diff options
| -rw-r--r-- | kernel/audit.c | 92 |
1 files changed, 36 insertions, 56 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index f4056bc331fc..e23ce6ce101f 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
| @@ -107,7 +107,6 @@ static u32 audit_rate_limit; | |||
| 107 | * When set to zero, this means unlimited. */ | 107 | * When set to zero, this means unlimited. */ |
| 108 | static u32 audit_backlog_limit = 64; | 108 | static u32 audit_backlog_limit = 64; |
| 109 | #define AUDIT_BACKLOG_WAIT_TIME (60 * HZ) | 109 | #define AUDIT_BACKLOG_WAIT_TIME (60 * HZ) |
| 110 | static u32 audit_backlog_wait_time_master = AUDIT_BACKLOG_WAIT_TIME; | ||
| 111 | static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; | 110 | static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; |
| 112 | 111 | ||
| 113 | /* The identity of the user shutting down the audit system. */ | 112 | /* The identity of the user shutting down the audit system. */ |
| @@ -345,7 +344,7 @@ static int audit_set_backlog_limit(u32 limit) | |||
| 345 | static int audit_set_backlog_wait_time(u32 timeout) | 344 | static int audit_set_backlog_wait_time(u32 timeout) |
| 346 | { | 345 | { |
| 347 | return audit_do_config_change("audit_backlog_wait_time", | 346 | return audit_do_config_change("audit_backlog_wait_time", |
| 348 | &audit_backlog_wait_time_master, timeout); | 347 | &audit_backlog_wait_time, timeout); |
| 349 | } | 348 | } |
| 350 | 349 | ||
| 351 | static int audit_set_enabled(u32 state) | 350 | static int audit_set_enabled(u32 state) |
| @@ -973,7 +972,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 973 | s.lost = atomic_read(&audit_lost); | 972 | s.lost = atomic_read(&audit_lost); |
| 974 | s.backlog = skb_queue_len(&audit_queue); | 973 | s.backlog = skb_queue_len(&audit_queue); |
| 975 | s.feature_bitmap = AUDIT_FEATURE_BITMAP_ALL; | 974 | s.feature_bitmap = AUDIT_FEATURE_BITMAP_ALL; |
| 976 | s.backlog_wait_time = audit_backlog_wait_time_master; | 975 | s.backlog_wait_time = audit_backlog_wait_time; |
| 977 | audit_send_reply(skb, seq, AUDIT_GET, 0, 0, &s, sizeof(s)); | 976 | audit_send_reply(skb, seq, AUDIT_GET, 0, 0, &s, sizeof(s)); |
| 978 | break; | 977 | break; |
| 979 | } | 978 | } |
| @@ -1454,24 +1453,6 @@ static inline void audit_get_stamp(struct audit_context *ctx, | |||
| 1454 | } | 1453 | } |
| 1455 | } | 1454 | } |
| 1456 | 1455 | ||
| 1457 | /* | ||
| 1458 | * Wait for auditd to drain the queue a little | ||
| 1459 | */ | ||
| 1460 | static long wait_for_auditd(long sleep_time) | ||
| 1461 | { | ||
| 1462 | DECLARE_WAITQUEUE(wait, current); | ||
| 1463 | |||
| 1464 | if (audit_backlog_limit && | ||
| 1465 | skb_queue_len(&audit_queue) > audit_backlog_limit) { | ||
| 1466 | add_wait_queue_exclusive(&audit_backlog_wait, &wait); | ||
| 1467 | set_current_state(TASK_UNINTERRUPTIBLE); | ||
| 1468 | sleep_time = schedule_timeout(sleep_time); | ||
| 1469 | remove_wait_queue(&audit_backlog_wait, &wait); | ||
| 1470 | } | ||
| 1471 | |||
| 1472 | return sleep_time; | ||
| 1473 | } | ||
| 1474 | |||
| 1475 | /** | 1456 | /** |
| 1476 | * audit_log_start - obtain an audit buffer | 1457 | * audit_log_start - obtain an audit buffer |
| 1477 | * @ctx: audit_context (may be NULL) | 1458 | * @ctx: audit_context (may be NULL) |
| @@ -1490,12 +1471,9 @@ static long wait_for_auditd(long sleep_time) | |||
| 1490 | struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, | 1471 | struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, |
| 1491 | int type) | 1472 | int type) |
| 1492 | { | 1473 | { |
| 1493 | struct audit_buffer *ab = NULL; | 1474 | struct audit_buffer *ab; |
| 1494 | struct timespec t; | 1475 | struct timespec t; |
| 1495 | unsigned int uninitialized_var(serial); | 1476 | unsigned int uninitialized_var(serial); |
| 1496 | int reserve = 5; /* Allow atomic callers to go up to five | ||
| 1497 | entries over the normal backlog limit */ | ||
| 1498 | unsigned long timeout_start = jiffies; | ||
