Re: [ARCHIVE DEBUG 03/13] audit_debug: proc instrumentation

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Steve Grubb <sgrubb@redhat.com>
To: Richard Guy Briggs <rgb@redhat.com>
Cc: linux-audit@redhat.com
Subject: Re: [ARCHIVE DEBUG 03/13] audit_debug: proc instrumentation
Date: Thu, 22 Oct 2015 15:23:27 -0400	[thread overview]
Message-ID: <5833313.p0DdKMxStc@x2> (raw)
In-Reply-To: <a7b545c7cb12dda1c637f0dbde0ffb290a53d2e1.1445536765.git.rgb@redhat.com>

What is the permissions on this? Who can view it?

-Steve

On Thursday, October 22, 2015 02:58:49 PM Richard Guy Briggs wrote:
> Add a /proc/audit entry for debugging to instrument many audit subsystem
> internal parameters not normally visible.
> 
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> ---
>  include/linux/skbuff.h |   16 ++++++++++++++++
>  kernel/audit.c         |   48
> ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 64
> insertions(+), 0 deletions(-)
> 
> diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
> index f54d665..bcde922 100644
> --- a/include/linux/skbuff.h
> +++ b/include/linux/skbuff.h
> @@ -180,6 +180,7 @@ struct sk_buff_head {
> 
>  	__u32		qlen;
>  	spinlock_t	lock;
> +	__u32		qlen_max;
>  };
> 
>  struct sk_buff;
> @@ -1301,6 +1302,11 @@ static inline __u32 skb_queue_len(const struct
> sk_buff_head *list_) return list_->qlen;
>  }
> 
> +static inline __u32 skb_queue_len_max(const struct sk_buff_head *list_)
> +{
> +	return list_->qlen_max;
> +}
> +
>  /**
>   *	__skb_queue_head_init - initialize non-spinlock portions of sk_buff_head
> *	@list: queue to initialize
> @@ -1354,6 +1360,8 @@ static inline void __skb_insert(struct sk_buff *newsk,
> newsk->prev = prev;
>  	next->prev  = prev->next = newsk;
>  	list->qlen++;
> +	if(list->qlen > list->qlen_max)
> +		list->qlen_max = list->qlen;
>  }
> 
>  static inline void __skb_queue_splice(const struct sk_buff_head *list,
> @@ -1381,6 +1389,8 @@ static inline void skb_queue_splice(const struct
> sk_buff_head *list, if (!skb_queue_empty(list)) {
>  		__skb_queue_splice(list, (struct sk_buff *) head, head->next);
>  		head->qlen += list->qlen;
> +		if(head->qlen > head->qlen_max)
> +			head->qlen_max = head->qlen;
>  	}
>  }
> 
> @@ -1397,6 +1407,8 @@ static inline void skb_queue_splice_init(struct
> sk_buff_head *list, if (!skb_queue_empty(list)) {
>  		__skb_queue_splice(list, (struct sk_buff *) head, head->next);
>  		head->qlen += list->qlen;
> +		if(head->qlen > head->qlen_max)
> +			head->qlen_max = head->qlen;
>  		__skb_queue_head_init(list);
>  	}
>  }
> @@ -1412,6 +1424,8 @@ static inline void skb_queue_splice_tail(const struct
> sk_buff_head *list, if (!skb_queue_empty(list)) {
>  		__skb_queue_splice(list, head->prev, (struct sk_buff *) head);
>  		head->qlen += list->qlen;
> +		if(head->qlen > head->qlen_max)
> +			head->qlen_max = head->qlen;
>  	}
>  }
> 
> @@ -1429,6 +1443,8 @@ static inline void skb_queue_splice_tail_init(struct
> sk_buff_head *list, if (!skb_queue_empty(list)) {
>  		__skb_queue_splice(list, head->prev, (struct sk_buff *) head);
>  		head->qlen += list->qlen;
> +		if(head->qlen > head->qlen_max)
> +			head->qlen_max = head->qlen;
>  		__skb_queue_head_init(list);
>  	}
>  }
> diff --git a/kernel/audit.c b/kernel/audit.c
> index d4e19fc..82df9fd 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -124,6 +124,7 @@ u32		audit_sig_sid = 0;
>     4) suppressed due to audit_backlog_limit
>  */
>  static atomic_t    audit_lost = ATOMIC_INIT(0);
> +static atomic_t    audit_hold_lost = ATOMIC_INIT(0);
> 
>  /* The netlink socket. */
>  static struct sock *audit_sock;
> @@ -381,7 +382,10 @@ static void audit_hold_skb(struct sk_buff *skb)
>  	     skb_queue_len(&audit_skb_hold_queue) < audit_backlog_limit))
>  		skb_queue_tail(&audit_skb_hold_queue, skb);
>  	else
> +	{
>  		kfree_skb(skb);
> +		atomic_inc(&audit_hold_lost);
> +	}
>  }
> 
>  /*
> @@ -510,7 +514,10 @@ static void flush_hold_queue(void)
>  	 * dequeued an skb we need to drop ref
>  	 */
>  	if (skb)
> +	{
>  		consume_skb(skb);
> +		atomic_inc(&audit_hold_lost);
> +	}
>  }
> 
>  static int kauditd_thread(void *dummy)
> @@ -1174,6 +1181,45 @@ static struct pernet_operations audit_net_ops
> __net_initdata = { .size = sizeof(struct audit_net),
>  };
> 
> +/* Display information about audit subsystem */
> +static int proc_auditstats_show(struct seq_file *m, void *v)
> +{
> +	//seq_printf(m, "audit_initialized\t%d\n", audit_initialized);
> +	//seq_printf(m, "audit_enabled\t%u\n", audit_enabled);
> +	//seq_printf(m, "audit_ever_enabled\t%u\n", audit_ever_enabled);
> +	//seq_printf(m, "audit_default\t%u\n", audit_default);
> +	//seq_printf(m, "audit_failure\t%u\n", audit_failure);
> +	seq_printf(m, "audit_pid\t\t\t%d\n", audit_pid);
> +	//seq_printf(m, "audit_nlk_portid\t%u\n", audit_nlk_portid);
> +	//seq_printf(m, "audit_rate_limit\t%u\n", audit_rate_limit);
> +	//seq_printf(m, "audit_backlog_limit\t%u\n", audit_backlog_limit);
> +	//seq_printf(m, "audit_backlog_wait_time\t%u\n", audit_backlog_wait_time);
> +	//seq_printf(m, "audit_sig_uid\t%u\n", from_kuid(&init_user_ns,
> audit_sig_uid)); +	//seq_printf(m, "audit_sig_pid\t%d\n", audit_sig_pid);
> +	//seq_printf(m, "audit_sig_sid\t%u\n", audit_sig_sid);
> +	seq_printf(m, "audit_lost\t\t\t%d\n", atomic_read(&audit_lost));
> +	seq_printf(m, "audit_hold_lost\t\t\t%d\n", atomic_read(&audit_hold_lost));
> +	seq_printf(m, "audit_freelist_count\t\t%u\n", audit_freelist_count);
> +	seq_printf(m, "audit_skb_queue len\t\t%d\n",
> skb_queue_len(&audit_skb_queue)); +	seq_printf(m, "audit_skb_queue
> len_max\t\t%d\n", skb_queue_len_max(&audit_skb_queue)); +	seq_printf(m,
> "audit_skb_hold_queue len\t%d\n", skb_queue_len(&audit_skb_hold_queue));
> +	seq_printf(m, "audit_skb_hold_queue len_max\t%d\n",
> skb_queue_len_max(&audit_skb_hold_queue)); +
> +	return 0;
> +}
> +
> +static int auditstats_open(struct inode *inode, struct file *file)
> +{
> +	return single_open(file, proc_auditstats_show, NULL);
> +}
> +
> +static const struct file_operations proc_auditstats_operations = {
> +	.open = auditstats_open,
> +	.read = seq_read,
> +	.llseek = seq_lseek,
> +	.release = single_release,
> +};
> +
>  /* Initialize audit support at boot time. */
>  static int __init audit_init(void)
>  {
> @@ -1197,6 +1243,8 @@ static int __init audit_init(void)
>  	for (i = 0; i < AUDIT_INODE_BUCKETS; i++)
>  		INIT_LIST_HEAD(&audit_inode_hash[i]);
> 
> +	proc_create("audit", 0, NULL, &proc_auditstats_operations);
> +
>  	return 0;
>  }
>  __initcall(audit_init);

