1 files changed, 79 insertions, 49 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 7f0699790d46..83096b67510a 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -79,6 +79,8 @@ static int	audit_rate_limit;
 /* Number of outstanding audit_buffers allowed. */
 static int      audit_backlog_limit = 64;
+static int      audit_backlog_wait_time = 60 * HZ;
+static int      audit_backlog_wait_overflow = 0;
 /* The identity of the user shutting down the audit system. */
 uid_t           audit_sig_uid = -1;
@@ -106,18 +108,12 @@ static LIST_HEAD(audit_freelist);
 static struct sk_buff_head audit_skb_queue;
 static struct task_struct *kauditd_task;
 static DECLARE_WAIT_QUEUE_HEAD(kauditd_wait);
+static DECLARE_WAIT_QUEUE_HEAD(audit_backlog_wait);
-/* There are three lists of rules -- one to search at task creation
- * time, one to search at syscall entry time, and another to search at
- * syscall exit time. */
-static LIST_HEAD(audit_tsklist);
-static LIST_HEAD(audit_entlist);
-static LIST_HEAD(audit_extlist);
 /* The netlink socket is only to be read by 1 CPU, which lets us assume
 * that list additions and deletions never happen simultaneously in
 * auditsc.c */
-static DECLARE_MUTEX(audit_netlink_sem);
+DECLARE_MUTEX(audit_netlink_sem);
 /* AUDIT_BUFSIZ is the size of the temporary buffer used for formatting
 * audit records.  Since printk uses a 1024 byte buffer, this buffer
@@ -137,6 +133,7 @@ struct audit_buffer {
        struct list_head     list;
        struct sk_buff       *skb;      /* formatted skb ready to send */
        struct audit_context *ctx;      /* NULL or associated context */
+        int                  gfp_mask;
 };
 static void audit_set_pid(struct audit_buffer *ab, pid_t pid)
@@ -145,11 +142,6 @@ static void audit_set_pid(struct audit_buffer *ab, pid_t pid)
        nlh->nlmsg_pid = pid;
 }
-struct audit_entry {
-        struct list_head  list;
-        struct audit_rule rule;
-};
 static void audit_panic(const char *message)
 {
        switch (audit_failure)
@@ -233,7 +225,7 @@ static int audit_set_rate_limit(int limit, uid_t loginuid)
 {
        int old          = audit_rate_limit;
        audit_rate_limit = limit;
-        audit_log(NULL, AUDIT_CONFIG_CHANGE, 
+        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, 
                        "audit_rate_limit=%d old=%d by auid=%u",
                        audit_rate_limit, old, loginuid);
        return old;
@@ -243,7 +235,7 @@ static int audit_set_backlog_limit(int limit, uid_t loginuid)
 {
        int old          = audit_backlog_limit;
        audit_backlog_limit = limit;
-        audit_log(NULL, AUDIT_CONFIG_CHANGE,
+        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
                        "audit_backlog_limit=%d old=%d by auid=%u",
                        audit_backlog_limit, old, loginuid);
        return old;
@@ -255,7 +247,7 @@ static int audit_set_enabled(int state, uid_t loginuid)
        if (state != 0 && state != 1)
                return -EINVAL;
        audit_enabled = state;
-        audit_log(NULL, AUDIT_CONFIG_CHANGE,
+        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
                        "audit_enabled=%d old=%d by auid=%u",
                        audit_enabled, old, loginuid);
        return old;
@@ -269,7 +261,7 @@ static int audit_set_failure(int state, uid_t loginuid)
            && state != AUDIT_FAIL_PANIC)
                return -EINVAL;
        audit_failure = state;
-        audit_log(NULL, AUDIT_CONFIG_CHANGE,
+        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
                        "audit_failure=%d old=%d by auid=%u",
                        audit_failure, old, loginuid);
        return old;
@@ -281,6 +273,7 @@ int kauditd_thread(void *dummy)
        while (1) {
                skb = skb_dequeue(&audit_skb_queue);
