Re: [PATCH 1/4] audit: refactor queue full checks
From: Eiichi Tsukata
Date: Wed May 10 2023 - 03:18:09 EST
> On May 10, 2023, at 15:54, Rinat Gadelshin <rgadelsh@xxxxxxxxx> wrote:
>
> Hi Eiichi!
>
> Just one one for your patch.
>
> On 08.05.2023 10:58, Eiichi Tsukata wrote:
>> Currently audit queue full checks are done in multiple places.
>> Consolidate them into one audit_queue_full().
>>
>> Signed-off-by: Eiichi Tsukata <eiichi.tsukata@xxxxxxxxxxx>
>> ---
>> kernel/audit.c | 21 +++++++++++----------
>> 1 file changed, 11 insertions(+), 10 deletions(-)
>>
>> diff --git a/kernel/audit.c b/kernel/audit.c
>> index 9bc0b0301198..c15694e1a76b 100644
>> --- a/kernel/audit.c
>> +++ b/kernel/audit.c
>> @@ -341,6 +341,12 @@ static inline int audit_rate_check(void)
>> return retval;
>> }
>> +static inline int audit_queue_full(const struct sk_buff_head *queue)
>> +{
>> + return audit_backlog_limit &&
>> + (skb_queue_len(queue) > audit_backlog_limit);
> It seems that we should use `>=` here.
Hi Rinat
Could you provide the detailed reason?
Currently queue full checks are done with ‘>’,
on the other hand queue NOT full checks are done with ‘<‘.
Looking into other similar checks in the kernel, unix_recvq_full() is using ‘>’.
Paul, how do you think about it?
Eiichi