Eric Lee / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit 0dd8e06bdaa0a97e706ee1a489a1f6176c4ddc64

Authored by Chris Wright
Committed by David Woodhouse
1 parent 27b030d58c

[PATCH] add new audit data to last skb 

When adding more formatted audit data to an skb for delivery to userspace,
the kernel will attempt to reuse an skb that has spare room.  However, if
the audit message has already been fragmented to multiple skb's, the search
for spare room in the skb uses the head of the list.  This will corrupt the
audit message with trailing bytes being placed midway through the stream.
Fix is to look at the end of the list.

Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Showing 1 changed file with 1 additions and 1 deletions Inline Diff

1 /* audit.c -- Auditing support 1 /* audit.c -- Auditing support
2 * Gateway between the kernel (e.g., selinux) and the user-space audit daemon. 2 * Gateway between the kernel (e.g., selinux) and the user-space audit daemon.
3 * System-call specific features have moved to auditsc.c 3 * System-call specific features have moved to auditsc.c
4 * 4 *
5 * Copyright 2003-2004 Red Hat Inc., Durham, North Carolina. 5 * Copyright 2003-2004 Red Hat Inc., Durham, North Carolina.
6 * All Rights Reserved. 6 * All Rights Reserved.
7 * 7 *
8 * This program is free software; you can redistribute it and/or modify 8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by 9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or 10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version. 11 * (at your option) any later version.
12 * 12 *
13 * This program is distributed in the hope that it will be useful, 13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details. 16 * GNU General Public License for more details.
17 * 17 *
18 * You should have received a copy of the GNU General Public License 18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software 19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 * 21 *
22 * Written by Rickard E. (Rik) Faith <faith@redhat.com> 22 * Written by Rickard E. (Rik) Faith <faith@redhat.com>
23 * 23 *
24 * Goals: 1) Integrate fully with SELinux. 24 * Goals: 1) Integrate fully with SELinux.
25 * 2) Minimal run-time overhead: 25 * 2) Minimal run-time overhead:
26 * a) Minimal when syscall auditing is disabled (audit_enable=0). 26 * a) Minimal when syscall auditing is disabled (audit_enable=0).
27 * b) Small when syscall auditing is enabled and no audit record 27 * b) Small when syscall auditing is enabled and no audit record
28 * is generated (defer as much work as possible to record 28 * is generated (defer as much work as possible to record
29 * generation time): 29 * generation time):
30 * i) context is allocated, 30 * i) context is allocated,
31 * ii) names from getname are stored without a copy, and 31 * ii) names from getname are stored without a copy, and
32 * iii) inode information stored from path_lookup. 32 * iii) inode information stored from path_lookup.
33 * 3) Ability to disable syscall auditing at boot time (audit=0). 33 * 3) Ability to disable syscall auditing at boot time (audit=0).
34 * 4) Usable by other parts of the kernel (if audit_log* is called, 34 * 4) Usable by other parts of the kernel (if audit_log* is called,
35 * then a syscall record will be generated automatically for the 35 * then a syscall record will be generated automatically for the
36 * current syscall). 36 * current syscall).
37 * 5) Netlink interface to user-space. 37 * 5) Netlink interface to user-space.
38 * 6) Support low-overhead kernel-based filtering to minimize the 38 * 6) Support low-overhead kernel-based filtering to minimize the
39 * information that must be passed to user-space. 39 * information that must be passed to user-space.
40 * 40 *
41 * Example user-space utilities: http://people.redhat.com/sgrubb/audit/ 41 * Example user-space utilities: http://people.redhat.com/sgrubb/audit/
42 */ 42 */
43 43
44 #include <linux/init.h> 44 #include <linux/init.h>
45 #include <asm/atomic.h> 45 #include <asm/atomic.h>
46 #include <asm/types.h> 46 #include <asm/types.h>
47 #include <linux/mm.h> 47 #include <linux/mm.h>
48 #include <linux/module.h> 48 #include <linux/module.h>
49 49
50 #include <linux/audit.h> 50 #include <linux/audit.h>
51 51
52 #include <net/sock.h> 52 #include <net/sock.h>
53 #include <linux/skbuff.h> 53 #include <linux/skbuff.h>
54 #include <linux/netlink.h> 54 #include <linux/netlink.h>
55 55
56 /* No auditing will take place until audit_initialized != 0. 56 /* No auditing will take place until audit_initialized != 0.
