On Wed, 2004-10-27 at 14:32, Valdis.Kletnieks@vt.edu wrote:
There's this code in kernel/audit.c, in audit_log_drain():
if (!audit_pid) { /* No daemon */ int offset = ab->nlh ? NLMSG_SPACE(0) : 0; int len = skb->len - offset; printk(KERN_ERR "%*.*s\n", len, len, skb->data + offset); }
That len/offset look racy to me. It's called from audit_log_end_fast(), which checks for calls in IRQ context, but I'm not seeing where we do any SMP or PREEMPT locking.
I think that's ok, as it is acting upon an audit buffer that was necessarily allocated by and only accessible to the same thread (by audit_log_start).