Truncated log entries

Stephen Smalley sds at epoch.ncsc.mil
Wed Oct 27 18:34:57 UTC 2004


On Wed, 2004-10-27 at 14:32, Valdis.Kletnieks at vt.edu wrote:
> There's this code in kernel/audit.c, in audit_log_drain():
>  
>                 if (!audit_pid) { /* No daemon */
>                         int offset = ab->nlh ? NLMSG_SPACE(0) : 0;
>                         int len    = skb->len - offset;
>                         printk(KERN_ERR "%*.*s\n",
>                                len, len, skb->data + offset);
>                 }
> 
> That len/offset look racy to me.  It's called from audit_log_end_fast(),
> which checks for calls in IRQ context, but I'm not seeing where we do any SMP
> or PREEMPT locking.

I think that's ok, as it is acting upon an audit buffer that was
necessarily allocated by and only accessible to the same thread (by
audit_log_start).

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency




More information about the fedora-selinux-list mailing list