diff options
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/audit.c | 62 |
1 files changed, 40 insertions, 22 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index d596e5355f15..4bf486c3e9e8 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
@@ -417,34 +417,52 @@ static void kauditd_send_skb(struct sk_buff *skb) | |||
417 | consume_skb(skb); | 417 | consume_skb(skb); |
418 | } | 418 | } |
419 | 419 | ||
420 | /* | ||
421 | * flush_hold_queue - empty the hold queue if auditd appears | ||
422 | * | ||
423 | * If auditd just started, drain the queue of messages already | ||
424 | * sent to syslog/printk. Remember loss here is ok. We already | ||
425 | * called audit_log_lost() if it didn't go out normally. so the | ||
426 | * race between the skb_dequeue and the next check for audit_pid | ||
427 | * doesn't matter. | ||
428 | * | ||
429 | * If you ever find kauditd to be too slow we can get a perf win | ||
430 | * by doing our own locking and keeping better track if there | ||
431 | * are messages in this queue. I don't see the need now, but | ||
432 | * in 5 years when I want to play with this again I'll see this | ||
433 | * note and still have no friggin idea what i'm thinking today. | ||
434 | */ | ||
435 | static void flush_hold_queue(void) | ||
436 | { | ||
437 | struct sk_buff *skb; | ||
438 | |||
439 | if (!audit_default || !audit_pid) | ||
440 | return; | ||
441 | |||
442 | skb = skb_dequeue(&audit_skb_hold_queue); | ||
443 | if (likely(!skb)) | ||
444 | return; | ||
445 | |||
446 | while (skb && audit_pid) { | ||
447 | kauditd_send_skb(skb); | ||
448 | skb = skb_dequeue(&audit_skb_hold_queue); | ||
449 | } | ||
450 | |||
451 | /* | ||
452 | * if auditd just disappeared but we | ||
453 | * dequeued an skb we need to drop ref | ||
454 | */ | ||
455 | if (skb) | ||
456 | consume_skb(skb); | ||
457 | } | ||
458 | |||
420 | static int kauditd_thread(void *dummy) | 459 | static int kauditd_thread(void *dummy) |
421 | { | 460 | { |
422 | struct sk_buff *skb; | 461 | struct sk_buff *skb; |
423 | 462 | ||
424 | set_freezable(); | 463 | set_freezable(); |
425 | while (!kthread_should_stop()) { | 464 | while (!kthread_should_stop()) { |
426 | /* | 465 | flush_hold_queue(); |
427 | * if auditd just started drain the queue of messages already | ||
428 | * sent to syslog/printk. remember loss here is ok. we already | ||
429 | * called audit_log_lost() if it didn't go out normally. so the | ||
430 | * race between the skb_dequeue and the next check for audit_pid | ||
431 | * doesn't matter. | ||
432 | * | ||
433 | * if you ever find kauditd to be too slow we can get a perf win | ||
434 | * by doing our own locking and keeping better track if there | ||
435 | * are messages in this queue. I don't see the need now, but | ||
436 | * in 5 years when I want to play with this again I'll see this | ||
437 | * note and still have no friggin idea what i'm thinking today. | ||
438 | */ | ||
439 | if (audit_default && audit_pid) { | ||
440 | skb = skb_dequeue(&audit_skb_hold_queue); | ||
441 | if (unlikely(skb)) { | ||
442 | while (skb && audit_pid) { | ||
443 | kauditd_send_skb(skb); | ||
444 | skb = skb_dequeue(&audit_skb_hold_queue); | ||
445 | } | ||
446 | } | ||
447 | } | ||
448 | 466 | ||
449 | skb = skb_dequeue(&audit_skb_queue); | 467 | skb = skb_dequeue(&audit_skb_queue); |
450 | wake_up(&audit_backlog_wait); | 468 | wake_up(&audit_backlog_wait); |