| 1499 | 1477 | ||
| 1500 | if (audit_initialized != AUDIT_INITIALIZED) | 1478 | if (audit_initialized != AUDIT_INITIALIZED) |
| 1501 | return NULL; | 1479 | return NULL; |
| @@ -1503,38 +1481,40 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, | |||
| 1503 | if (unlikely(!audit_filter(type, AUDIT_FILTER_TYPE))) | 1481 | if (unlikely(!audit_filter(type, AUDIT_FILTER_TYPE))) |
| 1504 | return NULL; | 1482 | return NULL; |
| 1505 | 1483 | ||
| 1506 | if (gfp_mask & __GFP_DIRECT_RECLAIM) { | 1484 | /* don't ever fail/sleep on auditd since we need auditd to drain the |
| 1507 | if (audit_pid && audit_pid == current->tgid) | 1485 | * queue; also, when we are checking for auditd, compare PIDs using |
| 1508 | gfp_mask &= ~__GFP_DIRECT_RECLAIM; | 1486 | * task_tgid_vnr() since auditd_pid is set in audit_receive_msg() using |
| 1509 | else | 1487 | * a PID anchored in the caller's namespace */ |
| 1510 | reserve = 0; | 1488 | if (!(audit_pid && audit_pid == task_tgid_vnr(current))) { |
| 1511 | } | 1489 | long sleep_time = audit_backlog_wait_time; |
| 1512 | 1490 | ||
| 1513 | while (audit_backlog_limit | 1491 | while (audit_backlog_limit && |
| 1514 | && skb_queue_len(&audit_queue) > audit_backlog_limit + reserve) { | 1492 | (skb_queue_len(&audit_queue) > audit_backlog_limit)) { |
| 1515 | if (gfp_mask & __GFP_DIRECT_RECLAIM && audit_backlog_wait_time) { | 1493 | /* wake kauditd to try and flush the queue */ |
| 1516 | long sleep_time; | 1494 | wake_up_interruptible(&kauditd_wait); |
| 1517 | 1495 | ||
| 1518 | sleep_time = timeout_start + audit_backlog_wait_time - jiffies; | 1496 | /* sleep if we are allowed and we haven't exhausted our |
| 1519 | if (sleep_time > 0) { | 1497 | * backlog wait limit */ |
| 1520 | sleep_time = wait_for_auditd(sleep_time); | 1498 | if ((gfp_mask & __GFP_DIRECT_RECLAIM) && |
| 1521 | if (sleep_time > 0) | 1499 | (sleep_time > 0)) { |
| 1522 | continue; | 1500 | DECLARE_WAITQUEUE(wait, current); |
| 1501 | |||
| 1502 | add_wait_queue_exclusive(&audit_backlog_wait, | ||
| 1503 | &wait); | ||
| 1504 | set_current_state(TASK_UNINTERRUPTIBLE); | ||
| 1505 | sleep_time = schedule_timeout(sleep_time); | ||
| 1506 | remove_wait_queue(&audit_backlog_wait, &wait); | ||
| 1507 | } else { | ||
| 1508 | if (audit_rate_check() && printk_ratelimit()) | ||
| 1509 | pr_warn("audit_backlog=%d > audit_backlog_limit=%d\n", | ||
| 1510 | skb_queue_len(&audit_queue), | ||
| 1511 | audit_backlog_limit); | ||
| 1512 | audit_log_lost("backlog limit exceeded"); | ||
| 1513 | return NULL; | ||
| 1523 | } | 1514 | } |
| 1524 | } | 1515 | } |
| 1525 | if (audit_rate_check() && printk_ratelimit()) | ||
| 1526 | pr_warn("audit_backlog=%d > audit_backlog_limit=%d\n", | ||
| 1527 | skb_queue_len(&audit_queue), | ||
| 1528 | audit_backlog_limit); | ||
| 1529 | audit_log_lost("backlog limit exceeded"); | ||
| 1530 | audit_backlog_wait_time = 0; | ||
| 1531 | wake_up(&audit_backlog_wait); | ||
| 1532 | return NULL; | ||
| 1533 | } | 1516 | } |
| 1534 | 1517 | ||
| 1535 | if (!reserve && !audit_backlog_wait_time) | ||
| 1536 | audit_backlog_wait_time = audit_backlog_wait_time_master; | ||
| 1537 | |||
| 1538 | ab = audit_buffer_alloc(ctx, gfp_mask, type); | 1518 | ab = audit_buffer_alloc(ctx, gfp_mask, type); |
| 1539 | if (!ab) { | 1519 | if (!ab) { |
| 1540 | audit_log_lost("out of memory in audit_log_start"); | 1520 | audit_log_lost("out of memory in audit_log_start"); |
| @@ -1542,9 +1522,9 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, | |||
| 1542 | } | 1522 | } |
| 1543 | 1523 | ||
| 1544 | audit_get_stamp(ab->ctx, &t, &serial); | 1524 | audit_get_stamp(ab->ctx, &t, &serial); |
| 1545 | |||
| 1546 | audit_log_format(ab, "audit(%lu.%03lu:%u): ", | 1525 | audit_log_format(ab, "audit(%lu.%03lu:%u): ", |
| 1547 | t.tv_sec, t.tv_nsec/1000000, serial); | 1526 | t.tv_sec, t.tv_nsec/1000000, serial); |
| 1527 | |||
| 1548 | return ab; | 1528 | return ab; |
| 1549 | } | 1529 | } |
| 1550 | 1530 | ||