Audit: unify the printk of an skb when auditd not around

Remove code duplication of skb printk when auditd is not around in userspace to deal with this message. Signed-off-by: Eric Paris <eparis@redhat.com>
author: Eric Paris <eparis@redhat.com> 2009-06-11 14:31:35 -0400
committer: Al Viro <viro@zeniv.linux.org.uk> 2009-06-23 23:50:37 -0400
commit: 038cbcf65fd6a30c79e3917690b8c46321a27915 (patch)
tree: bc6fc5fbf9ac6dad6055aa77bb0b1eaf35fdaa37 /kernel/audit.c
parent: e85188f424c8eec7f311deed9a70bec57aeed741 (diff)
1 files changed, 22 insertions, 17 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 9442c3533ba9..f7ab4a479cdd 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -375,6 +375,25 @@ static void audit_hold_skb(struct sk_buff *skb)
                kfree_skb(skb);
 }
+/*
+ * For one reason or another this nlh isn't getting delivered to the userspace
+ * audit daemon, just send it to printk.
+ */
+static void audit_printk_skb(struct sk_buff *skb)
+{
+        struct nlmsghdr *nlh = nlmsg_hdr(skb);
+        char *data = NLMSG_DATA(nlh);
+        if (nlh->nlmsg_type != AUDIT_EOE) {
+                if (printk_ratelimit())
+                        printk(KERN_NOTICE "type=%d %s\n", nlh->nlmsg_type, data);
+                else
+                        audit_log_lost("printk limit exceeded\n");
+        }
+        audit_hold_skb(skb);
+}
 static void kauditd_send_skb(struct sk_buff *skb)
 {
        int err;
@@ -427,14 +446,8 @@ static int kauditd_thread(void *dummy)
                if (skb) {
                        if (audit_pid)
                                kauditd_send_skb(skb);
-                        else {
+                        else
-                                if (printk_ratelimit())
+                                audit_printk_skb(skb);
-                                        printk(KERN_NOTICE "%s\n", skb->data + NLMSG_SPACE(0));
-                                else
-                                        audit_log_lost("printk limit exceeded\n");
-                                audit_hold_skb(skb);
-                        }
                } else {
                        DECLARE_WAITQUEUE(wait, current);
                        set_current_state(TASK_INTERRUPTIBLE);
@@ -1475,15 +1488,7 @@ void audit_log_end(struct audit_buffer *ab)
                        skb_queue_tail(&audit_skb_queue, ab->skb);
                        wake_up_interruptible(&kauditd_wait);
                } else {
-                        if (nlh->nlmsg_type != AUDIT_EOE) {
+                        audit_printk_skb(ab->skb);
-                                if (printk_ratelimit()) {
-                                        printk(KERN_NOTICE "type=%d %s\n",
-                                                nlh->nlmsg_type,
-                                                ab->skb->data + NLMSG_SPACE(0));
-                                } else
-                                        audit_log_lost("printk limit exceeded\n");
-                        }
-                        audit_hold_skb(ab->skb);
                }
                ab->skb = NULL;
        }
author	Eric Paris <eparis@redhat.com>	2009-06-11 14:31:35 -0400
committer	Al Viro <viro@zeniv.linux.org.uk>	2009-06-23 23:50:37 -0400
commit	038cbcf65fd6a30c79e3917690b8c46321a27915 (patch)
tree	bc6fc5fbf9ac6dad6055aa77bb0b1eaf35fdaa37 /kernel/audit.c
parent	e85188f424c8eec7f311deed9a70bec57aeed741 (diff)