Commit 5d136a01 authored by Serge E. Hallyn's avatar Serge E. Hallyn Committed by Al Viro

[PATCH] minor audit updates

Just a few minor proposed updates.  Only the last one will
actually affect behavior.  The rest are just misleading
code.

Several AUDIT_SET functions return 'old' value, but only
return value <0 is checked for.  So just return 0.

propagate audit_set_rate_limit and audit_set_backlog_limit
error values

In audit_buffer_free, the audit_freelist_count was being
incremented even when we discard the return buffer, so
audit_freelist_count can end up wrong.  This could cause
the actual freelist to shrink over time, eventually
threatening to degrate audit performance.
Signed-off-by: default avatarSerge E. Hallyn <serue@us.ibm.com>
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 0a3b483e
...@@ -251,7 +251,7 @@ static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sid) ...@@ -251,7 +251,7 @@ static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sid)
"audit_rate_limit=%d old=%d by auid=%u", "audit_rate_limit=%d old=%d by auid=%u",
limit, old, loginuid); limit, old, loginuid);
audit_rate_limit = limit; audit_rate_limit = limit;
return old; return 0;
} }
static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid) static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid)
...@@ -274,7 +274,7 @@ static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid) ...@@ -274,7 +274,7 @@ static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid)
"audit_backlog_limit=%d old=%d by auid=%u", "audit_backlog_limit=%d old=%d by auid=%u",
limit, old, loginuid); limit, old, loginuid);
audit_backlog_limit = limit; audit_backlog_limit = limit;
return old; return 0;
} }
static int audit_set_enabled(int state, uid_t loginuid, u32 sid) static int audit_set_enabled(int state, uid_t loginuid, u32 sid)
...@@ -300,7 +300,7 @@ static int audit_set_enabled(int state, uid_t loginuid, u32 sid) ...@@ -300,7 +300,7 @@ static int audit_set_enabled(int state, uid_t loginuid, u32 sid)
"audit_enabled=%d old=%d by auid=%u", "audit_enabled=%d old=%d by auid=%u",
state, old, loginuid); state, old, loginuid);
audit_enabled = state; audit_enabled = state;
return old; return 0;
} }
static int audit_set_failure(int state, uid_t loginuid, u32 sid) static int audit_set_failure(int state, uid_t loginuid, u32 sid)
...@@ -328,7 +328,7 @@ static int audit_set_failure(int state, uid_t loginuid, u32 sid) ...@@ -328,7 +328,7 @@ static int audit_set_failure(int state, uid_t loginuid, u32 sid)
"audit_failure=%d old=%d by auid=%u", "audit_failure=%d old=%d by auid=%u",
state, old, loginuid); state, old, loginuid);
audit_failure = state; audit_failure = state;
return old; return 0;
} }
static int kauditd_thread(void *dummy) static int kauditd_thread(void *dummy)
...@@ -364,7 +364,6 @@ static int kauditd_thread(void *dummy) ...@@ -364,7 +364,6 @@ static int kauditd_thread(void *dummy)
remove_wait_queue(&kauditd_wait, &wait); remove_wait_queue(&kauditd_wait, &wait);
} }
} }
return 0;
} }
int audit_send_list(void *_dest) int audit_send_list(void *_dest)
...@@ -551,10 +550,10 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) ...@@ -551,10 +550,10 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
audit_pid = status_get->pid; audit_pid = status_get->pid;
} }
if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) if (status_get->mask & AUDIT_STATUS_RATE_LIMIT)
audit_set_rate_limit(status_get->rate_limit, err = audit_set_rate_limit(status_get->rate_limit,
loginuid, sid); loginuid, sid);
if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT) if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT)
audit_set_backlog_limit(status_get->backlog_limit, err = audit_set_backlog_limit(status_get->backlog_limit,
loginuid, sid); loginuid, sid);
break; break;
case AUDIT_USER: case AUDIT_USER:
...@@ -727,10 +726,12 @@ static void audit_buffer_free(struct audit_buffer *ab) ...@@ -727,10 +726,12 @@ static void audit_buffer_free(struct audit_buffer *ab)
kfree_skb(ab->skb); kfree_skb(ab->skb);
spin_lock_irqsave(&audit_freelist_lock, flags); spin_lock_irqsave(&audit_freelist_lock, flags);
if (++audit_freelist_count > AUDIT_MAXFREE) if (audit_freelist_count > AUDIT_MAXFREE)
kfree(ab); kfree(ab);
else else {
audit_freelist_count++;
list_add(&ab->list, &audit_freelist); list_add(&ab->list, &audit_freelist);
}
spin_unlock_irqrestore(&audit_freelist_lock, flags); spin_unlock_irqrestore(&audit_freelist_lock, flags);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment