4 files changed, 94 insertions, 53 deletions

diff --git a/kernel/audit.c b/kernel/audit.c
index 72ab759a0b43..ab5745ddf962 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -43,6 +43,7 @@
 
 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 
+#include <linux/file.h>
 #include <linux/init.h>
 #include <linux/types.h>
 #include <linux/atomic.h>
@@ -107,6 +108,7 @@ static u32	audit_rate_limit;
  * When set to zero, this means unlimited. */
 static u32      audit_backlog_limit = 64;
 #define AUDIT_BACKLOG_WAIT_TIME (60 * HZ)
+static u32      audit_backlog_wait_time_master = AUDIT_BACKLOG_WAIT_TIME;
 static u32      audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME;
 static u32      audit_backlog_wait_overflow = 0;
 
@@ -338,13 +340,13 @@ static int audit_set_backlog_limit(u32 limit)
 static int audit_set_backlog_wait_time(u32 timeout)
 {
         return audit_do_config_change("audit_backlog_wait_time",
-                                      &audit_backlog_wait_time, timeout);
+                                      &audit_backlog_wait_time_master, timeout);
 }
 
 static int audit_set_enabled(u32 state)
 {
         int rc;
-        if (state < AUDIT_OFF || state > AUDIT_LOCKED)
+        if (state > AUDIT_LOCKED)
                 return -EINVAL;
 
         rc =  audit_do_config_change("audit_enabled", &audit_enabled, state);
@@ -663,7 +665,7 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type)
         case AUDIT_MAKE_EQUIV:
                 /* Only support auditd and auditctl in initial pid namespace
                  * for now. */
-                if ((task_active_pid_ns(current) != &init_pid_ns))
+                if (task_active_pid_ns(current) != &init_pid_ns)
                         return -EPERM;
 
                 if (!netlink_capable(skb, CAP_AUDIT_CONTROL))
@@ -834,7 +836,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                 s.lost                  = atomic_read(&audit_lost);
                 s.backlog               = skb_queue_len(&audit_skb_queue);
                 s.feature_bitmap        = AUDIT_FEATURE_BITMAP_ALL;
-                s.backlog_wait_time     = audit_backlog_wait_time;
+                s.backlog_wait_time     = audit_backlog_wait_time_master;
                 audit_send_reply(skb, seq, AUDIT_GET, 0, 0, &s, sizeof(s));
                 break;
         }
@@ -877,8 +879,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                 if (s.mask & AUDIT_STATUS_BACKLOG_WAIT_TIME) {
                         if (sizeof(s) > (size_t)nlh->nlmsg_len)
                                 return -EINVAL;
-                        if (s.backlog_wait_time < 0 ||
-                            s.backlog_wait_time > 10*AUDIT_BACKLOG_WAIT_TIME)
+                        if (s.backlog_wait_time > 10*AUDIT_BACKLOG_WAIT_TIME)
                                 return -EINVAL;
                         err = audit_set_backlog_wait_time(s.backlog_wait_time);
                         if (err < 0)
@@ -1385,7 +1386,8 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
                 return NULL;
         }
 
-        audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME;
+        if (!reserve)
+                audit_backlog_wait_time = audit_backlog_wait_time_master;
 
         ab = audit_buffer_alloc(ctx, gfp_mask, type);
         if (!ab) {
@@ -1759,7 +1761,7 @@ void audit_log_name(struct audit_context *context, struct audit_names *n,
         } else
                 audit_log_format(ab, " name=(null)");
 
-        if (n->ino != (unsigned long)-1) {
+        if (n->ino != (unsigned long)-1)
                 audit_log_format(ab, " inode=%lu"
                                  " dev=%02x:%02x mode=%#ho"
                                  " ouid=%u ogid=%u rdev=%02x:%02x",
@@ -1771,7 +1773,6 @@ void audit_log_name(struct audit_context *context, struct audit_names *n,
                                  from_kgid(&init_user_ns, n->gid),
                                  MAJOR(n->rdev),
                                  MINOR(n->rdev));
-        }
         if (n->osid != 0) {
                 char *ctx = NULL;
                 u32 len;
@@ -1838,11 +1839,29 @@ error_path:
 }
 EXPORT_SYMBOL(audit_log_task_context);
 
+void audit_log_d_path_exe(struct audit_buffer *ab,
+                          struct mm_struct *mm)
+{
+        struct file *exe_file;
+
+        if (!mm)
+                goto out_null;
+
+        exe_file = get_mm_exe_file(mm);
+        if (!exe_file)
+                goto out_null;
+
+        audit_log_d_path(ab, " exe=", &exe_file->f_path);
+        fput(exe_file);
+        return;
+out_null:
+        audit_log_format(ab, " exe=(null)");
+}
+
 void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
 {
         const struct cred *cred;
         char comm[sizeof(tsk->comm)];
-        struct mm_struct *mm = tsk->mm;
         char *tty;
 
         if (!ab)
@@ -1878,13 +1897,7 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
         audit_log_format(ab, " comm=");
         audit_log_untrustedstring(ab, get_task_comm(comm, tsk));
 
-        if (mm) {
-                down_read(&mm->mmap_sem);
-                if (mm->exe_file)
-                        audit_log_d_path(ab, " exe=", &mm->exe_file->f_path);
-                up_read(&mm->mmap_sem);
-        } else
-                audit_log_format(ab, " exe=(null)");
+        audit_log_d_path_exe(ab, tsk->mm);
         audit_log_task_context(ab);
 }
 EXPORT_SYMBOL(audit_log_task_info);
diff --git a/kernel/audit.h b/kernel/audit.h
index 1caa0d345d90..d641f9bb3ed0 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -257,6 +257,9 @@ extern struct list_head audit_filter_list[];
 
 extern struct audit_entry *audit_dupe_rule(struct audit_krule *old);
 