57 * (Initialization happens after skb_init is called.) */ 57 * (Initialization happens after skb_init is called.) */
58 static int audit_initialized; 58 static int audit_initialized;
59 59
60 /* No syscall auditing will take place unless audit_enabled != 0. */ 60 /* No syscall auditing will take place unless audit_enabled != 0. */
61 int audit_enabled; 61 int audit_enabled;
62 62
63 /* Default state when kernel boots without any parameters. */ 63 /* Default state when kernel boots without any parameters. */
64 static int audit_default; 64 static int audit_default;
65 65
66 /* If auditing cannot proceed, audit_failure selects what happens. */ 66 /* If auditing cannot proceed, audit_failure selects what happens. */
67 static int audit_failure = AUDIT_FAIL_PRINTK; 67 static int audit_failure = AUDIT_FAIL_PRINTK;
68 68
69 /* If audit records are to be written to the netlink socket, audit_pid 69 /* If audit records are to be written to the netlink socket, audit_pid
70 * contains the (non-zero) pid. */ 70 * contains the (non-zero) pid. */
71 static int audit_pid; 71 static int audit_pid;
72 72
73 /* If audit_limit is non-zero, limit the rate of sending audit records 73 /* If audit_limit is non-zero, limit the rate of sending audit records
74 * to that number per second. This prevents DoS attacks, but results in 74 * to that number per second. This prevents DoS attacks, but results in
75 * audit records being dropped. */ 75 * audit records being dropped. */
76 static int audit_rate_limit; 76 static int audit_rate_limit;
77 77
78 /* Number of outstanding audit_buffers allowed. */ 78 /* Number of outstanding audit_buffers allowed. */
79 static int audit_backlog_limit = 64; 79 static int audit_backlog_limit = 64;
80 static atomic_t audit_backlog = ATOMIC_INIT(0); 80 static atomic_t audit_backlog = ATOMIC_INIT(0);
81 81
82 /* Records can be lost in several ways: 82 /* Records can be lost in several ways:
83 0) [suppressed in audit_alloc] 83 0) [suppressed in audit_alloc]
84 1) out of memory in audit_log_start [kmalloc of struct audit_buffer] 84 1) out of memory in audit_log_start [kmalloc of struct audit_buffer]
85 2) out of memory in audit_log_move [alloc_skb] 85 2) out of memory in audit_log_move [alloc_skb]
86 3) suppressed due to audit_rate_limit 86 3) suppressed due to audit_rate_limit
87 4) suppressed due to audit_backlog_limit 87 4) suppressed due to audit_backlog_limit
88 */ 88 */
89 static atomic_t audit_lost = ATOMIC_INIT(0); 89 static atomic_t audit_lost = ATOMIC_INIT(0);
90 90
91 /* The netlink socket. */ 91 /* The netlink socket. */
92 static struct sock *audit_sock; 92 static struct sock *audit_sock;
93 93
94 /* There are two lists of audit buffers. The txlist contains audit 94 /* There are two lists of audit buffers. The txlist contains audit
95 * buffers that cannot be sent immediately to the netlink device because 95 * buffers that cannot be sent immediately to the netlink device because
96 * we are in an irq context (these are sent later in a tasklet). 96 * we are in an irq context (these are sent later in a tasklet).
97 * 97 *
98 * The second list is a list of pre-allocated audit buffers (if more 98 * The second list is a list of pre-allocated audit buffers (if more
99 * than AUDIT_MAXFREE are in use, the audit buffer is freed instead of 99 * than AUDIT_MAXFREE are in use, the audit buffer is freed instead of
100 * being placed on the freelist). */ 100 * being placed on the freelist). */
101 static DEFINE_SPINLOCK(audit_txlist_lock); 101 static DEFINE_SPINLOCK(audit_txlist_lock);
102 static DEFINE_SPINLOCK(audit_freelist_lock); 102 static DEFINE_SPINLOCK(audit_freelist_lock);
103 static int audit_freelist_count = 0; 103 static int audit_freelist_count = 0;
104 static LIST_HEAD(audit_txlist); 104 static LIST_HEAD(audit_txlist);
