Re: [RFC PATCH 1/7] audit: don't needlessly reset valid wait time
On Thursday, October 22, 2015 02:53:14 PM Richard Guy Briggs wrote:
After auditd has recovered from an overflowed queue, the first
process
that doesn't use reserves to make it through the queue checks should
reset the audit backlog wait time to the configured value. After that,
there is no need to keep resetting it.
Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com>
---
kernel/audit.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index a72ad37..daefd81 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1403,7 +1403,7 @@ struct audit_buffer *audit_log_start(struct
audit_context *ctx, gfp_t gfp_mask, return NULL;
}
- if (!reserve)
+ if (!reserve && !audit_backlog_wait_time)
audit_backlog_wait_time = audit_backlog_wait_time_master;
ab = audit_buffer_alloc(ctx, gfp_mask, type);
This looks fine to me, I'm going to add it to audit#next-queue.
Also, can you think of a good reason why "audit_backlog_wait_overflow" exists?
I'm going to replace it with the simple "audit_backlog_wait_time = 0;"
unless
you can think of a solid reason not to do so. It seems much more obvious and
readable to me.
--
paul moore
www.paul-moore.com