diff --git a/kernel/audit.c b/kernel/audit.c index c6e31d209c41f507585a9ae45aacc2d4bc8f3bd2..993e445418a71f8eb272ef56e9d6152caf7f8037 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -138,16 +138,18 @@ struct audit_buffer { struct list_head list; struct sk_buff *skb; /* formatted skb ready to send */ struct audit_context *ctx; /* NULL or associated context */ - int len; /* used area of tmp */ - int size; /* size of tmp */ - char *tmp; - int type; - int pid; }; void audit_set_type(struct audit_buffer *ab, int type) { - ab->type = type; + struct nlmsghdr *nlh = (struct nlmsghdr *)ab->skb->data; + nlh->nlmsg_type = type; +} + +static void audit_set_pid(struct audit_buffer *ab, pid_t pid) +{ + struct nlmsghdr *nlh = (struct nlmsghdr *)ab->skb->data; + nlh->nlmsg_pid = pid; } struct audit_entry { @@ -405,8 +407,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) (int)(nlh->nlmsg_len - ((char *)data - (char *)nlh)), loginuid, (char *)data); - ab->type = AUDIT_USER; - ab->pid = pid; + audit_set_type(ab, AUDIT_USER); + audit_set_pid(ab, pid); audit_log_end(ab); break; case AUDIT_ADD: @@ -476,42 +478,7 @@ static void audit_receive(struct sock *sk, int length) up(&audit_netlink_sem); } -/* Move data from tmp buffer into an skb. This is an extra copy, and - * that is unfortunate. However, the copy will only occur when a record - * is being written to user space, which is already a high-overhead - * operation. (Elimination of the copy is possible, for example, by - * writing directly into a pre-allocated skb, at the cost of wasting - * memory. */ -static void audit_log_move(struct audit_buffer *ab) -{ - struct sk_buff *skb; - struct nlmsghdr *nlh; - char *start; - int len = NLMSG_SPACE(0) + ab->len + 1; - - /* possible resubmission */ - if (ab->skb) - return; - - skb = alloc_skb(len, GFP_ATOMIC); - if (!skb) { - /* Lose information in ab->tmp */ - audit_log_lost("out of memory in audit_log_move"); - return; - } - ab->skb = skb; - nlh = (struct nlmsghdr *)skb_put(skb, NLMSG_SPACE(0)); - nlh->nlmsg_type = ab->type; - nlh->nlmsg_len = ab->len; - nlh->nlmsg_flags = 0; - nlh->nlmsg_pid = ab->pid; - nlh->nlmsg_seq = 0; - start = skb_put(skb, ab->len); - memcpy(start, ab->tmp, ab->len); -} - -/* Iterate over the skbuff in the audit_buffer, sending their contents - * to user space. */ +/* Grab skbuff from the audit_buffer and send to user space. */ static inline int audit_log_drain(struct audit_buffer *ab) { struct sk_buff *skb = ab->skb; @@ -520,6 +487,8 @@ static inline int audit_log_drain(struct audit_buffer *ab) int retval = 0; if (audit_pid) { + struct nlmsghdr *nlh = (struct nlmsghdr *)skb->data; + nlh->nlmsg_len = skb->len; skb_get(skb); /* because netlink_* frees */ retval = netlink_unicast(audit_sock, skb, audit_pid, MSG_DONTWAIT); @@ -544,7 +513,6 @@ static inline int audit_log_drain(struct audit_buffer *ab) skb->data[offset + len] = '\0'; printk(KERN_ERR "%s\n", skb->data + offset); } - kfree_skb(skb); } return 0; } @@ -615,7 +583,8 @@ static void audit_buffer_free(struct audit_buffer *ab) if (!ab) return; - kfree(ab->tmp); + if (ab->skb) + kfree_skb(ab->skb); atomic_dec(&audit_backlog); spin_lock_irqsave(&audit_freelist_lock, flags); if (++audit_freelist_count > AUDIT_MAXFREE) @@ -630,6 +599,7 @@ static struct audit_buffer * audit_buffer_alloc(struct audit_context *ctx, { unsigned long flags; struct audit_buffer *ab = NULL; + struct nlmsghdr *nlh; spin_lock_irqsave(&audit_freelist_lock, flags); if (!list_empty(&audit_freelist)) { @@ -647,16 +617,16 @@ static struct audit_buffer * audit_buffer_alloc(struct audit_context *ctx, } atomic_inc(&audit_backlog); - ab->tmp = kmalloc(AUDIT_BUFSIZ, GFP_ATOMIC); - if (!ab->tmp) + ab->skb = alloc_skb(AUDIT_BUFSIZ, GFP_ATOMIC); + if (!ab->skb) goto err; - ab->skb = NULL; ab->ctx = ctx; - ab->len = 0; - ab->size = AUDIT_BUFSIZ; - ab->type = AUDIT_KERNEL; - ab->pid = 0; + nlh = (struct nlmsghdr *)skb_put(ab->skb, NLMSG_SPACE(0)); + nlh->nlmsg_type = AUDIT_KERNEL; + nlh->nlmsg_flags = 0; + nlh->nlmsg_pid = 0; + nlh->nlmsg_seq = 0; return ab; err: audit_buffer_free(ab); @@ -711,7 +681,7 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx) } /** - * audit_expand - expand tmp buffer in the audit buffer + * audit_expand - expand skb in the audit buffer * @ab: audit_buffer * * Returns 0 (no space) on failed expansion, or available space if @@ -719,17 +689,14 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx) */ static inline int audit_expand(struct audit_buffer *ab) { - char *tmp; - int len = ab->size + AUDIT_BUFSIZ; - - tmp = kmalloc(len, GFP_ATOMIC); - if (!tmp) + struct sk_buff *skb = ab->skb; + int ret = pskb_expand_head(skb, skb_headroom(skb), AUDIT_BUFSIZ, + GFP_ATOMIC); + if (ret < 0) { + audit_log_lost("out of memory in audit_expand"); return 0; - memcpy(tmp, ab->tmp, ab->len); - kfree(ab->tmp); - ab->tmp = tmp; - ab->size = len; - return ab->size - ab->len; + } + return skb_tailroom(skb); } /* Format an audit message into the audit buffer. If there isn't enough @@ -740,17 +707,20 @@ static void audit_log_vformat(struct audit_buffer *ab, const char *fmt, va_list args) { int len, avail; + struct sk_buff *skb; if (!ab) return; - avail = ab->size - ab->len; - if (avail <= 0) { + BUG_ON(!ab->skb); + skb = ab->skb; + avail = skb_tailroom(skb); + if (avail == 0) { avail = audit_expand(ab); if (!avail) goto out; } - len = vsnprintf(ab->tmp + ab->len, avail, fmt, args); + len = vsnprintf(skb->tail, avail, fmt, args); if (len >= avail) { /* The printk buffer is 1024 bytes long, so if we get * here and AUDIT_BUFSIZ is at least 1024, then we can @@ -758,9 +728,9 @@ static void audit_log_vformat(struct audit_buffer *ab, const char *fmt, avail = audit_expand(ab); if (!avail) goto out; - len = vsnprintf(ab->tmp + ab->len, avail, fmt, args); + len = vsnprintf(skb->tail, avail, fmt, args); } - ab->len += (len < avail) ? len : avail; + skb_put(skb, (len < avail) ? len : avail); out: return; } @@ -808,21 +778,22 @@ void audit_log_d_path(struct audit_buffer *ab, const char *prefix, struct dentry *dentry, struct vfsmount *vfsmnt) { char *p; + struct sk_buff *skb = ab->skb; int len, avail; if (prefix) audit_log_format(ab, " %s", prefix); - avail = ab->size - ab->len; - p = d_path(dentry, vfsmnt, ab->tmp + ab->len, avail); + avail = skb_tailroom(skb); + p = d_path(dentry, vfsmnt, skb->tail, avail); if (IS_ERR(p)) { /* FIXME: can we save some information here? */ audit_log_format(ab, ""); } else { - /* path isn't at start of buffer */ - len = (ab->tmp + ab->size - 1) - p; - memmove(ab->tmp + ab->len, p, len); - ab->len += len; + /* path isn't at start of buffer */ + len = ((char *)skb->tail + avail - 1) - p; + memmove(skb->tail, p, len); + skb_put(skb, len); } } @@ -873,7 +844,6 @@ static void audit_log_end_fast(struct audit_buffer *ab) if (!audit_rate_check()) { audit_log_lost("rate limit exceeded"); } else { - audit_log_move(ab); if (audit_log_drain(ab)) return; }