[PATCH] audit: preface audit printk with audit

From: Eric Paris
Date: Mon Apr 05 2010 - 16:16:46 EST

There have been a number of reports of people seeing the message:
"name_count maxed, losing inode data: dev=00:05, inode=3185"
in dmesg. These usually lead to people reporting problems to the filesystem
group who are in turn clueless what they mean. Eventually someone finds me
and I explain what is going on and that these come from the audit system.
The basics of the problem is that the audit subsystem never expects a single
syscall to 'interact' (for some wish washy meaning of interact) with more
than 20 inodes. But in fact some operations like loading kernel modules can
cause changes to lots of inodes in debugfs. There are a couple real fixes
being bandied about including removing the fixed compile time limit of 20 or
not auditing changes in debugfs (or both) but neither are small and obvious
so I am not sending them for immediate inclusion (I hope Al forwards a real
solution next devel window). In the meantime this patch simply adds 'audit'
to the beginning of the crap message so if a user sees it, they come
blame me first and we can talk about what it means and make sure we understand
all of the reasons it can happen and make sure this gets solved correctly
in the long run.

Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
kernel/auditsc.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index f3a461c..d6de684 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1893,7 +1893,7 @@ static int audit_inc_name_count(struct audit_context *context,
if (context->name_count >= AUDIT_NAMES) {
if (inode)
- printk(KERN_DEBUG "name_count maxed, losing inode data: "
+ printk(KERN_DEBUG "audit: name_count maxed, losing inode data: "
"dev=%02x:%02x, inode=%lu\n",

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/