From fb19b4c6aa024837a0071f07baa07dbf49d07151 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 19 May 2005 14:55:56 +0100 Subject: [PATCH] AUDIT: Honour audit_backlog_limit again. The limit on the number of outstanding audit messages was inadvertently removed with the switch to queuing skbs directly for sending by a kernel thread. Put it back again. Signed-off-by: David Woodhouse --- kernel/audit.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/kernel/audit.c b/kernel/audit.c index bbc6f542c8f7..41581413529c 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -613,6 +613,18 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, int type) if (!audit_initialized) return NULL; + if (audit_backlog_limit + && skb_queue_len(&audit_skb_queue) > audit_backlog_limit) { + if (audit_rate_check()) + printk(KERN_WARNING + "audit: audit_backlog=%d > " + "audit_backlog_limit=%d\n", + skb_queue_len(&audit_skb_queue), + audit_backlog_limit); + audit_log_lost("backlog limit exceeded"); + return NULL; + } + ab = audit_buffer_alloc(ctx, GFP_ATOMIC, type); if (!ab) { audit_log_lost("out of memory in audit_log_start"); -- GitLab