Re: [RFC PATCH 1/7] audit: don't needlessly reset valid wait time
On 15/11/04, Paul Moore wrote:
On Thursday, October 22, 2015 02:53:14 PM Richard Guy Briggs wrote:
> After auditd has recovered from an overflowed queue, the first process
> that doesn't use reserves to make it through the queue checks should
> reset the audit backlog wait time to the configured value. After that,
> there is no need to keep resetting it.
>
> Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com>
> ---
> kernel/audit.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/kernel/audit.c b/kernel/audit.c
> index a72ad37..daefd81 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -1403,7 +1403,7 @@ struct audit_buffer *audit_log_start(struct
> audit_context *ctx, gfp_t gfp_mask, return NULL;
> }
>
> - if (!reserve)
> + if (!reserve && !audit_backlog_wait_time)
> audit_backlog_wait_time = audit_backlog_wait_time_master;
>
> ab = audit_buffer_alloc(ctx, gfp_mask, type);
This looks fine to me, I'm going to add it to audit#next-queue.
Also, can you think of a good reason why "audit_backlog_wait_overflow" exists?
I'm going to replace it with the simple "audit_backlog_wait_time = 0;"
unless
you can think of a solid reason not to do so. It seems much more obvious and
readable to me.
That goes back to ac4cec44, DWMW, July 2005. Best answer I can come up
with is that it labels magic values and puts them up front at the top of
the file. I'd suggest instead replacing it with a macro. I don't have
an significant objection to just assigning zero where you suggest.
paul moore
- RGB
--
Richard Guy Briggs <rbriggs(a)redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545