+                wake_up(&audit_backlog_wait);
                if (skb) {
                        if (audit_pid) {
                                int err = netlink_unicast(audit_sock, skb, audit_pid, 0);
@@ -290,7 +283,7 @@ int kauditd_thread(void *dummy)
                                        audit_pid = 0;
                                }
                        } else {
-                                printk(KERN_ERR "%s\n", skb->data + NLMSG_SPACE(0));
+                                printk(KERN_NOTICE "%s\n", skb->data + NLMSG_SPACE(0));
                                kfree_skb(skb);
                        }
                } else {
@@ -423,7 +416,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                if (status_get->mask & AUDIT_STATUS_PID) {
                        int old   = audit_pid;
                        audit_pid = status_get->pid;
-                        audit_log(NULL, AUDIT_CONFIG_CHANGE,
+                        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
                                "audit_pid=%d old=%d by auid=%u",
                                  audit_pid, old, loginuid);
                }
@@ -435,15 +428,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                break;
        case AUDIT_USER:
        case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
-                ab = audit_log_start(NULL, msg_type);
+                if (!audit_enabled && msg_type != AUDIT_USER_AVC)
-                if (!ab)
+                        return 0;
-                        break;  /* audit_panic has been called */
-                audit_log_format(ab,
+                err = audit_filter_user(&NETLINK_CB(skb), msg_type);
-                                 "user pid=%d uid=%u auid=%u"
+                if (err == 1) {
-                                 " msg='%.1024s'",
+                        err = 0;
-                                 pid, uid, loginuid, (char *)data);
+                        ab = audit_log_start(NULL, GFP_KERNEL, msg_type);
-                audit_set_pid(ab, pid);
+                        if (ab) {
-                audit_log_end(ab);
+                                audit_log_format(ab,
+                                                 "user pid=%d uid=%u auid=%u msg='%.1024s'",
+                                                 pid, uid, loginuid, (char *)data);
+                                audit_set_pid(ab, pid);
+                                audit_log_end(ab);
+                        }
+                }
                break;
        case AUDIT_ADD:
        case AUDIT_DEL:
@@ -523,7 +522,7 @@ static int __init audit_init(void)
        skb_queue_head_init(&audit_skb_queue);
        audit_initialized = 1;
        audit_enabled = audit_default;
-        audit_log(NULL, AUDIT_KERNEL, "initialized");
+        audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized");
        return 0;
 }
 __initcall(audit_init);
@@ -561,7 +560,7 @@ static void audit_buffer_free(struct audit_buffer *ab)
 }
 static struct audit_buffer * audit_buffer_alloc(struct audit_context *ctx,
-                                                int gfp_mask, int type)
+                                                unsigned int __nocast gfp_mask, int type)
 {
        unsigned long flags;
        struct audit_buffer *ab = NULL;
@@ -587,6 +586,7 @@ static struct audit_buffer * audit_buffer_alloc(struct audit_context *ctx,
                goto err;
        ab->ctx = ctx;
+        ab->gfp_mask = gfp_mask;
        nlh = (struct nlmsghdr *)skb_put(ab->skb, NLMSG_SPACE(0));
        nlh->nlmsg_type = type;
        nlh->nlmsg_flags = 0;
@@ -606,26 +606,27 @@ err:
 * (timestamp,serial) tuple is unique for each syscall and is live from
 * syscall entry to syscall exit.
 *
- * Atomic values are only guaranteed to be 24-bit, so we count down.