105 static LIST_HEAD(audit_freelist); 105 static LIST_HEAD(audit_freelist);
106 106
107 /* There are three lists of rules -- one to search at task creation 107 /* There are three lists of rules -- one to search at task creation
108 * time, one to search at syscall entry time, and another to search at 108 * time, one to search at syscall entry time, and another to search at
109 * syscall exit time. */ 109 * syscall exit time. */
110 static LIST_HEAD(audit_tsklist); 110 static LIST_HEAD(audit_tsklist);
111 static LIST_HEAD(audit_entlist); 111 static LIST_HEAD(audit_entlist);
112 static LIST_HEAD(audit_extlist); 112 static LIST_HEAD(audit_extlist);
113 113
114 /* The netlink socket is only to be read by 1 CPU, which lets us assume 114 /* The netlink socket is only to be read by 1 CPU, which lets us assume
115 * that list additions and deletions never happen simultaneiously in 115 * that list additions and deletions never happen simultaneiously in
116 * auditsc.c */ 116 * auditsc.c */
117 static DECLARE_MUTEX(audit_netlink_sem); 117 static DECLARE_MUTEX(audit_netlink_sem);
118 118
119 /* AUDIT_BUFSIZ is the size of the temporary buffer used for formatting 119 /* AUDIT_BUFSIZ is the size of the temporary buffer used for formatting
120 * audit records. Since printk uses a 1024 byte buffer, this buffer 120 * audit records. Since printk uses a 1024 byte buffer, this buffer
121 * should be at least that large. */ 121 * should be at least that large. */
122 #define AUDIT_BUFSIZ 1024 122 #define AUDIT_BUFSIZ 1024
123 123
124 /* AUDIT_MAXFREE is the number of empty audit_buffers we keep on the 124 /* AUDIT_MAXFREE is the number of empty audit_buffers we keep on the
125 * audit_freelist. Doing so eliminates many kmalloc/kfree calls. */ 125 * audit_freelist. Doing so eliminates many kmalloc/kfree calls. */
126 #define AUDIT_MAXFREE (2*NR_CPUS) 126 #define AUDIT_MAXFREE (2*NR_CPUS)
127 127
128 /* The audit_buffer is used when formatting an audit record. The caller 128 /* The audit_buffer is used when formatting an audit record. The caller
129 * locks briefly to get the record off the freelist or to allocate the 129 * locks briefly to get the record off the freelist or to allocate the
130 * buffer, and locks briefly to send the buffer to the netlink layer or 130 * buffer, and locks briefly to send the buffer to the netlink layer or
131 * to place it on a transmit queue. Multiple audit_buffers can be in 131 * to place it on a transmit queue. Multiple audit_buffers can be in
132 * use simultaneously. */ 132 * use simultaneously. */
133 struct audit_buffer { 133 struct audit_buffer {
134 struct list_head list; 134 struct list_head list;
135 struct sk_buff_head sklist; /* formatted skbs ready to send */ 135 struct sk_buff_head sklist; /* formatted skbs ready to send */
136 struct audit_context *ctx; /* NULL or associated context */ 136 struct audit_context *ctx; /* NULL or associated context */
137 int len; /* used area of tmp */ 137 int len; /* used area of tmp */
138 char tmp[AUDIT_BUFSIZ]; 138 char tmp[AUDIT_BUFSIZ];
139 139
140 /* Pointer to header and contents */ 140 /* Pointer to header and contents */
141 struct nlmsghdr *nlh; 141 struct nlmsghdr *nlh;
142 int total; 142 int total;
143 int type; 143 int type;
144 int pid; 144 int pid;
145 }; 145 };
146 146
147 void audit_set_type(struct audit_buffer *ab, int type) 147 void audit_set_type(struct audit_buffer *ab, int type)
148 { 148 {
149 ab->type = type; 149 ab->type = type;
150 } 150 }
151 151
152 struct audit_entry { 152 struct audit_entry {
153 struct list_head list; 153 struct list_head list;
154 struct audit_rule rule; 154 struct audit_rule rule;
155 }; 155 };
156 156
157 static void audit_log_end_irq(struct audit_buffer *ab); 157 static void audit_log_end_irq(struct audit_buffer *ab);
