Re: [PATCH 1/4] audit: refactor queue full checks
From: Rinat Gadelshin
Date: Wed May 10 2023 - 03:28:41 EST
On 10.05.2023 10:17, Eiichi Tsukata wrote:
On May 10, 2023, at 15:54, Rinat Gadelshin <rgadelsh@xxxxxxxxx> wrote:
Hi Eiichi!
Just one one for your patch.
On 08.05.2023 10:58, Eiichi Tsukata wrote:
Currently audit queue full checks are done in multiple places.
Consolidate them into one audit_queue_full().
Signed-off-by: Eiichi Tsukata <eiichi.tsukata@xxxxxxxxxxx>
---
kernel/audit.c | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index 9bc0b0301198..c15694e1a76b 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -341,6 +341,12 @@ static inline int audit_rate_check(void)
return retval;
}
+static inline int audit_queue_full(const struct sk_buff_head *queue)
+{
+ return audit_backlog_limit &&
+ (skb_queue_len(queue) > audit_backlog_limit);
It seems that we should use `>=` here.
Hi Rinat
Could you provide the detailed reason?
Currently queue full checks are done with ‘>’,
on the other hand queue NOT full checks are done with ‘<‘.
Looking into other similar checks in the kernel, unix_recvq_full() is using ‘>’.
Was (OR statement): `if (!audit_backlog_limit ||
skb_queue_len(&audit_retry_queue) < audit_backlog_limit)
For AND-statement it should be `if (audit_backlog_limit &&
(skb_queue_len(&audit_retry_queue) >= audit_backlog_limit))
Otherwise we get false for case `(skb_queue_len(&audit_retry_queue) ==
audit_backlog_limit)` which was true for the old implementation.
Paul, how do you think about it?
Eiichi