- *
 * NOTE: Another possibility is to store the formatted records off the
 * audit context (for those records that have a context), and emit them
 * all at syscall exit.  However, this could delay the reporting of
 * significant errors until syscall exit (or never, if the system
 * halts). */
 unsigned int audit_serial(void)
 {
-        static atomic_t serial = ATOMIC_INIT(0xffffff);
+        static spinlock_t serial_lock = SPIN_LOCK_UNLOCKED;
-        unsigned int a, b;
+        static unsigned int serial = 0;
+        unsigned long flags;
+        unsigned int ret;
+        spin_lock_irqsave(&serial_lock, flags);
        do {
-                a = atomic_read(&serial);
+                ret = ++serial;
-                if (atomic_dec_and_test(&serial))
+        } while (unlikely(!ret));
-                        atomic_set(&serial, 0xffffff);
+        spin_unlock_irqrestore(&serial_lock, flags);
-                b = atomic_read(&serial);
-        } while (b != a - 1);
-        return 0xffffff - b;
+        return ret;
 }
 static inline void audit_get_stamp(struct audit_context *ctx, 
@@ -645,17 +646,43 @@ static inline void audit_get_stamp(struct audit_context *ctx,
 * syscall, then the syscall is marked as auditable and an audit record
 * will be written at syscall exit.  If there is no associated task, tsk
 * should be NULL. */
-struct audit_buffer *audit_log_start(struct audit_context *ctx, int type)
+struct audit_buffer *audit_log_start(struct audit_context *ctx, int gfp_mask,
+                                     int type)
 {
        struct audit_buffer     *ab     = NULL;
        struct timespec         t;
        unsigned int            serial;
+        int reserve;
+        unsigned long timeout_start = jiffies;
        if (!audit_initialized)
                return NULL;
-        if (audit_backlog_limit
+        if (gfp_mask & __GFP_WAIT)
-            && skb_queue_len(&audit_skb_queue) > audit_backlog_limit) {
+                reserve = 0;
+        else
+                reserve = 5; /* Allow atomic callers to go up to five 
+                                entries over the normal backlog limit */
+        while (audit_backlog_limit
+               && skb_queue_len(&audit_skb_queue) > audit_backlog_limit + reserve) {
+                if (gfp_mask & __GFP_WAIT && audit_backlog_wait_time
+                    && time_before(jiffies, timeout_start + audit_backlog_wait_time)) {
+                        /* Wait for auditd to drain the queue a little */
+                        DECLARE_WAITQUEUE(wait, current);
+                        set_current_state(TASK_INTERRUPTIBLE);
+                        add_wait_queue(&audit_backlog_wait, &wait);
+                        if (audit_backlog_limit &&
+                            skb_queue_len(&audit_skb_queue) > audit_backlog_limit)
+                                schedule_timeout(timeout_start + audit_backlog_wait_time - jiffies);
+                        __set_current_state(TASK_RUNNING);
+                        remove_wait_queue(&audit_backlog_wait, &wait);
+                        continue;
+                }
                if (audit_rate_check())
                        printk(KERN_WARNING
                               "audit: audit_backlog=%d > "
@@ -663,10 +690,12 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, int type)
                               skb_queue_len(&audit_skb_queue),
                               audit_backlog_limit);
                audit_log_lost("backlog limit exceeded");
+                audit_backlog_wait_time = audit_backlog_wait_overflow;
+                wake_up(&audit_backlog_wait);
                return NULL;
        }
-        ab = audit_buffer_alloc(ctx, GFP_ATOMIC, type);
+        ab = audit_buffer_alloc(ctx, gfp_mask, type);
        if (!ab) {
                audit_log_lost("out of memory in audit_log_start");
                return NULL;
@@ -690,7 +719,7 @@ static inline int audit_expand(struct audit_buffer *ab, int extra)
 {
        struct sk_buff *skb = ab->skb;
        int ret = pskb_expand_head(skb, skb_headroom(skb), extra,
-                                   GFP_ATOMIC);
+                                   ab->gfp_mask);
        if (ret < 0) {
                audit_log_lost("out of memory in audit_expand");
                return 0;
@@ -809,7 +838,7 @@ void audit_log_d_path(struct audit_buffer *ab, const char *prefix,
                audit_log_format(ab, " %s", prefix);
        /* We will allow 11 spaces for ' (deleted)' to be appended */
-        path = kmalloc(PATH_MAX+11, GFP_KERNEL);
+        path = kmalloc(PATH_MAX+11, ab->gfp_mask);
        if (!path) {
                audit_log_format(ab, "<no memory>");
                return;
@@ -841,7 +870,7 @@ void audit_log_end(struct audit_buffer *ab)
                        ab->skb = NULL;
                        wake_up_interruptible(&kauditd_wait);
                } else {
-                        printk("%s\n", ab->skb->data + NLMSG_SPACE(0));
+                        printk(KERN_NOTICE "%s\n", ab->skb->data + NLMSG_SPACE(0));
                }
        }
        audit_buffer_free(ab);
@@ -850,12 +879,13 @@ void audit_log_end(struct audit_buffer *ab)
 /* Log an audit record.  This is a convenience function that calls
 * audit_log_start, audit_log_vformat, and audit_log_end.  It may be
 * called in any context. */
-void audit_log(struct audit_context *ctx, int type, const char *fmt, ...)