158 static void audit_log_end_fast(struct audit_buffer *ab); 158 static void audit_log_end_fast(struct audit_buffer *ab);
159 159
160 static void audit_panic(const char *message) 160 static void audit_panic(const char *message)
161 { 161 {
162 switch (audit_failure) 162 switch (audit_failure)
163 { 163 {
164 case AUDIT_FAIL_SILENT: 164 case AUDIT_FAIL_SILENT:
165 break; 165 break;
166 case AUDIT_FAIL_PRINTK: 166 case AUDIT_FAIL_PRINTK:
167 printk(KERN_ERR "audit: %s\n", message); 167 printk(KERN_ERR "audit: %s\n", message);
168 break; 168 break;
169 case AUDIT_FAIL_PANIC: 169 case AUDIT_FAIL_PANIC:
170 panic("audit: %s\n", message); 170 panic("audit: %s\n", message);
171 break; 171 break;
172 } 172 }
173 } 173 }
174 174
175 static inline int audit_rate_check(void) 175 static inline int audit_rate_check(void)
176 { 176 {
177 static unsigned long last_check = 0; 177 static unsigned long last_check = 0;
178 static int messages = 0; 178 static int messages = 0;
179 static DEFINE_SPINLOCK(lock); 179 static DEFINE_SPINLOCK(lock);
180 unsigned long flags; 180 unsigned long flags;
181 unsigned long now; 181 unsigned long now;
182 unsigned long elapsed; 182 unsigned long elapsed;
183 int retval = 0; 183 int retval = 0;
184 184
185 if (!audit_rate_limit) return 1; 185 if (!audit_rate_limit) return 1;
186 186
187 spin_lock_irqsave(&lock, flags); 187 spin_lock_irqsave(&lock, flags);
188 if (++messages < audit_rate_limit) { 188 if (++messages < audit_rate_limit) {
189 retval = 1; 189 retval = 1;
190 } else { 190 } else {
191 now = jiffies; 191 now = jiffies;
192 elapsed = now - last_check; 192 elapsed = now - last_check;
193 if (elapsed > HZ) { 193 if (elapsed > HZ) {
194 last_check = now; 194 last_check = now;
195 messages = 0; 195 messages = 0;
196 retval = 1; 196 retval = 1;
197 } 197 }
198 } 198 }
199 spin_unlock_irqrestore(&lock, flags); 199 spin_unlock_irqrestore(&lock, flags);
200 200
201 return retval; 201 return retval;
202 } 202 }
203 203
204 /* Emit at least 1 message per second, even if audit_rate_check is 204 /* Emit at least 1 message per second, even if audit_rate_check is
205 * throttling. */ 205 * throttling. */
206 void audit_log_lost(const char *message) 206 void audit_log_lost(const char *message)
207 { 207 {
208 static unsigned long last_msg = 0; 208 static unsigned long last_msg = 0;
209 static DEFINE_SPINLOCK(lock); 209 static DEFINE_SPINLOCK(lock);
210 unsigned long flags; 210 unsigned long flags;
211 unsigned long now; 211 unsigned long now;
212 int print; 212 int print;
213 213
214 atomic_inc(&audit_lost); 214 atomic_inc(&audit_lost);
215 215
216 print = (audit_failure == AUDIT_FAIL_PANIC || !audit_rate_limit); 216 print = (audit_failure == AUDIT_FAIL_PANIC || !audit_rate_limit);
217 217
218 if (!print) { 218 if (!print) {
219 spin_lock_irqsave(&lock, flags); 219 spin_lock_irqsave(&lock, flags);
220 now = jiffies; 220 now = jiffies;
221 if (now - last_msg > HZ) { 221 if (now - last_msg > HZ) {
222 print = 1; 222 print = 1;
223 last_msg = now; 223 last_msg = now;
224 } 224 }
225 spin_unlock_irqrestore(&lock, flags); 225 spin_unlock_irqrestore(&lock, flags);
226 } 226 }
227 227
228 if (print) { 228 if (print) {
229 printk(KERN_WARNING 229 printk(KERN_WARNING
230 "audit: audit_lost=%d audit_backlog=%d" 230 "audit: audit_lost=%d audit_backlog=%d"
231 " audit_rate_limit=%d audit_backlog_limit=%d\n", 231 " audit_rate_limit=%d audit_backlog_limit=%d\n",
232 atomic_read(&audit_lost), 232 atomic_read(&audit_lost),
233 atomic_read(&audit_backlog), 233 atomic_read(&audit_backlog),
234 audit_rate_limit, 234 audit_rate_limit,
235 audit_backlog_limit); 235 audit_backlog_limit);
236 audit_panic(message); 236 audit_panic(message);
237 } 237 }
238 238
239 } 239 }
240 240
241 static int audit_set_rate_limit(int limit, uid_t loginuid) 241 static int audit_set_rate_limit(int limit, uid_t loginuid)
242 { 242 {
