summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2008-01-23 22:55:05 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2008-02-01 14:25:04 -0500
commit320f1b1ed28c601cc152053a2f428a126cb608bc (patch)
tree5865f2acf0d84b61fc81108f1bbb33896d11df84
parent148b38dc9309044c8656aa36d5fd86069e2ea7cc (diff)
downloadlinux-320f1b1ed28c601cc152053a2f428a126cb608bc.tar.gz
linux-320f1b1ed28c601cc152053a2f428a126cb608bc.tar.bz2
linux-320f1b1ed28c601cc152053a2f428a126cb608bc.zip
[AUDIT] ratelimit printk messages audit
some printk messages from the audit system can become excessive. This patch ratelimits those messages. It was found that messages, such as the audit backlog lost printk message could flood the logs to the point that a machine could take an nmi watchdog hit or otherwise become unresponsive. Signed-off-by: Eric Paris <eparis@redhat.com>
-rw-r--r--kernel/audit.c27
1 files changed, 18 insertions, 9 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 9e3e457ddfb5..c8555b180213 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -166,7 +166,8 @@ void audit_panic(const char *message)
case AUDIT_FAIL_SILENT:
break;
case AUDIT_FAIL_PRINTK:
- printk(KERN_ERR "audit: %s\n", message);
+ if (printk_ratelimit())
+ printk(KERN_ERR "audit: %s\n", message);
break;
case AUDIT_FAIL_PANIC:
panic("audit: %s\n", message);
@@ -234,11 +235,13 @@ void audit_log_lost(const char *message)
}
if (print) {
- printk(KERN_WARNING
- "audit: audit_lost=%d audit_rate_limit=%d audit_backlog_limit=%d\n",
- atomic_read(&audit_lost),
- audit_rate_limit,
- audit_backlog_limit);
+ if (printk_ratelimit())
+ printk(KERN_WARNING
+ "audit: audit_lost=%d audit_rate_limit=%d "
+ "audit_backlog_limit=%d\n",
+ atomic_read(&audit_lost),
+ audit_rate_limit,
+ audit_backlog_limit);
audit_panic(message);
}
}
@@ -352,7 +355,11 @@ static int kauditd_thread(void *dummy)
audit_pid = 0;
}
} else {
- printk(KERN_NOTICE "%s\n", skb->data + NLMSG_SPACE(0));
+ if (printk_ratelimit())
+ printk(KERN_NOTICE "%s\n", skb->data +
+ NLMSG_SPACE(0));
+ else
+ audit_log_lost("printk limit exceeded\n");
kfree_skb(skb);
}
} else {
@@ -1066,7 +1073,7 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
remove_wait_queue(&audit_backlog_wait, &wait);
continue;
}
- if (audit_rate_check())
+ if (audit_rate_check() && printk_ratelimit())
printk(KERN_WARNING
"audit: audit_backlog=%d > "
"audit_backlog_limit=%d\n",
@@ -1349,9 +1356,11 @@ void audit_log_end(struct audit_buffer *ab)
skb_queue_tail(&audit_skb_queue, ab->skb);
ab->skb = NULL;
wake_up_interruptible(&kauditd_wait);
- } else {
+ } else if (printk_ratelimit()) {
struct nlmsghdr *nlh = nlmsg_hdr(ab->skb);
printk(KERN_NOTICE "type=%d %s\n", nlh->nlmsg_type, ab->skb->data + NLMSG_SPACE(0));
+ } else {
+ audit_log_lost("printk limit exceeded\n");
}
}
audit_buffer_free(ab);