+void audit_log(struct audit_context *ctx, int gfp_mask, int type, 
+               const char *fmt, ...)
 {
        struct audit_buffer *ab;
        va_list args;
-        ab = audit_log_start(ctx, type);
+        ab = audit_log_start(ctx, gfp_mask, type);
        if (ab) {
                va_start(args, fmt);
                audit_log_vformat(ab, fmt, args);

diff --git a/kernel/audit.c b/kernel/audit.c index 7f0699790d46..83096b67510a 100644 --- a/kernel/audit.c +++ b/kernel/audit.c
@@ -79,6 +79,8 @@ static int audit_rate_limit;
79		79
80	/* Number of outstanding audit_buffers allowed. */	80	/* Number of outstanding audit_buffers allowed. */
81	static int audit_backlog_limit = 64;	81	static int audit_backlog_limit = 64;
		82	static int audit_backlog_wait_time = 60 * HZ;
		83	static int audit_backlog_wait_overflow = 0;
82		84
83	/* The identity of the user shutting down the audit system. */	85	/* The identity of the user shutting down the audit system. */
84	uid_t audit_sig_uid = -1;	86	uid_t audit_sig_uid = -1;
@@ -106,18 +108,12 @@ static LIST_HEAD(audit_freelist);
106	static struct sk_buff_head audit_skb_queue;	108	static struct sk_buff_head audit_skb_queue;
107	static struct task_struct *kauditd_task;	109	static struct task_struct *kauditd_task;
108	static DECLARE_WAIT_QUEUE_HEAD(kauditd_wait);	110	static DECLARE_WAIT_QUEUE_HEAD(kauditd_wait);
109		111	static DECLARE_WAIT_QUEUE_HEAD(audit_backlog_wait);
110	/* There are three lists of rules -- one to search at task creation
111	* time, one to search at syscall entry time, and another to search at
112	* syscall exit time. */
113	static LIST_HEAD(audit_tsklist);
114	static LIST_HEAD(audit_entlist);
115	static LIST_HEAD(audit_extlist);
116		112
117	/* The netlink socket is only to be read by 1 CPU, which lets us assume	113	/* The netlink socket is only to be read by 1 CPU, which lets us assume
118	* that list additions and deletions never happen simultaneously in	114	* that list additions and deletions never happen simultaneously in
119	* auditsc.c */	115	* auditsc.c */
120	static DECLARE_MUTEX(audit_netlink_sem);	116	DECLARE_MUTEX(audit_netlink_sem);
121		117
122	/* AUDIT_BUFSIZ is the size of the temporary buffer used for formatting	118	/* AUDIT_BUFSIZ is the size of the temporary buffer used for formatting
123	* audit records. Since printk uses a 1024 byte buffer, this buffer	119	* audit records. Since printk uses a 1024 byte buffer, this buffer
@@ -137,6 +133,7 @@ struct audit_buffer {
137	struct list_head list;	133	struct list_head list;
138	struct sk_buff skb; / formatted skb ready to send */	134	struct sk_buff skb; / formatted skb ready to send */
139	struct audit_context ctx; / NULL or associated context */	135	struct audit_context ctx; / NULL or associated context */
		136	int gfp_mask;
140	};	137	};
141		138
142	static void audit_set_pid(struct audit_buffer *ab, pid_t pid)	139	static void audit_set_pid(struct audit_buffer *ab, pid_t pid)
@@ -145,11 +142,6 @@ static void audit_set_pid(struct audit_buffer *ab, pid_t pid)
145	nlh->nlmsg_pid = pid;	142	nlh->nlmsg_pid = pid;
146	}	143	}
147		144
148	struct audit_entry {
149	struct list_head list;
