Was (OR statement): `if (!audit_backlog_limit || skb_queue_len(&audit_retry_queue) < audit_backlog_limit)
On May 10, 2023, at 15:54, Rinat Gadelshin <rgadelsh@xxxxxxxxx> wrote:Hi Rinat
Hi Eiichi!
Just one one for your patch.
On 08.05.2023 10:58, Eiichi Tsukata wrote:
Currently audit queue full checks are done in multiple places.It seems that we should use `>=` here.
Consolidate them into one audit_queue_full().
Signed-off-by: Eiichi Tsukata <eiichi.tsukata@xxxxxxxxxxx>
---
kernel/audit.c | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index 9bc0b0301198..c15694e1a76b 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -341,6 +341,12 @@ static inline int audit_rate_check(void)
return retval;
}
+static inline int audit_queue_full(const struct sk_buff_head *queue)
+{
+ return audit_backlog_limit &&
+ (skb_queue_len(queue) > audit_backlog_limit);
Could you provide the detailed reason?
Currently queue full checks are done with ‘>’,
on the other hand queue NOT full checks are done with ‘<‘.
Looking into other similar checks in the kernel, unix_recvq_full() is using ‘>’.
Paul, how do you think about it?
Eiichi