+extern void audit_log_d_path_exe(struct audit_buffer *ab,
+                                 struct mm_struct *mm);
+
 /* audit watch functions */
 #ifdef CONFIG_AUDIT_WATCH
 extern void audit_put_watch(struct audit_watch *watch);
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
index 2e0c97427b33..71fd1f289885 100644
--- a/kernel/audit_tree.c
+++ b/kernel/audit_tree.c
@@ -37,6 +37,7 @@ struct audit_chunk {
 
 static LIST_HEAD(tree_list);
 static LIST_HEAD(prune_list);
+static struct task_struct *prune_thread;
 
 /*
  * One struct chunk is attached to each inode of interest.
@@ -651,6 +652,57 @@ static int tag_mount(struct vfsmount *mnt, void *arg)
         return tag_chunk(mnt->mnt_root->d_inode, arg);
 }
 
+/*
+ * That gets run when evict_chunk() ends up needing to kill audit_tree.
+ * Runs from a separate thread.
+ */
+static int prune_tree_thread(void *unused)
+{
+        for (;;) {
+                set_current_state(TASK_INTERRUPTIBLE);
+                if (list_empty(&prune_list))
+                        schedule();
+                __set_current_state(TASK_RUNNING);
+
+                mutex_lock(&audit_cmd_mutex);
+                mutex_lock(&audit_filter_mutex);
+
+                while (!list_empty(&prune_list)) {
+                        struct audit_tree *victim;
+
+                        victim = list_entry(prune_list.next,
+                                        struct audit_tree, list);
+                        list_del_init(&victim->list);
+
+                        mutex_unlock(&audit_filter_mutex);
+
+                        prune_one(victim);
+
+                        mutex_lock(&audit_filter_mutex);
+                }
+
+                mutex_unlock(&audit_filter_mutex);
+                mutex_unlock(&audit_cmd_mutex);
+        }
+        return 0;
+}
+
+static int audit_launch_prune(void)
+{
+        if (prune_thread)
+                return 0;
+        prune_thread = kthread_create(prune_tree_thread, NULL,
+                                "audit_prune_tree");
+        if (IS_ERR(prune_thread)) {
+                pr_err("cannot start thread audit_prune_tree");
+                prune_thread = NULL;
+                return -ENOMEM;
+        } else {
+                wake_up_process(prune_thread);
+                return 0;
+        }
+}
+
 /* called with audit_filter_mutex */
 int audit_add_tree_rule(struct audit_krule *rule)
 {
@@ -674,6 +726,12 @@ int audit_add_tree_rule(struct audit_krule *rule)
         /* do not set rule->tree yet */
         mutex_unlock(&audit_filter_mutex);
 
+        if (unlikely(!prune_thread)) {
+                err = audit_launch_prune();
+                if (err)
+                        goto Err;
+        }
+
         err = kern_path(tree->pathname, 0, &path);
         if (err)
                 goto Err;
@@ -811,36 +869,10 @@ int audit_tag_tree(char *old, char *new)
         return failed;
 }
 
-/*
- * That gets run when evict_chunk() ends up needing to kill audit_tree.
- * Runs from a separate thread.
- */
-static int prune_tree_thread(void *unused)
-{
-        mutex_lock(&audit_cmd_mutex);
-        mutex_lock(&audit_filter_mutex);
-
-        while (!list_empty(&prune_list)) {
-                struct audit_tree *victim;
-
-                victim = list_entry(prune_list.next, struct audit_tree, list);
-                list_del_init(&victim->list);
-
-                mutex_unlock(&audit_filter_mutex);
-
-                prune_one(victim);
-
-                mutex_lock(&audit_filter_mutex);
-        }
-
-        mutex_unlock(&audit_filter_mutex);
-        mutex_unlock(&audit_cmd_mutex);
-        return 0;
-}
 
 static void audit_schedule_prune(void)
 {
-        kthread_run(prune_tree_thread, NULL, "audit_prune_tree");
+        wake_up_process(prune_thread);
 }
 
 /*
@@ -907,9 +939,9 @@ static void evict_chunk(struct audit_chunk *chunk)
         for (n = 0; n < chunk->count; n++)
                 list_del_init(&chunk->owners[n].list);
         spin_unlock(&hash_lock);
+        mutex_unlock(&audit_filter_mutex);
         if (need_prune)
                 audit_schedule_prune();
-        mutex_unlock(&audit_filter_mutex);
 }
 
 static int audit_tree_handle_event(struct fsnotify_group *group,
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index dc4ae70a7413..84c74d08c62b 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2361,7 +2361,6 @@ static void audit_log_task(struct audit_buffer *ab)
         kuid_t auid, uid;
         kgid_t gid;
         unsigned int sessionid;
-        struct mm_struct *mm = current->mm;
         char comm[sizeof(current->comm)];
 
         auid = audit_get_loginuid(current);
@@ -2376,13 +2375,7 @@ static void audit_log_task(struct audit_buffer *ab)
         audit_log_task_context(ab);
         audit_log_format(ab, " pid=%d comm=", task_pid_nr(current));
         audit_log_untrustedstring(ab, get_task_comm(comm, current));
-        if (mm) {
-                down_read(&mm->mmap_sem);
-                if (mm->exe_file)
-                        audit_log_d_path(ab, " exe=", &mm->exe_file->f_path);
-                up_read(&mm->mmap_sem);
-        } else
-                audit_log_format(ab, " exe=(null)");
+        audit_log_d_path_exe(ab, current->mm);
 }
 
 /**