diff options
author | Serge E. Hallyn <serue@us.ibm.com> | 2006-04-27 17:45:14 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2006-06-20 05:25:23 -0400 |
commit | 5d136a010de3bc16fe595987feb9ef8868f064c2 (patch) | |
tree | ce0dbf3d5da61bc9b69fa557f0f578cd980f3147 /kernel | |
parent | 0a3b483e83edb6aa6d3c49db70eeb6f1cd9f6c6b (diff) |
[PATCH] minor audit updates
Just a few minor proposed updates. Only the last one will
actually affect behavior. The rest are just misleading
code.
Several AUDIT_SET functions return 'old' value, but only
return value <0 is checked for. So just return 0.
propagate audit_set_rate_limit and audit_set_backlog_limit
error values
In audit_buffer_free, the audit_freelist_count was being
incremented even when we discard the return buffer, so
audit_freelist_count can end up wrong. This could cause
the actual freelist to shrink over time, eventually
threatening to degrate audit performance.
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/audit.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index bb20922d08cc..0738a4b290e6 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
@@ -251,7 +251,7 @@ static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sid) | |||
251 | "audit_rate_limit=%d old=%d by auid=%u", | 251 | "audit_rate_limit=%d old=%d by auid=%u", |
252 | limit, old, loginuid); | 252 | limit, old, loginuid); |
253 | audit_rate_limit = limit; | 253 | audit_rate_limit = limit; |
254 | return old; | 254 | return 0; |
255 | } | 255 | } |
256 | 256 | ||
257 | static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid) | 257 | static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid) |
@@ -274,7 +274,7 @@ static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid) | |||
274 | "audit_backlog_limit=%d old=%d by auid=%u", | 274 | "audit_backlog_limit=%d old=%d by auid=%u", |
275 | limit, old, loginuid); | 275 | limit, old, loginuid); |
276 | audit_backlog_limit = limit; | 276 | audit_backlog_limit = limit; |
277 | return old; | 277 | return 0; |
278 | } | 278 | } |
279 | 279 | ||
280 | static int audit_set_enabled(int state, uid_t loginuid, u32 sid) | 280 | static int audit_set_enabled(int state, uid_t loginuid, u32 sid) |
@@ -300,7 +300,7 @@ static int audit_set_enabled(int state, uid_t loginuid, u32 sid) | |||
300 | "audit_enabled=%d old=%d by auid=%u", | 300 | "audit_enabled=%d old=%d by auid=%u", |
301 | state, old, loginuid); | 301 | state, old, loginuid); |
302 | audit_enabled = state; | 302 | audit_enabled = state; |
303 | return old; | 303 | return 0; |
304 | } | 304 | } |
305 | 305 | ||
306 | static int audit_set_failure(int state, uid_t loginuid, u32 sid) | 306 | static int audit_set_failure(int state, uid_t loginuid, u32 sid) |
@@ -328,7 +328,7 @@ static int audit_set_failure(int state, uid_t loginuid, u32 sid) | |||
328 | "audit_failure=%d old=%d by auid=%u", | 328 | "audit_failure=%d old=%d by auid=%u", |
329 | state, old, loginuid); | 329 | state, old, loginuid); |
330 | audit_failure = state; | 330 | audit_failure = state; |
331 | return old; | 331 | return 0; |
332 | } | 332 | } |
333 | 333 | ||
334 | static int kauditd_thread(void *dummy) | 334 | static int kauditd_thread(void *dummy) |
@@ -364,7 +364,6 @@ static int kauditd_thread(void *dummy) | |||
364 | remove_wait_queue(&kauditd_wait, &wait); | 364 | remove_wait_queue(&kauditd_wait, &wait); |
365 | } | 365 | } |
366 | } | 366 | } |
367 | return 0; | ||
368 | } | 367 | } |
369 | 368 | ||
370 | int audit_send_list(void *_dest) | 369 | int audit_send_list(void *_dest) |
@@ -551,10 +550,10 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
551 | audit_pid = status_get->pid; | 550 | audit_pid = status_get->pid; |
552 | } | 551 | } |
553 | if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) | 552 | if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) |
554 | audit_set_rate_limit(status_get->rate_limit, | 553 | err = audit_set_rate_limit(status_get->rate_limit, |
555 | loginuid, sid); | 554 | loginuid, sid); |
556 | if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT) | 555 | if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT) |
557 | audit_set_backlog_limit(status_get->backlog_limit, | 556 | err = audit_set_backlog_limit(status_get->backlog_limit, |
558 | loginuid, sid); | 557 | loginuid, sid); |
559 | break; | 558 | break; |
560 | case AUDIT_USER: | 559 | case AUDIT_USER: |
@@ -727,10 +726,12 @@ static void audit_buffer_free(struct audit_buffer *ab) | |||
727 | kfree_skb(ab->skb); | 726 | kfree_skb(ab->skb); |
728 | 727 | ||
729 | spin_lock_irqsave(&audit_freelist_lock, flags); | 728 | spin_lock_irqsave(&audit_freelist_lock, flags); |
730 | if (++audit_freelist_count > AUDIT_MAXFREE) | 729 | if (audit_freelist_count > AUDIT_MAXFREE) |
731 | kfree(ab); | 730 | kfree(ab); |
732 | else | 731 | else { |
732 | audit_freelist_count++; | ||
733 | list_add(&ab->list, &audit_freelist); | 733 | list_add(&ab->list, &audit_freelist); |
734 | } | ||
734 | spin_unlock_irqrestore(&audit_freelist_lock, flags); | 735 | spin_unlock_irqrestore(&audit_freelist_lock, flags); |
735 | } | 736 | } |
736 | 737 | ||