150	struct audit_rule rule;
151	};
152
153	static void audit_panic(const char *message)	145	static void audit_panic(const char *message)
154	{	146	{
155	switch (audit_failure)	147	switch (audit_failure)
@@ -233,7 +225,7 @@ static int audit_set_rate_limit(int limit, uid_t loginuid)
233	{	225	{
234	int old = audit_rate_limit;	226	int old = audit_rate_limit;
235	audit_rate_limit = limit;	227	audit_rate_limit = limit;
236	audit_log(NULL, AUDIT_CONFIG_CHANGE,	228	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
237	"audit_rate_limit=%d old=%d by auid=%u",	229	"audit_rate_limit=%d old=%d by auid=%u",
238	audit_rate_limit, old, loginuid);	230	audit_rate_limit, old, loginuid);
239	return old;	231	return old;
@@ -243,7 +235,7 @@ static int audit_set_backlog_limit(int limit, uid_t loginuid)
243	{	235	{
244	int old = audit_backlog_limit;	236	int old = audit_backlog_limit;
245	audit_backlog_limit = limit;	237	audit_backlog_limit = limit;
246	audit_log(NULL, AUDIT_CONFIG_CHANGE,	238	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
247	"audit_backlog_limit=%d old=%d by auid=%u",	239	"audit_backlog_limit=%d old=%d by auid=%u",
248	audit_backlog_limit, old, loginuid);	240	audit_backlog_limit, old, loginuid);
249	return old;	241	return old;
@@ -255,7 +247,7 @@ static int audit_set_enabled(int state, uid_t loginuid)
255	if (state != 0 && state != 1)	247	if (state != 0 && state != 1)
256	return -EINVAL;	248	return -EINVAL;
257	audit_enabled = state;	249	audit_enabled = state;
258	audit_log(NULL, AUDIT_CONFIG_CHANGE,	250	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
259	"audit_enabled=%d old=%d by auid=%u",	251	"audit_enabled=%d old=%d by auid=%u",
260	audit_enabled, old, loginuid);	252	audit_enabled, old, loginuid);
261	return old;	253	return old;
@@ -269,7 +261,7 @@ static int audit_set_failure(int state, uid_t loginuid)
269	&& state != AUDIT_FAIL_PANIC)	261	&& state != AUDIT_FAIL_PANIC)
270	return -EINVAL;	262	return -EINVAL;
271	audit_failure = state;	263	audit_failure = state;
272	audit_log(NULL, AUDIT_CONFIG_CHANGE,	264	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
273	"audit_failure=%d old=%d by auid=%u",	265	"audit_failure=%d old=%d by auid=%u",
274	audit_failure, old, loginuid);	266	audit_failure, old, loginuid);
275	return old;	267	return old;
@@ -281,6 +273,7 @@ int kauditd_thread(void *dummy)
281		273
282	while (1) {	274	while (1) {
283	skb = skb_dequeue(&audit_skb_queue);	275	skb = skb_dequeue(&audit_skb_queue);
		276	wake_up(&audit_backlog_wait);
284	if (skb) {	277	if (skb) {
285	if (audit_pid) {	278	if (audit_pid) {
286	int err = netlink_unicast(audit_sock, skb, audit_pid, 0);	279	int err = netlink_unicast(audit_sock, skb, audit_pid, 0);
@@ -290,7 +283,7 @@ int kauditd_thread(void *dummy)
290	audit_pid = 0;	283	audit_pid = 0;
291	}	284	}
292	} else {	285	} else {
293	printk(KERN_ERR "%s\n", skb->data + NLMSG_SPACE(0));	286	printk(KERN_NOTICE "%s\n", skb->data + NLMSG_SPACE(0));
294	kfree_skb(skb);	287	kfree_skb(skb);
295	}	288	}
296	} else {	289	} else {
@@ -423,7 +416,7 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
423	if (status_get->mask & AUDIT_STATUS_PID) {	416	if (status_get->mask & AUDIT_STATUS_PID) {