243 int old = audit_rate_limit; 243 int old = audit_rate_limit;
244 audit_rate_limit = limit; 244 audit_rate_limit = limit;
245 audit_log(NULL, "audit_rate_limit=%d old=%d by auid %u", 245 audit_log(NULL, "audit_rate_limit=%d old=%d by auid %u",
246 audit_rate_limit, old, loginuid); 246 audit_rate_limit, old, loginuid);
247 return old; 247 return old;
248 } 248 }
249 249
250 static int audit_set_backlog_limit(int limit, uid_t loginuid) 250 static int audit_set_backlog_limit(int limit, uid_t loginuid)
251 { 251 {
252 int old = audit_backlog_limit; 252 int old = audit_backlog_limit;
253 audit_backlog_limit = limit; 253 audit_backlog_limit = limit;
254 audit_log(NULL, "audit_backlog_limit=%d old=%d by auid %u", 254 audit_log(NULL, "audit_backlog_limit=%d old=%d by auid %u",
255 audit_backlog_limit, old, loginuid); 255 audit_backlog_limit, old, loginuid);
256 return old; 256 return old;
257 } 257 }
258 258
259 static int audit_set_enabled(int state, uid_t loginuid) 259 static int audit_set_enabled(int state, uid_t loginuid)
260 { 260 {
261 int old = audit_enabled; 261 int old = audit_enabled;
262 if (state != 0 && state != 1) 262 if (state != 0 && state != 1)
263 return -EINVAL; 263 return -EINVAL;
264 audit_enabled = state; 264 audit_enabled = state;
265 audit_log(NULL, "audit_enabled=%d old=%d by auid %u", 265 audit_log(NULL, "audit_enabled=%d old=%d by auid %u",
266 audit_enabled, old, loginuid); 266 audit_enabled, old, loginuid);
267 return old; 267 return old;
268 } 268 }
269 269
270 static int audit_set_failure(int state, uid_t loginuid) 270 static int audit_set_failure(int state, uid_t loginuid)
271 { 271 {
272 int old = audit_failure; 272 int old = audit_failure;
273 if (state != AUDIT_FAIL_SILENT 273 if (state != AUDIT_FAIL_SILENT
274 && state != AUDIT_FAIL_PRINTK 274 && state != AUDIT_FAIL_PRINTK
275 && state != AUDIT_FAIL_PANIC) 275 && state != AUDIT_FAIL_PANIC)
276 return -EINVAL; 276 return -EINVAL;
277 audit_failure = state; 277 audit_failure = state;
278 audit_log(NULL, "audit_failure=%d old=%d by auid %u", 278 audit_log(NULL, "audit_failure=%d old=%d by auid %u",
279 audit_failure, old, loginuid); 279 audit_failure, old, loginuid);
280 return old; 280 return old;
281 } 281 }
282 282
283 #ifdef CONFIG_NET 283 #ifdef CONFIG_NET
284 void audit_send_reply(int pid, int seq, int type, int done, int multi, 284 void audit_send_reply(int pid, int seq, int type, int done, int multi,
285 void *payload, int size) 285 void *payload, int size)
286 { 286 {
287 struct sk_buff *skb; 287 struct sk_buff *skb;
288 struct nlmsghdr *nlh; 288 struct nlmsghdr *nlh;
289 int len = NLMSG_SPACE(size); 289 int len = NLMSG_SPACE(size);
290 void *data; 290 void *data;
291 int flags = multi ? NLM_F_MULTI : 0; 291 int flags = multi ? NLM_F_MULTI : 0;
292 int t = done ? NLMSG_DONE : type; 292 int t = done ? NLMSG_DONE : type;
293 293
294 skb = alloc_skb(len, GFP_KERNEL); 294 skb = alloc_skb(len, GFP_KERNEL);
295 if (!skb) 295 if (!skb)
296 goto nlmsg_failure; 296 goto nlmsg_failure;
297 297
298 nlh = NLMSG_PUT(skb, pid, seq, t, len - sizeof(*nlh)); 298 nlh = NLMSG_PUT(skb, pid, seq, t, len - sizeof(*nlh));
299 nlh->nlmsg_flags = flags; 299 nlh->nlmsg_flags = flags;
300 data = NLMSG_DATA(nlh); 300 data = NLMSG_DATA(nlh);
301 memcpy(data, payload, size); 301 memcpy(data, payload, size);
302 netlink_unicast(audit_sock, skb, pid, MSG_DONTWAIT); 302 netlink_unicast(audit_sock, skb, pid, MSG_DONTWAIT);
303 return; 303 return;
304 304
305 nlmsg_failure: /* Used by NLMSG_PUT */ 305 nlmsg_failure: /* Used by NLMSG_PUT */
306 if (skb) 306 if (skb)
307 kfree_skb(skb); 307 kfree_skb(skb);
308 } 308 }
309 309
310 /* 310 /*
311 * Check for appropriate CAP_AUDIT_ capabilities on incoming audit 311 * Check for appropriate CAP_AUDIT_ capabilities on incoming audit
312 * control messages. 312 * control messages.
313 */ 313 */
314 static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type) 314 static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type)
315 { 315 {
316 int err = 0; 316 int err = 0;
317 317
318 switch (msg_type) { 318 switch (msg_type) {
319 case AUDIT_GET: 319 case AUDIT_GET:
320 case AUDIT_LIST: 320 case AUDIT_LIST:
321 case AUDIT_SET: 321 case AUDIT_SET:
322 case AUDIT_ADD: 322 case AUDIT_ADD:
323 case AUDIT_DEL: 323 case AUDIT_DEL:
324 if (!cap_raised(eff_cap, CAP_AUDIT_CONTROL)) 324 if (!cap_raised(eff_cap, CAP_AUDIT_CONTROL))
325 err = -EPERM; 325 err = -EPERM;
326 break; 326 break;
327 case AUDIT_USER: 327 case AUDIT_USER:
328 if (!cap_raised(eff_cap, CAP_AUDIT_WRITE)) 328 if (!cap_raised(eff_cap, CAP_AUDIT_WRITE))
329 err = -EPERM; 329 err = -EPERM;
330 break; 330 break;
331 default: /* bad msg */ 331 default: /* bad msg */
332 err = -EINVAL; 332 err = -EINVAL;
333 } 333 }
334 334
335 return err; 335 return err;
336 } 336 }
337 337
338 static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) 338 static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
339 { 339 {
340 u32 uid, pid, seq; 340 u32 uid, pid, seq;
341 void *data; 341 void *data;
342 struct audit_status *status_get, status_set; 342 struct audit_status *status_get, status_set;
343 int err; 343 int err;
344 struct audit_buffer *ab; 344 struct audit_buffer *ab;
345 u16 msg_type = nlh->nlmsg_type; 345 u16 msg_type = nlh->nlmsg_type;
346 uid_t loginuid; /* loginuid of sender */ 346 uid_t loginuid; /* loginuid of sender */
347 347
348 err = audit_netlink_ok(NETLINK_CB(skb).eff_cap, msg_type); 348 err = audit_netlink_ok(NETLINK_CB(skb).eff_cap, msg_type);
349 if (err) 349 if (err)
350 return err; 350 return err;
351 351
352 pid = NETLINK_CREDS(skb)->pid; 352 pid = NETLINK_CREDS(skb)->pid;
353 uid = NETLINK_CREDS(skb)->uid; 353 uid = NETLINK_CREDS(skb)->uid;
354 loginuid = NETLINK_CB(skb).loginuid; 354 loginuid = NETLINK_CB(skb).loginuid;
355 seq = nlh->nlmsg_seq; 355 seq = nlh->nlmsg_seq;
356 data = NLMSG_DATA(nlh); 356 data = NLMSG_DATA(nlh);
357 357
358 switch (msg_type) { 358 switch (msg_type) {
359 case AUDIT_GET: 359 case AUDIT_GET:
360 status_set.enabled = audit_enabled; 360 status_set.enabled = audit_enabled;
361 status_set.failure = audit_failure; 361 status_set.failure = audit_failure;
362 status_set.pid = audit_pid; 362 status_set.pid = audit_pid;
363 status_set.rate_limit = audit_rate_limit; 363 status_set.rate_limit = audit_rate_limit;
364 status_set.backlog_limit = audit_backlog_limit; 364 status_set.backlog_limit = audit_backlog_limit;
365 status_set.lost = atomic_read(&audit_lost); 365 status_set.lost = atomic_read(&audit_lost);
366 status_set.backlog = atomic_read(&audit_backlog); 366 status_set.backlog = atomic_read(&audit_backlog);
367 audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_GET, 0, 0, 367 audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_GET, 0, 0,
368 &status_set, sizeof(status_set)); 368 &status_set, sizeof(status_set));
369 break; 369 break;
370 case AUDIT_SET: 370 case AUDIT_SET:
371 if (nlh->nlmsg_len < sizeof(struct audit_status)) 371 if (nlh->nlmsg_len < sizeof(struct audit_status))
372 return -EINVAL; 372 return -EINVAL;
373 status_get = (struct audit_status *)data; 373 status_get = (struct audit_status *)data;
374 if (status_get->mask & AUDIT_STATUS_ENABLED) { 374 if (status_get->mask & AUDIT_STATUS_ENABLED) {
375 err = audit_set_enabled(status_get->enabled, loginuid); 375 err = audit_set_enabled(status_get->enabled, loginuid);
376 if (err < 0) return err; 376 if (err < 0) return err;
377 } 377 }
378 if (status_get->mask & AUDIT_STATUS_FAILURE) { 378 if (status_get->mask & AUDIT_STATUS_FAILURE) {
379 err = audit_set_failure(status_get->failure, loginuid); 379 err = audit_set_failure(status_get->failure, loginuid);
380 if (err < 0) return err; 380 if (err < 0) return err;
381 } 381 }
382 if (status_get->mask & AUDIT_STATUS_PID) { 382 if (status_get->mask & AUDIT_STATUS_PID) {
383 int old = audit_pid; 383 int old = audit_pid;
384 audit_pid = status_get->pid; 384 audit_pid = status_get->pid;
385 audit_log(NULL, "audit_pid=%d old=%d by auid %u", 385 audit_log(NULL, "audit_pid=%d old=%d by auid %u",
386 audit_pid, old, loginuid); 386 audit_pid, old, loginuid);
387 } 387 }
388 if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) 388 if (status_get->mask & AUDIT_STATUS_RATE_LIMIT)
389 audit_set_rate_limit(status_get->rate_limit, loginuid); 389 audit_set_rate_limit(status_get->rate_limit, loginuid);
390 if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT) 390 if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT)
391 audit_set_backlog_limit(status_get->backlog_limit, 391 audit_set_backlog_limit(status_get->backlog_limit,
392 loginuid); 392 loginuid);
393 break; 393 break;
394 case AUDIT_USER: 394 case AUDIT_USER:
395 ab = audit_log_start(NULL); 395 ab = audit_log_start(NULL);
396 if (!ab) 396 if (!ab)
397 break; /* audit_panic has been called */ 397 break; /* audit_panic has been called */
398 audit_log_format(ab, 398 audit_log_format(ab,
399 "user pid=%d uid=%d length=%d loginuid=%u" 399 "user pid=%d uid=%d length=%d loginuid=%u"
400 " msg='%.1024s'", 400 " msg='%.1024s'",
401 pid, uid, 401 pid, uid,
402 (int)(nlh->nlmsg_len 402 (int)(nlh->nlmsg_len
403 - ((char *)data - (char *)nlh)), 403 - ((char *)data - (char *)nlh)),
404 loginuid, (char *)data); 404 loginuid, (char *)data);
405 ab->type = AUDIT_USER; 405 ab->type = AUDIT_USER;
406 ab->pid = pid; 406 ab->pid = pid;
407 audit_log_end(ab); 407 audit_log_end(ab);
408 break; 408 break;
409 case AUDIT_ADD: 409 case AUDIT_ADD:
410 case AUDIT_DEL: 410 case AUDIT_DEL:
411 if (nlh->nlmsg_len < sizeof(struct audit_rule)) 411 if (nlh->nlmsg_len < sizeof(struct audit_rule))
412 return -EINVAL; 412 return -EINVAL;
413 /* fallthrough */ 413 /* fallthrough */
414 case AUDIT_LIST: 414 case AUDIT_LIST:
415 #ifdef CONFIG_AUDITSYSCALL 415 #ifdef CONFIG_AUDITSYSCALL
416 err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, 416 err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
417 uid, seq, data, loginuid); 417 uid, seq, data, loginuid);
418 #else 418 #else
419 err = -EOPNOTSUPP; 419 err = -EOPNOTSUPP;
420 #endif 420 #endif
421 break; 421 break;
422 default: 422 default:
423 err = -EINVAL; 423 err = -EINVAL;
424 break; 424 break;
425 } 425 }
426 426
427 return err < 0 ? err : 0; 427 return err < 0 ? err : 0;
428 } 428 }
429 429
430 /* Get message from skb (based on rtnetlink_rcv_skb). Each message is 430 /* Get message from skb (based on rtnetlink_rcv_skb). Each message is
431 * processed by audit_receive_msg. Malformed skbs with wrong length are 431 * processed by audit_receive_msg. Malformed skbs with wrong length are
432 * discarded silently. */ 432 * discarded silently. */
433 static int audit_receive_skb(struct sk_buff *skb) 433 static int audit_receive_skb(struct sk_buff *skb)
434 { 434 {
435 int err; 435 int err;
436 struct nlmsghdr *nlh; 436 struct nlmsghdr *nlh;
437 u32 rlen; 437 u32 rlen;
438 438
439 while (skb->len >= NLMSG_SPACE(0)) { 439 while (skb->len >= NLMSG_SPACE(0)) {
440 nlh = (struct nlmsghdr *)skb->data; 440 nlh = (struct nlmsghdr *)skb->data;
441 if (nlh->nlmsg_len < sizeof(*nlh) || skb->len < nlh->nlmsg_len) 441 if (nlh->nlmsg_len < sizeof(*nlh) || skb->len < nlh->nlmsg_len)
442 return 0; 442 return 0;
443 rlen = NLMSG_ALIGN(nlh->nlmsg_len); 443 rlen = NLMSG_ALIGN(nlh->nlmsg_len);
444 if (rlen > skb->len) 444 if (rlen > skb->len)
445 rlen = skb->len; 445 rlen = skb->len;
446 if ((err = audit_receive_msg(skb, nlh))) { 446 if ((err = audit_receive_msg(skb, nlh))) {
447 netlink_ack(skb, nlh, err); 447 netlink_ack(skb, nlh, err);
448 } else if (nlh->nlmsg_flags & NLM_F_ACK) 448 } else if (nlh->nlmsg_flags & NLM_F_ACK)
449 netlink_ack(skb, nlh, 0); 449 netlink_ack(skb, nlh, 0);
