diff options
Diffstat (limited to 'sys/security/audit/audit_pipe.c')
-rw-r--r-- | sys/security/audit/audit_pipe.c | 22 |
1 files changed, 9 insertions, 13 deletions
diff --git a/sys/security/audit/audit_pipe.c b/sys/security/audit/audit_pipe.c index 399f270..a50b922 100644 --- a/sys/security/audit/audit_pipe.c +++ b/sys/security/audit/audit_pipe.c @@ -424,17 +424,22 @@ audit_pipe_preselect(au_id_t auid, au_event_t event, au_class_t class, /* * Append individual record to a queue -- allocate queue-local buffer, and - * add to the queue. We try to drop from the head of the queue so that more - * recent events take precedence over older ones, but if allocation fails we - * do drop the new event. + * add to the queue. If the queue is full or we can't allocate memory, drop + * the newest record. */ static void audit_pipe_append(struct audit_pipe *ap, void *record, u_int record_len) { - struct audit_pipe_entry *ape, *ape_remove; + struct audit_pipe_entry *ape; AUDIT_PIPE_LOCK_ASSERT(ap); + if (ap->ap_qlen >= ap->ap_qlimit) { + ap->ap_drops++; + audit_pipe_drops++; + return; + } + ape = malloc(sizeof(*ape), M_AUDIT_PIPE_ENTRY, M_NOWAIT | M_ZERO); if (ape == NULL) { ap->ap_drops++; @@ -453,15 +458,6 @@ audit_pipe_append(struct audit_pipe *ap, void *record, u_int record_len) bcopy(record, ape->ape_record, record_len); ape->ape_record_len = record_len; - if (ap->ap_qlen >= ap->ap_qlimit) { - ape_remove = TAILQ_FIRST(&ap->ap_queue); - TAILQ_REMOVE(&ap->ap_queue, ape_remove, ape_queue); - audit_pipe_entry_free(ape_remove); - ap->ap_qlen--; - ap->ap_drops++; - audit_pipe_drops++; - } - TAILQ_INSERT_TAIL(&ap->ap_queue, ape, ape_queue); ap->ap_inserts++; ap->ap_qlen++; |