lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1270498586-24226-1-git-send-email-eparis@redhat.com>
Date:	Mon,  5 Apr 2010 16:16:26 -0400
From:	Eric Paris <eparis@...hat.com>
To:	torvalds@...ux-foundation.org
Cc:	viro@...iv.linux.org.uk, linux-kernel@...r.kernel.org,
	linux-audit@...hat.com
Subject: [PATCH] audit: preface audit printk with audit

There have been a number of reports of people seeing the message:
"name_count maxed, losing inode data: dev=00:05, inode=3185"
in dmesg.  These usually lead to people reporting problems to the filesystem
group who are in turn clueless what they mean.  Eventually someone finds me
and I explain what is going on and that these come from the audit system.
The basics of the problem is that the audit subsystem never expects a single
syscall to 'interact' (for some wish washy meaning of interact)  with more
than 20 inodes.  But in fact some operations like loading kernel modules can
cause changes to lots of inodes in debugfs.  There are a couple real fixes
being bandied about including removing the fixed compile time limit of 20 or
not auditing changes in debugfs (or both) but neither are small and obvious
so I am not sending them for immediate inclusion (I hope Al forwards a real
solution next devel window).  In the meantime this patch simply adds 'audit'
to the beginning of the crap message so if a user sees it, they come
blame me first and we can talk about what it means and make sure we understand
all of the reasons it can happen and make sure this gets solved correctly
in the long run.

Signed-off-by: Eric Paris <eparis@...hat.com>
---
 kernel/auditsc.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index f3a461c..d6de684 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1893,7 +1893,7 @@ static int audit_inc_name_count(struct audit_context *context,
 {
 	if (context->name_count >= AUDIT_NAMES) {
 		if (inode)
-			printk(KERN_DEBUG "name_count maxed, losing inode data: "
+			printk(KERN_DEBUG "audit: name_count maxed, losing inode data: "
 			       "dev=%02x:%02x, inode=%lu\n",
 			       MAJOR(inode->i_sb->s_dev),
 			       MINOR(inode->i_sb->s_dev),
-- 
1.6.5.3

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