Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp1040239pxm; Wed, 23 Feb 2022 16:36:05 -0800 (PST) X-Google-Smtp-Source: ABdhPJzTMMofvfF3QGbvfRPbzh+Jb9PcebItD5AuHqgJxfXyLTd+dkTiR8YNTZBEpUQkHPr2CUkv X-Received: by 2002:a63:a66:0:b0:373:c36b:e500 with SMTP id z38-20020a630a66000000b00373c36be500mr272266pgk.419.1645662965237; Wed, 23 Feb 2022 16:36:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645662965; cv=none; d=google.com; s=arc-20160816; b=RL0CqmURPSDm+WGDX8fikw5VN/8cVp4l7a3o0FdHT0y6Ee4IdQ8hTwmzTOp3bmxBIW 6r6BHt+zik99j3pduJ1aPPU5NwyuV7vBLil4YwEfC1JMgNsQ8hARsqerexjeus24/CCo zoYEjzDNNrCKXjk84KAOG7I3YhOQLiXAOwngGJ2AYGXII3RS4+2ZG6pHB6H5M1LloHZy rOoJLe+sWfjbTy/YgBJRyUrOE4GIDPcwRzK2SEd2be3Y+ARC9rnLOyvAD2wtfNM3SFlT mB1OJ7sr1EuCIk+N3yNtlslyf1FuefY2z7NY/qWS/XLV7Q7WCoyM5hZegnE00D6Rxih1 zZZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=tOdtQsD1VsQRojjC27x081SoEhZfQtYMFcPxugWRn94=; b=xT8gSha3VN0GWeDGNVyVwS+Se5pU860UOR0rk4WRbPszmZn4wogCuHOQa9UoaG0xWa aJNqWtRboIVB31vC5LUpRY/R8proV5ABOzhMeCQpTxjT0sxQYqJ52luQP8LTa3IDDW1+ N8hW0xVBo/O9nAbYlcQKhGQSh3OTbtyJIyk3GspTOuaWGpCuo1fMMMK0LPUJOaaaNCrR ERhvhZt+TMtjHLUJG6o9Qn3zionE0/vqHT0KmzJ+EbL+zspsH4vG2xMx8jDB2cYlsGzU o1d/W05nELIWBPlGmWNAJ4KOdGdParKFkU8HLOao5KBvaqPGblhPCqP4TfJA2lv978W2 fMqw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=36vJxHpt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id s23si1006500plq.107.2022.02.23.16.36.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 23 Feb 2022 16:36:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=36vJxHpt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id E2005A888A; Wed, 23 Feb 2022 16:34:57 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243020AbiBWWA7 (ORCPT + 99 others); Wed, 23 Feb 2022 17:00:59 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33836 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242431AbiBWWA5 (ORCPT ); Wed, 23 Feb 2022 17:00:57 -0500 Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 53A8150444 for ; Wed, 23 Feb 2022 14:00:28 -0800 (PST) Received: by mail-ed1-x534.google.com with SMTP id w3so252435edu.8 for ; Wed, 23 Feb 2022 14:00:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tOdtQsD1VsQRojjC27x081SoEhZfQtYMFcPxugWRn94=; b=36vJxHpt8n+pnNjNnZkCtrfZT/CZanJZXF9/Jq8zXIxvPFQyTpfdIHIJH8KTVpg7GL QWM6UIz/3bP4hCA9w7mcaE/SHD1x8hQSlc2eXWV7O2JKNfJN75ZSz1h8pnFN8NL4Z5hw KC1r0pBjdXQ6ARO9BSaa7FhxtjstcBQRCeihR5VHRZbZLlTa4xTYBvj9X6de0dFKZRu1 s0aIYry/ZocYJpUEz4OhlY+HsbbyKjgI6x2RgaUAfRo20UZIFCiSAEspNEJeS8mP0SCN BkfPx2aw1oGLa3WWS+OTvfppB8n8ok3OSRbK51LTAlPDIVPS512lGenbPJP1jbC7JTkY j31g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tOdtQsD1VsQRojjC27x081SoEhZfQtYMFcPxugWRn94=; b=wJxC0FpawC63bGZZ61qwaa2Oc2Qj/e6NLB5M0F2vusjU6E/8waKiZwksDjIjnNNslH XcGzF0K8U48b7olvD8+1zQlRrjWiFIhwZLi+Pz8RCFmZcX/cwV98PlunotAAopBuZod9 CtbE5NrkR3Xdy6aTEz/c5D/UvvjPFAU+bDHCnMZVAhxZc3UEC98Yla6xLHvPj2WM03SU tjLis1n7sxyBduUndVOOB4v4nGYDo8HlmOUiOYHOSGFEKKgQQsXAF681XIMqxRYzhQGj AKlQenLTJNnNel4w4G4IoudTuQWSToKc8j4X0fjQHYdvZPejtcHJmHd6xKL9USPKGq+R gKCg== X-Gm-Message-State: AOAM530BuJt2CWDhUflosIHhTRCTI9n0PaxrnS6pNPkqEeunih7HCEff Te09rbBqCMS2nWxR2A8IxCDi1h7oSd6c46W8ZtGF X-Received: by 2002:a50:e004:0:b0:410:a39b:e30c with SMTP id e4-20020a50e004000000b00410a39be30cmr1340620edl.198.1645653626873; Wed, 23 Feb 2022 14:00:26 -0800 (PST) MIME-Version: 1.0 References: <20220223094109.192510-1-cuigaosheng1@huawei.com> In-Reply-To: <20220223094109.192510-1-cuigaosheng1@huawei.com> From: Paul Moore Date: Wed, 23 Feb 2022 17:00:15 -0500 Message-ID: Subject: Re: [PATCH -next] audit: only print records that will be dropped via printk() To: Gaosheng Cui Cc: eparis@redhat.com, linux-audit@redhat.com, linux-kernel@vger.kernel.org, wangweiyang2@huawei.com, xiujianfeng@huawei.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Feb 23, 2022 at 4:41 AM Gaosheng Cui wrote: > > When an admin enables audit at early boot via the "audit=1" kernel > command line, netlink send errors seen will cause the audit subsystem > to drop some records or return records to the queue. And all records > will be printed via printk() in the kauditd_hold_skb(), but actually > only the records that will be dropped need to be printed via printk(). > > Signed-off-by: Gaosheng Cui > --- > kernel/audit.c | 9 +++++---- > 1 file changed, 5 insertions(+), 4 deletions(-) When records are moved to the hold queue the system is in a bad state so printing the record via printk() regardless of if the record is able to be successfully queued or dropped is important. If this is happening frequently on your system, this is likely a sign your system is misconfigured. -- paul-moore.com