函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\audit.c Create Date:2022-07-27 12:25:15
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:audit_log_lost - conditionally log lost audit message event*@message: the message stating reason for lost audit message* Emit at least 1 message per second, even if audit_rate_check is* throttling.* Always increment the lost messages counter.

函数原型:void audit_log_lost(const char *message)

返回类型:void

参数:

类型参数名称
const char *message
350  last_msg等于0
351  DEFINE_SPINLOCK(lock)
356  atomic_inc( & Records can be lost in several ways:0) [suppressed in audit_alloc]1) out of memory in audit_log_start [kmalloc of struct audit_buffer]2) out of memory in audit_log_move [alloc_skb]3) suppressed due to audit_rate_limit4) suppressed due to )
358  print等于If auditing cannot proceed, audit_failure selects what happens. 恒等于AUDIT_FAIL_PANIC或非If audit_rate_limit is non-zero, limit the rate of sending audit records* to that number per second. This prevents DoS attacks, but results in* audit records being dropped.
360  如果非print
361  spin_lock_irqsave( & lock, flags)
362  now等于jiffies
363  如果nowlast_msg大于HZ
364  print等于1
365  last_msg等于now
367  spin_unlock_irqrestore( & lock, flags)
370  如果print
371  如果printk_ratelimit()则打印警告信息("audit_lost=%u audit_rate_limit=%u audit_backlog_limit=%u\n", atomic_read( & Records can be lost in several ways:0) [suppressed in audit_alloc]1) out of memory in audit_log_start [kmalloc of struct audit_buffer]2) out of memory in audit_log_move [alloc_skb]3) suppressed due to audit_rate_limit4) suppressed due to ), If audit_rate_limit is non-zero, limit the rate of sending audit records* to that number per second. This prevents DoS attacks, but results in* audit records being dropped. , Number of outstanding audit_buffers allowed.* When set to zero, this means unlimited. )
376  audit_panic(message)
调用者
名称描述
kauditd_hold_skbkauditd_hold_skb - Queue an audit record, waiting for auditd*@skb: audit record* Description:* Queue the audit record, waiting for an instance of auditd. When this* function is called we haven't given up yet on sending the record, but things
audit_log_start申请审计缓冲区
audit_expandaudit_expand - expand skb in the audit buffer*@ab: audit_buffer*@extra: space to add at tail of the skb* Returns 0 (no space) on failed expansion, or available space if* successful.
audit_log_end发送审计信息,并释放缓冲区
audit_alloc安全审计
__audit_log_kern_module