Re: audit_log_drain

On Wednesday 06 April 2005 12:41, Chris Wright wrote: I have applied the following patch and ran Kris's test program. Didn't lose any netlink packets and didn't need to raise the backlog limit from 64. I bumped her test up to 100,000 loops. The audit daemon rotated logfiles and did not drop a single packet. I decided to leave 3 openings in the backlog in hopes of allowing something to be enqueued that may trigger audit_log_drain. Signed-Off-By: Steve Grubb&lt;sgrubb(a)redhat.com&gt; diff -ur linux-2.6.9.orig/kernel/audit.c linux-2.6.9/kernel/audit.c --- linux-2.6.9.orig/kernel/audit.c 2005-04-06 12:27:28.000000000 -0400 +++ linux-2.6.9/kernel/audit.c 2005-04-06 12:30:21.000000000 -0400 @@ -143,7 +143,6 @@ int total; int type; int pid; - int count; /* Times requeued */ }; void audit_set_type(struct audit_buffer *ab, int type) @@ -534,8 +533,8 @@ retval = netlink_unicast(audit_sock, skb, audit_pid, MSG_DONTWAIT); } - if (retval == -EAGAIN && ab->count < 5) { - ++ab->count; + if (retval == -EAGAIN && + (atomic_read(&audit_backlog)+3) < audit_backlog_limit) { skb_queue_tail(&ab->sklist, skb); audit_log_end_irq(ab); return 1; @@ -675,7 +674,6 @@ ab->total = 0; ab->type = AUDIT_KERNEL; ab->pid = 0; - ab->count = 0; #ifdef CONFIG_AUDITSYSCALL if (ab->ctx)