next prev parent reply	other threads:[~2015-10-22 19:23 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-10-22 18:58 [ARCHIVE DEBUG 00/13] audit_debug: diagnostics for audit internal workings Richard Guy Briggs
2015-10-22 18:58 ` [ARCHIVE DEBUG 01/13] audit_debug: set reserve to same size as backlog Richard Guy Briggs
2015-10-22 18:58 ` [ARCHIVE DEBUG 02/13] audit_debug: squawk when digging into reserve Richard Guy Briggs
2015-10-22 18:58 ` [ARCHIVE DEBUG 03/13] audit_debug: proc instrumentation Richard Guy Briggs
2015-10-22 19:23   ` Steve Grubb [this message]
2015-10-22 19:47     ` Richard Guy Briggs
2015-10-22 18:58 ` [ARCHIVE DEBUG 04/13] audit_debug: add /proc counters for overflows, waiters, recovers, reserves Richard Guy Briggs
2015-10-22 18:58 ` [ARCHIVE DEBUG 05/13] audit_debug: proc debug output easier to paste Richard Guy Briggs
2015-10-22 18:58 ` [ARCHIVE DEBUG 06/13] audit_debug: don't let systemd change config Richard Guy Briggs
2015-10-22 19:18   ` Steve Grubb
2015-10-22 19:28     ` Richard Guy Briggs
2015-10-22 18:58 ` [ARCHIVE DEBUG 07/13] audit_debug: instrument audit_cmd_mutex contention Richard Guy Briggs
2015-10-22 18:58 ` [ARCHIVE DEBUG 08/13] audit_debug: seperate out audit_titles in proc display Richard Guy Briggs
2015-10-22 18:58 ` [ARCHIVE DEBUG 09/13] netlink_debug: instrument timing of calls by init/systemd or audit_pid Richard Guy Briggs
2015-10-22 18:58 ` [ARCHIVE DEBUG 10/13] audit_debug: bark on impossible reserve process conditions in while loop Richard Guy Briggs
2015-10-22 18:58 ` [ARCHIVE DEBUG 11/13] audit_debug: instrument audit_receive timing Richard Guy Briggs
2015-10-22 18:58 ` [ARCHIVE DEBUG 12/13] audit_debug: list processes and frequencies waiting for auditd Richard Guy Briggs
2015-10-22 18:58 ` [ARCHIVE DEBUG 13/13] audit_debug: print inode nr for each path when listing exe rules Richard Guy Briggs

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5833313.p0DdKMxStc@x2 \
    --to=sgrubb@redhat.com \
    --cc=linux-audit@redhat.com \
    --cc=rgb@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.