Debug when audit_backlog_limit reserves are used for bypassing the queue
limits by listing timing, process and queue length.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
kernel/audit.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index 795d604..d4e19fc 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1391,6 +1391,14 @@ struct audit_buffer *audit_log_start(struct
audit_context *ctx, gfp_t gfp_mask,
reserve = 0;
rcu_read_unlock();
}
+
+ if (reserve) {
+ pr_warn("( %lu %lu )"
+ " Qreq apid=%d pid=%d comm=%s type=%d reserve=%d
Qlen=%d\n",
+ timeout_start, jiffies-timeout_start,
+ audit_pid, current->pid, current->comm, type, reserve,
skb_queue_len(&audit_skb_queue));
+ }
+
while (audit_backlog_limit
&& skb_queue_len(&audit_skb_queue) > audit_backlog_limit +
reserve) {
if (gfp_mask & __GFP_WAIT && audit_backlog_wait_time) {
--
1.7.1
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