424	int old = audit_pid;	417	int old = audit_pid;
425	audit_pid = status_get->pid;	418	audit_pid = status_get->pid;
426	audit_log(NULL, AUDIT_CONFIG_CHANGE,	419	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
427	"audit_pid=%d old=%d by auid=%u",	420	"audit_pid=%d old=%d by auid=%u",
428	audit_pid, old, loginuid);	421	audit_pid, old, loginuid);
429	}	422	}
@@ -435,15 +428,21 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
435	break;	428	break;
436	case AUDIT_USER:	429	case AUDIT_USER:
437	case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:	430	case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
438	ab = audit_log_start(NULL, msg_type);	431	if (!audit_enabled && msg_type != AUDIT_USER_AVC)
439	if (!ab)	432	return 0;
440	break; /* audit_panic has been called */	433
441	audit_log_format(ab,	434	err = audit_filter_user(&NETLINK_CB(skb), msg_type);
442	"user pid=%d uid=%u auid=%u"	435	if (err == 1) {
443	" msg='%.1024s'",	436	err = 0;
444	pid, uid, loginuid, (char *)data);	437	ab = audit_log_start(NULL, GFP_KERNEL, msg_type);
445	audit_set_pid(ab, pid);	438	if (ab) {
446	audit_log_end(ab);	439	audit_log_format(ab,
		440	"user pid=%d uid=%u auid=%u msg='%.1024s'",
		441	pid, uid, loginuid, (char *)data);
		442	audit_set_pid(ab, pid);
		443	audit_log_end(ab);
		444	}
		445	}
447	break;	446	break;
448	case AUDIT_ADD:	447	case AUDIT_ADD:
449	case AUDIT_DEL:	448	case AUDIT_DEL:
@@ -523,7 +522,7 @@ static int __init audit_init(void)
523	skb_queue_head_init(&audit_skb_queue);	522	skb_queue_head_init(&audit_skb_queue);
524	audit_initialized = 1;	523	audit_initialized = 1;
525	audit_enabled = audit_default;	524	audit_enabled = audit_default;
526	audit_log(NULL, AUDIT_KERNEL, "initialized");	525	audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized");
527	return 0;	526	return 0;
528	}	527	}
529	__initcall(audit_init);	528	__initcall(audit_init);
@@ -561,7 +560,7 @@ static void audit_buffer_free(struct audit_buffer *ab)
561	}	560	}
562		561
563	static struct audit_buffer * audit_buffer_alloc(struct audit_context *ctx,	562	static struct audit_buffer * audit_buffer_alloc(struct audit_context *ctx,
564	int gfp_mask, int type)	563	unsigned int __nocast gfp_mask, int type)
565	{	564	{
566	unsigned long flags;	565	unsigned long flags;
567	struct audit_buffer *ab = NULL;	566	struct audit_buffer *ab = NULL;
@@ -587,6 +586,7 @@ static struct audit_buffer * audit_buffer_alloc(struct audit_context *ctx,
587	goto err;	586	goto err;
588		587
589	ab->ctx = ctx;	588	ab->ctx = ctx;
		589	ab->gfp_mask = gfp_mask;
590	nlh = (struct nlmsghdr *)skb_put(ab->skb, NLMSG_SPACE(0));	590	nlh = (struct nlmsghdr *)skb_put(ab->skb, NLMSG_SPACE(0));
591	nlh->nlmsg_type = type;	591	nlh->nlmsg_type = type;
592	nlh->nlmsg_flags = 0;	592	nlh->nlmsg_flags = 0;
@@ -606,26 +606,27 @@ err:
606	* (timestamp,serial) tuple is unique for each syscall and is live from	606	* (timestamp,serial) tuple is unique for each syscall and is live from
607	* syscall entry to syscall exit.	607	* syscall entry to syscall exit.
608	*	608	*
609	* Atomic values are only guaranteed to be 24-bit, so we count down.
