 367 | } |
| 369 | 368 | ||
| 370 | int audit_send_list(void *_dest) | 369 | int audit_send_list(void *_dest) |
| @@ -551,10 +550,10 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 551 | audit_pid = status_get->pid; | 550 | audit_pid = status_get->pid; |
| 552 | } | 551 | } |
| 553 | if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) | 552 | if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) |
| 554 | audit_set_rate_limit(status_get->rate_limit, | 553 | err = audit_set_rate_limit(status_get->rate_limit, |
| 555 | loginuid, sid); | 554 | loginuid, sid); |
| 556 | if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT) | 555 | if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT) |
| 557 | audit_set_backlog_limit(status_get->backlog_limit, | 556 | err = audit_set_backlog_limit(status_get->backlog_limit, |
| 558 | loginuid, sid); | 557 | loginuid, sid); |
| 559 | break; | 558 | break; |
| 560 | case AUDIT_USER: | 559 | case AUDIT_USER: |
| @@ -727,10 +726,12 @@ static void audit_buffer_free(struct audit_buffer *ab) | |||
| 727 | kfree_skb(ab->skb); | 726 | kfree_skb(ab->skb); |
| 728 | 727 | ||
| 729 | spin_lock_irqsave(&audit_freelist_lock, flags); | 728 | spin_lock_irqsave(&audit_freelist_lock, flags); |
| 730 | if (++audit_freelist_count > AUDIT_MAXFREE) | 729 | if (audit_freelist_count > AUDIT_MAXFREE) |
| 731 | kfree(ab); | 730 | kfree(ab); |
| 732 | else | 731 | else { |
| 732 | audit_freelist_count++; | ||
| 733 | list_add(&ab->list, &audit_freelist); | 733 | list_add(&ab->list, &audit_freelist); |
| 734 | } | ||
| 734 | spin_unlock_irqrestore(&audit_freelist_lock, flags); | 735 | spin_unlock_irqrestore(&audit_freelist_lock, flags); |
| 735 | } | 736 | } |
| 736 | 737 | ||