aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/audit.c
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2008-01-23 22:55:05 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2008-02-01 14:25:04 -0500
commit320f1b1ed28c601cc152053a2f428a126cb608bc (patch)
tree5865f2acf0d84b61fc81108f1bbb33896d11df84 /kernel/audit.c
parent148b38dc9309044c8656aa36d5fd86069e2ea7cc (diff)
[AUDIT] ratelimit printk messages audit
some printk messages from the audit system can become excessive. This patch ratelimits those messages. It was found that messages, such as the audit backlog lost printk message could flood the logs to the point that a machine could take an nmi watchdog hit or otherwise become unresponsive. Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'kernel/audit.c')
-rw-r--r--kernel/audit.c27
1 files changed, 18 insertions, 9 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 9e3e457ddfb5..c8555b180213 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -166,7 +166,8 @@ void audit_panic(const char *message)
166 case AUDIT_FAIL_SILENT: 166 case AUDIT_FAIL_SILENT:
167 break; 167 break;
168 case AUDIT_FAIL_PRINTK: 168 case AUDIT_FAIL_PRINTK:
169 printk(KERN_ERR "audit: %s\n", message); 169 if (printk_ratelimit())
170 printk(KERN_ERR "audit: %s\n", message);
170 break; 171 break;
171 case AUDIT_FAIL_PANIC: 172 case AUDIT_FAIL_PANIC:
172 panic("audit: %s\n", message); 173 panic("audit: %s\n", message);
@@ -234,11 +235,13 @@ void audit_log_lost(const char *message)
234 } 235 }
235 236
236 if (print) { 237 if (print) {
237 printk(KERN_WARNING 238 if (printk_ratelimit())
238 "audit: audit_lost=%d audit_rate_limit=%d audit_backlog_limit=%d\n", 239 printk(KERN_WARNING
239 atomic_read(&audit_lost), 240 "audit: audit_lost=%d audit_rate_limit=%d "
240 audit_rate_limit, 241 "audit_backlog_limit=%d\n",
241 audit_backlog_limit); 242 atomic_read(&audit_lost),
243 audit_rate_limit,
244 audit_backlog_limit);
242 audit_panic(message); 245 audit_panic(message);
243 } 246 }
244} 247}
@@ -352,7 +355,11 @@ static int kauditd_thread(void *dummy)
352 audit_pid = 0; 355 audit_pid = 0;
353 } 356 }
354 } else { 357 } else {
355 printk(KERN_NOTICE "%s\n", skb->data + NLMSG_SPACE(0)); 358 if (printk_ratelimit())
359 printk(KERN_NOTICE "%s\n", skb->data +
360 NLMSG_SPACE(0));
361 else
362 audit_log_lost("printk limit exceeded\n");
356 kfree_skb(skb); 363 kfree_skb(skb);
357 } 364 }
358 } else { 365 } else {
@@ -1066,7 +1073,7 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
1066 remove_wait_queue(&audit_backlog_wait, &wait); 1073 remove_wait_queue(&audit_backlog_wait, &wait);
1067 continue; 1074 continue;
1068 } 1075 }
1069 if (audit_rate_check()) 1076 if (audit_rate_check() && printk_ratelimit())
1070 printk(KERN_WARNING 1077 printk(KERN_WARNING
1071 "audit: audit_backlog=%d > " 1078 "audit: audit_backlog=%d > "
1072 "audit_backlog_limit=%d\n", 1079 "audit_backlog_limit=%d\n",
@@ -1349,9 +1356,11 @@ void audit_log_end(struct audit_buffer *ab)
1349 skb_queue_tail(&audit_skb_queue, ab->skb); 1356 skb_queue_tail(&audit_skb_queue, ab->skb);
1350 ab->skb = NULL; 1357 ab->skb = NULL;
1351 wake_up_interruptible(&kauditd_wait); 1358 wake_up_interruptible(&kauditd_wait);
1352 } else { 1359 } else if (printk_ratelimit()) {
1353 struct nlmsghdr *nlh = nlmsg_hdr(ab->skb); 1360 struct nlmsghdr *nlh = nlmsg_hdr(ab->skb);
1354 printk(KERN_NOTICE "type=%d %s\n", nlh->nlmsg_type, ab->skb->data + NLMSG_SPACE(0)); 1361 printk(KERN_NOTICE "type=%d %s\n", nlh->nlmsg_type, ab->skb->data + NLMSG_SPACE(0));
1362 } else {
1363 audit_log_lost("printk limit exceeded\n");
1355 } 1364 }
1356 } 1365 }
1357 audit_buffer_free(ab); 1366 audit_buffer_free(ab);