audit: add audit_backlog_wait_time configuration option

reaahead-collector abuses the audit logging facility to discover which files are accessed at boot time to make a pre-load list Add a tuning option to audit_backlog_wait_time so that if auditd can't keep up, or gets blocked, the callers won't be blocked. Bump audit_status API version to "2". Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com>
author: Richard Guy Briggs <rgb@redhat.com> 2013-09-18 11:55:12 -0400
committer: Eric Paris <eparis@redhat.com> 2014-01-13 22:28:45 -0500
commit: 51cc83f024ee51de9da70c17e01ec6de524f5906 (patch)
tree: 65836321a3abcd33bb913675904fde92a09df326 /kernel/audit.c
parent: 09f883a9023e7a86f92c731e80f30a9447f4bdbe (diff)
1 files changed, 29 insertions, 2 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 80b7de02947b..37ba59936dc5 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -334,6 +334,12 @@ static int audit_set_backlog_limit(int limit)
        return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit, limit);
 }
+static int audit_set_backlog_wait_time(int timeout)
+{
+        return audit_do_config_change("audit_backlog_wait_time",
+                                      &audit_backlog_wait_time, timeout);
+}
 static int audit_set_enabled(int state)
 {
        int rc;
@@ -778,7 +784,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                s.backlog_limit         = audit_backlog_limit;
                s.lost                  = atomic_read(&audit_lost);
                s.backlog               = skb_queue_len(&audit_skb_queue);
-                s.version               = 1;
+                s.version               = 2;
+                s.backlog_wait_time     = audit_backlog_wait_time;
                audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_GET, 0, 0,
                                 &s, sizeof(s));
                break;
@@ -812,8 +819,28 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                        if (err < 0)
                                return err;
                }
-                if (s.mask & AUDIT_STATUS_BACKLOG_LIMIT)
+                if (s.mask & AUDIT_STATUS_BACKLOG_LIMIT) {
                        err = audit_set_backlog_limit(s.backlog_limit);
+                        if (err < 0)
+                                return err;
+                }
+                switch (s.version) {
+                /* add future vers # cases immediately below and allow
+                 * to fall through */
+                case 2:
+                        if (s.mask & AUDIT_STATUS_BACKLOG_WAIT_TIME) {
+                                if (sizeof(s) > (size_t)nlh->nlmsg_len)
+                                        return -EINVAL;
+                                if (s.backlog_wait_time < 0 ||
+                                    s.backlog_wait_time > 10*AUDIT_BACKLOG_WAIT_TIME)
+                                        return -EINVAL;
+                                err = audit_set_backlog_wait_time(s.backlog_wait_time);
+                                if (err < 0)
+                                        return err;
+                        }
+                default:
+                        break;
+                }
                break;
        }
        case AUDIT_GET_FEATURE:
author	Richard Guy Briggs <rgb@redhat.com>	2013-09-18 11:55:12 -0400
committer	Eric Paris <eparis@redhat.com>	2014-01-13 22:28:45 -0500
commit	51cc83f024ee51de9da70c17e01ec6de524f5906 (patch)
tree	65836321a3abcd33bb913675904fde92a09df326 /kernel/audit.c
parent	09f883a9023e7a86f92c731e80f30a9447f4bdbe (diff)

diff --git a/kernel/audit.c b/kernel/audit.c index 80b7de02947b..37ba59936dc5 100644 --- a/kernel/audit.c +++ b/kernel/audit.c
@@ -334,6 +334,12 @@ static int audit_set_backlog_limit(int limit)
334	return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit, limit);	334	return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit, limit);
335	}	335	}
336		336
		337	static int audit_set_backlog_wait_time(int timeout)
		338	{
		339	return audit_do_config_change("audit_backlog_wait_time",
		340	&audit_backlog_wait_time, timeout);
		341	}
		342
337	static int audit_set_enabled(int state)	343	static int audit_set_enabled(int state)
338	{	344	{
339	int rc;	345	int rc;
@@ -778,7 +784,8 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
778	s.backlog_limit = audit_backlog_limit;	784	s.backlog_limit = audit_backlog_limit;
779	s.lost = atomic_read(&audit_lost);	785	s.lost = atomic_read(&audit_lost);
780	s.backlog = skb_queue_len(&audit_skb_queue);	786	s.backlog = skb_queue_len(&audit_skb_queue);
781	s.version = 1;	787	s.version = 2;
		788	s.backlog_wait_time = audit_backlog_wait_time;
782	audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_GET, 0, 0,	789	audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_GET, 0, 0,
783	&s, sizeof(s));	790	&s, sizeof(s));
784	break;	791	break;
@@ -812,8 +819,28 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
812	if (err < 0)	819	if (err < 0)
813	return err;	820	return err;
814	}	821	}
815	if (s.mask & AUDIT_STATUS_BACKLOG_LIMIT)	822	if (s.mask & AUDIT_STATUS_BACKLOG_LIMIT) {
816	err = audit_set_backlog_limit(s.backlog_limit);	823	err = audit_set_backlog_limit(s.backlog_limit);
		824	if (err < 0)
		825	return err;
		826	}
		827	switch (s.version) {
		828	/* add future vers # cases immediately below and allow
		829	* to fall through */
		830	case 2:
		831	if (s.mask & AUDIT_STATUS_BACKLOG_WAIT_TIME) {
		832	if (sizeof(s) > (size_t)nlh->nlmsg_len)
		833	return -EINVAL;
		834	if (s.backlog_wait_time < 0 \|\|
		835	s.backlog_wait_time > 10*AUDIT_BACKLOG_WAIT_TIME)
		836	return -EINVAL;
		837	err = audit_set_backlog_wait_time(s.backlog_wait_time);
		838	if (err < 0)
		839	return err;
		840	}
		841	default:
		842	break;
		843	}
817	break;	844	break;
818	}	845	}
819	case AUDIT_GET_FEATURE:	846	case AUDIT_GET_FEATURE: