Re: [updated patch 1/7] BSD Secure Levels: printk overhaul

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 5/20/05, Michael Halcrow <[email protected]> wrote:
> On Thu, May 19, 2005 at 01:58:06PM -0700, Andrew Morton wrote:
> > Did anyone mention printk_ratelimit()?
> 
> Third time's a charm.  :-)
> 
> I think this makes the most sense.  Module size is 18284; messages are
> globally limited, but the space savings is significant.
> 
> Signed-off by: Michael Halcrow <[email protected]>
> 
> Index: linux-2.6.12-rc4-mm2-seclvl/security/seclvl.c
> ===================================================================
> --- linux-2.6.12-rc4-mm2-seclvl.orig/security/seclvl.c  2005-05-19 15:49:51.000000000 -0500
> +++ linux-2.6.12-rc4-mm2-seclvl/security/seclvl.c       2005-05-19 16:33:20.000000000 -0500
> @@ -102,21 +102,25 @@
>  #define MY_NAME "seclvl"
> 
>  /**
> - * This time-limits log writes to one per second.
> + * This time-limits log writes to one per second for every message
> + * type.
>  */
> -#define seclvl_printk(verb, type, fmt, arg...)                 \
> -       do {                                                    \
> -               if (verbosity >= verb) {                        \
> -                       static unsigned long _prior;            \
> -                       unsigned long _now = jiffies;           \
> -                       if ((_now - _prior) > HZ) {             \
> -                               printk(type "%s: %s: " fmt,     \
> -                                       MY_NAME, __FUNCTION__ , \
> -                                       ## arg);                \
> -                               _prior = _now;                  \
> -                       }                                       \
> -               }                                               \
> -       } while (0)
> +static void __seclvl_printk(int verb, const char *fmt, ...)
> +{
> +       va_list args;
> +       va_start(args, fmt);
> +       if (verbosity >= verb && printk_ratelimit()) {
> +               vprintk(fmt, args);
> +       }
> +       va_end(args);
> +}
> +
> +/**
> + * Breaking the printk up into a macro and a function saves some text
> + * space.
> + */
> +#define seclvl_printk(verb, type, fmt, arg...) \
> +        __seclvl_printk((verb), type "%s: " fmt, __FUNCTION__, ## arg);
> 
>  /**
>  * kobject stuff
> @@ -711,7 +715,7 @@
>                goto exit;
>        }
>        seclvl_printk(0, KERN_INFO, "seclvl: Successfully initialized.\n");
> - exit:
> +      exit:
>        if (rc) {
>                printk(KERN_ERR "seclvl: Error during initialization: rc = "
>                       "[%d]\n", rc);
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
> 

i disklike the fact that the rate limit is based on 1 sec. how about
finer-grain limit?

it is best to let user to config the litmit. 1 sec is too raw to some purpose.

regards,
aq
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux