AUDIT: Honour audit_backlog_limit again.

The limit on the number of outstanding audit messages was inadvertently removed with the switch to queuing skbs directly for sending by a kernel thread. Put it back again. Signed-off-by: David Woodhouse <dwmw2@infradead.org>

AUDIT: Honour audit_backlog_limit again.
The limit on the number of outstanding audit messages was inadvertently removed with the switch to queuing skbs directly for sending by a kernel thread. Put it back again. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
fb19b4c6 · David Woodhouse · 7063e6c7 · fb19b4c6
Commit fb19b4c6 authored May 19, 2005 by David Woodhouse
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 0 deletions

kernel/audit.c kernel/audit.c +12 -0

No files found.
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -613,6 +613,18 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, int type)
 	if (!audit_initialized)
 		return NULL;

+	if (audit_backlog_limit
+	    && skb_queue_len(&audit_skb_queue) > audit_backlog_limit) {
+		if (audit_rate_check())
+			printk(KERN_WARNING
+			       "audit: audit_backlog=%d > "
+			       "audit_backlog_limit=%d\n",
+			       skb_queue_len(&audit_skb_queue),
+			       audit_backlog_limit);
+		audit_log_lost("backlog limit exceeded");
+		return NULL;
+	}
+
 	ab = audit_buffer_alloc(ctx, GFP_ATOMIC, type);
 	if (!ab) {
 		audit_log_lost("out of memory in audit_log_start");