610	*
611	* NOTE: Another possibility is to store the formatted records off the	609	* NOTE: Another possibility is to store the formatted records off the
612	* audit context (for those records that have a context), and emit them	610	* audit context (for those records that have a context), and emit them
613	* all at syscall exit. However, this could delay the reporting of	611	* all at syscall exit. However, this could delay the reporting of
614	* significant errors until syscall exit (or never, if the system	612	* significant errors until syscall exit (or never, if the system
615	* halts). */	613	* halts). */
		614
616	unsigned int audit_serial(void)	615	unsigned int audit_serial(void)
617	{	616	{
618	static atomic_t serial = ATOMIC_INIT(0xffffff);	617	static spinlock_t serial_lock = SPIN_LOCK_UNLOCKED;
619	unsigned int a, b;	618	static unsigned int serial = 0;
		619
		620	unsigned long flags;
		621	unsigned int ret;
620		622
		623	spin_lock_irqsave(&serial_lock, flags);
621	do {	624	do {
622	a = atomic_read(&serial);	625	ret = ++serial;
623	if (atomic_dec_and_test(&serial))	626	} while (unlikely(!ret));
624	atomic_set(&serial, 0xffffff);	627	spin_unlock_irqrestore(&serial_lock, flags);
625	b = atomic_read(&serial);
626	} while (b != a - 1);
627		628
628	return 0xffffff - b;	629	return ret;
629	}	630	}
630		631
631	static inline void audit_get_stamp(struct audit_context *ctx,	632	static inline void audit_get_stamp(struct audit_context *ctx,
@@ -645,17 +646,43 @@ static inline void audit_get_stamp(struct audit_context *ctx,
645	* syscall, then the syscall is marked as auditable and an audit record	646	* syscall, then the syscall is marked as auditable and an audit record
646	* will be written at syscall exit. If there is no associated task, tsk	647	* will be written at syscall exit. If there is no associated task, tsk
647	* should be NULL. */	648	* should be NULL. */
648	struct audit_buffer audit_log_start(struct audit_context ctx, int type)	649
		650	struct audit_buffer audit_log_start(struct audit_context ctx, int gfp_mask,
		651	int type)
649	{	652	{
650	struct audit_buffer *ab = NULL;	653	struct audit_buffer *ab = NULL;
651	struct timespec t;	654	struct timespec t;
652	unsigned int serial;	655	unsigned int serial;
		656	int reserve;
		657	unsigned long timeout_start = jiffies;
653		658
654	if (!audit_initialized)	659	if (!audit_initialized)
655	return NULL;	660	return NULL;
656		661
657	if (audit_backlog_limit	662	if (gfp_mask & __GFP_WAIT)
658	&& skb_queue_len(&audit_skb_queue) > audit_backlog_limit) {	663	reserve = 0;
		664	else
		665	reserve = 5; /* Allow atomic callers to go up to five
		666	entries over the normal backlog limit */
		667
		668	while (audit_backlog_limit
		669	&& skb_queue_len(&audit_skb_queue) > audit_backlog_limit + reserve) {
		670	if (gfp_mask & __GFP_WAIT && audit_backlog_wait_time
		671	&& time_before(jiffies, timeout_start + audit_backlog_wait_time)) {
		672
		673	/* Wait for auditd to drain the queue a little */
		674	DECLARE_WAITQUEUE(wait, current);
		675	set_current_state(TASK_INTERRUPTIBLE);
		676	add_wait_queue(&audit_backlog_wait, &wait);
		677
		678	if (audit_backlog_limit &&
		679	skb_queue_len(&audit_skb_queue) > audit_backlog_limit)
		680	schedule_timeout(timeout_start + audit_backlog_wait_time - jiffies);
		681
		682	__set_current_state(TASK_RUNNING);
