Truncated log entries
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Wed Oct 27 18:32:23 UTC 2004
On Wed, 27 Oct 2004 13:26:35 EDT, Stephen Smalley said:
> SELinux was migrated from using printk to using the kernel audit
> framework developed by RedHat a while back. We started getting bug
> reports about truncated audit messages not long after...
There's this code in kernel/audit.c, in audit_log_drain():
if (!audit_pid) { /* No daemon */
int offset = ab->nlh ? NLMSG_SPACE(0) : 0;
int len = skb->len - offset;
printk(KERN_ERR "%*.*s\n",
len, len, skb->data + offset);
}
That len/offset look racy to me. It's called from audit_log_end_fast(),
which checks for calls in IRQ context, but I'm not seeing where we do any SMP
or PREEMPT locking.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20041027/92b5ec0d/attachment.sig>
More information about the fedora-selinux-list
mailing list