Debug when audit_backlog_limit reserves are used for bypassing the queue limits by listing timing, process and queue length.
Signed-off-by: Richard Guy Briggs <r...@redhat.com> --- kernel/audit.c | 8 ++++++++ 1 files changed, 8 insertions(+), 0 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 795d604..d4e19fc 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1391,6 +1391,14 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, reserve = 0; rcu_read_unlock(); } + + if (reserve) { + pr_warn("( %lu %lu )" + " Qreq apid=%d pid=%d comm=%s type=%d reserve=%d Qlen=%d\n", + timeout_start, jiffies-timeout_start, + audit_pid, current->pid, current->comm, type, reserve, skb_queue_len(&audit_skb_queue)); + } + while (audit_backlog_limit && skb_queue_len(&audit_skb_queue) > audit_backlog_limit + reserve) { if (gfp_mask & __GFP_WAIT && audit_backlog_wait_time) { -- 1.7.1 -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit