Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\audit.c Create Date:2022-07-28 11:22:21
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:audit_log_lost - conditionally log lost audit message event*@message: the message stating reason for lost audit message* Emit at least 1 message per second, even if audit_rate_check is* throttling.* Always increment the lost messages counter.

Proto:void audit_log_lost(const char *message)

Type:void

Parameter:

TypeParameterName
const char *message
350  last_msg = 0
351  DEFINE_SPINLOCK(lock)
356  atomic_inc( & Records can be lost in several ways:0) [suppressed in audit_alloc]1) out of memory in audit_log_start [kmalloc of struct audit_buffer]2) out of memory in audit_log_move [alloc_skb]3) suppressed due to audit_rate_limit4) suppressed due to )
358  print = If auditing cannot proceed, audit_failure selects what happens. == AUDIT_FAIL_PANIC || Not If audit_rate_limit is non-zero, limit the rate of sending audit records* to that number per second. This prevents DoS attacks, but results in* audit records being dropped.
360  If Not print Then
361  spin_lock_irqsave( & lock, flags)
362  now = jiffies
363  If now - last_msg > HZ Then
364  print = 1
365  last_msg = now
367  spin_unlock_irqrestore( & lock, flags)
370  If print Then
371  If printk_ratelimit() Then pr_warn("audit_lost=%u audit_rate_limit=%u audit_backlog_limit=%u\n", atomic_read( & Records can be lost in several ways:0) [suppressed in audit_alloc]1) out of memory in audit_log_start [kmalloc of struct audit_buffer]2) out of memory in audit_log_move [alloc_skb]3) suppressed due to audit_rate_limit4) suppressed due to ), If audit_rate_limit is non-zero, limit the rate of sending audit records* to that number per second. This prevents DoS attacks, but results in* audit records being dropped. , Number of outstanding audit_buffers allowed.* When set to zero, this means unlimited. )
376  audit_panic(message)
Caller
NameDescribe
kauditd_hold_skbkauditd_hold_skb - Queue an audit record, waiting for auditd*@skb: audit record* Description:* Queue the audit record, waiting for an instance of auditd. When this* function is called we haven't given up yet on sending the record, but things
audit_log_startaudit_log_start - obtain an audit buffer*@ctx: audit_context (may be NULL)*@gfp_mask: type of allocation*@type: audit message type* Returns audit_buffer pointer on success or NULL on error
audit_expandaudit_expand - expand skb in the audit buffer*@ab: audit_buffer*@extra: space to add at tail of the skb* Returns 0 (no space) on failed expansion, or available space if* successful.
audit_log_endaudit_log_end - end one audit record*@ab: the audit_buffer* We can not do a netlink send inside an irq context because it blocks (last* arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed on a* queue and a tasklet is scheduled to remove
audit_allocaudit_alloc - allocate an audit context block for a task*@tsk: task* Filter on the task information and allocate a per-task audit context* if necessary. Doing so turns on system call auditing for the* specified task
__audit_log_kern_module