		683	remove_wait_queue(&audit_backlog_wait, &wait);
		684	continue;
		685	}
659	if (audit_rate_check())	686	if (audit_rate_check())
660	printk(KERN_WARNING	687	printk(KERN_WARNING
661	"audit: audit_backlog=%d > "	688	"audit: audit_backlog=%d > "
@@ -663,10 +690,12 @@ struct audit_buffer audit_log_start(struct audit_context ctx, int type)
663	skb_queue_len(&audit_skb_queue),	690	skb_queue_len(&audit_skb_queue),
664	audit_backlog_limit);	691	audit_backlog_limit);
665	audit_log_lost("backlog limit exceeded");	692	audit_log_lost("backlog limit exceeded");
		693	audit_backlog_wait_time = audit_backlog_wait_overflow;
		694	wake_up(&audit_backlog_wait);
666	return NULL;	695	return NULL;
667	}	696	}
668		697
669	ab = audit_buffer_alloc(ctx, GFP_ATOMIC, type);	698	ab = audit_buffer_alloc(ctx, gfp_mask, type);
670	if (!ab) {	699	if (!ab) {
671	audit_log_lost("out of memory in audit_log_start");	700	audit_log_lost("out of memory in audit_log_start");
672	return NULL;	701	return NULL;
@@ -690,7 +719,7 @@ static inline int audit_expand(struct audit_buffer *ab, int extra)
690	{	719	{
691	struct sk_buff *skb = ab->skb;	720	struct sk_buff *skb = ab->skb;
692	int ret = pskb_expand_head(skb, skb_headroom(skb), extra,	721	int ret = pskb_expand_head(skb, skb_headroom(skb), extra,
693	GFP_ATOMIC);	722	ab->gfp_mask);
694	if (ret < 0) {	723	if (ret < 0) {
695	audit_log_lost("out of memory in audit_expand");	724	audit_log_lost("out of memory in audit_expand");
696	return 0;	725	return 0;
@@ -809,7 +838,7 @@ void audit_log_d_path(struct audit_buffer ab, const char prefix,
809	audit_log_format(ab, " %s", prefix);	838	audit_log_format(ab, " %s", prefix);
810		839
811	/* We will allow 11 spaces for ' (deleted)' to be appended */	840	/* We will allow 11 spaces for ' (deleted)' to be appended */
812	path = kmalloc(PATH_MAX+11, GFP_KERNEL);	841	path = kmalloc(PATH_MAX+11, ab->gfp_mask);
813	if (!path) {	842	if (!path) {
814	audit_log_format(ab, "<no memory>");	843	audit_log_format(ab, "<no memory>");
815	return;	844	return;
@@ -841,7 +870,7 @@ void audit_log_end(struct audit_buffer *ab)
841	ab->skb = NULL;	870	ab->skb = NULL;
842	wake_up_interruptible(&kauditd_wait);	871	wake_up_interruptible(&kauditd_wait);
843	} else {	872	} else {
844	printk("%s\n", ab->skb->data + NLMSG_SPACE(0));	873	printk(KERN_NOTICE "%s\n", ab->skb->data + NLMSG_SPACE(0));
845	}	874	}
846	}	875	}
847	audit_buffer_free(ab);	876	audit_buffer_free(ab);
@@ -850,12 +879,13 @@ void audit_log_end(struct audit_buffer *ab)
850	/* Log an audit record. This is a convenience function that calls	879	/* Log an audit record. This is a convenience function that calls
851	* audit_log_start, audit_log_vformat, and audit_log_end. It may be	880	* audit_log_start, audit_log_vformat, and audit_log_end. It may be
852	* called in any context. */	881	* called in any context. */
853	void audit_log(struct audit_context ctx, int type, const char fmt, ...)	882	void audit_log(struct audit_context *ctx, int gfp_mask, int type,
		883	const char *fmt, ...)
854	{	884	{
855	struct audit_buffer *ab;	885	struct audit_buffer *ab;
856	va_list args;	886	va_list args;
857		887
858	ab = audit_log_start(ctx, type);	888	ab = audit_log_start(ctx, gfp_mask, type);
859	if (ab) {	889	if (ab) {
860	va_start(args, fmt);	890	va_start(args, fmt);
861	audit_log_vformat(ab, fmt, args);	891	audit_log_vformat(ab, fmt, args);