450 skb_pull(skb, rlen); 450 skb_pull(skb, rlen);
451 } 451 }
452 return 0; 452 return 0;
453 } 453 }
454 454
455 /* Receive messages from netlink socket. */ 455 /* Receive messages from netlink socket. */
456 static void audit_receive(struct sock *sk, int length) 456 static void audit_receive(struct sock *sk, int length)
457 { 457 {
458 struct sk_buff *skb; 458 struct sk_buff *skb;
459 459
460 if (down_trylock(&audit_netlink_sem)) 460 if (down_trylock(&audit_netlink_sem))
461 return; 461 return;
462 462
463 /* FIXME: this must not cause starvation */ 463 /* FIXME: this must not cause starvation */
464 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 464 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
465 if (audit_receive_skb(skb) && skb->len) 465 if (audit_receive_skb(skb) && skb->len)
466 skb_queue_head(&sk->sk_receive_queue, skb); 466 skb_queue_head(&sk->sk_receive_queue, skb);
467 else 467 else
468 kfree_skb(skb); 468 kfree_skb(skb);
469 } 469 }
470 up(&audit_netlink_sem); 470 up(&audit_netlink_sem);
471 } 471 }
472 472
473 /* Move data from tmp buffer into an skb. This is an extra copy, and 473 /* Move data from tmp buffer into an skb. This is an extra copy, and
474 * that is unfortunate. However, the copy will only occur when a record 474 * that is unfortunate. However, the copy will only occur when a record
475 * is being written to user space, which is already a high-overhead 475 * is being written to user space, which is already a high-overhead
476 * operation. (Elimination of the copy is possible, for example, by 476 * operation. (Elimination of the copy is possible, for example, by
477 * writing directly into a pre-allocated skb, at the cost of wasting 477 * writing directly into a pre-allocated skb, at the cost of wasting
478 * memory. */ 478 * memory. */
479 static void audit_log_move(struct audit_buffer *ab) 479 static void audit_log_move(struct audit_buffer *ab)
480 { 480 {
481 struct sk_buff *skb; 481 struct sk_buff *skb;
482 char *start; 482 char *start;
483 int extra = ab->nlh ? 0 : NLMSG_SPACE(0); 483 int extra = ab->nlh ? 0 : NLMSG_SPACE(0);
484 484
485 /* possible resubmission */ 485 /* possible resubmission */
486 if (ab->len == 0) 486 if (ab->len == 0)
487 return; 487 return;
488 488
489 skb = skb_peek(&ab->sklist); 489 skb = skb_peek_tail(&ab->sklist);
490 if (!skb || skb_tailroom(skb) <= ab->len + extra) { 490 if (!skb || skb_tailroom(skb) <= ab->len + extra) {
491 skb = alloc_skb(2 * ab->len + extra, GFP_ATOMIC); 491 skb = alloc_skb(2 * ab->len + extra, GFP_ATOMIC);
492 if (!skb) { 492 if (!skb) {
493 ab->len = 0; /* Lose information in ab->tmp */ 493 ab->len = 0; /* Lose information in ab->tmp */
494 audit_log_lost("out of memory in audit_log_move"); 494 audit_log_lost("out of memory in audit_log_move");
495 return; 495 return;
496 } 496 }
497 __skb_queue_tail(&ab->sklist, skb); 497 __skb_queue_tail(&ab->sklist, skb);
498 if (!ab->nlh) 498 if (!ab->nlh)
499 ab->nlh = (struct nlmsghdr *)skb_put(skb, 499 ab->nlh = (struct nlmsghdr *)skb_put(skb,
500 NLMSG_SPACE(0)); 500 NLMSG_SPACE(0));
501 } 501 }
502 start = skb_put(skb, ab->len); 502 start = skb_put(skb, ab->len);
503 memcpy(start, ab->tmp, ab->len); 503 memcpy(start, ab->tmp, ab->len);
504 ab->len = 0; 504 ab->len = 0;
505 } 505 }
506 506
507 /* Iterate over the skbuff in the audit_buffer, sending their contents 507 /* Iterate over the skbuff in the audit_buffer, sending their contents
508 * to user space. */ 508 * to user space. */
509 static inline int audit_log_drain(struct audit_buffer *ab) 509 static inline int audit_log_drain(struct audit_buffer *ab)
510 { 510 {
511 struct sk_buff *skb; 511 struct sk_buff *skb;
512 512
513 while ((skb = skb_dequeue(&ab->sklist))) { 513 while ((skb = skb_dequeue(&ab->sklist))) {
514 int retval = 0; 514 int retval = 0;
515 515
516 if (audit_pid) { 516 if (audit_pid) {
517 if (ab->nlh) { 517 if (ab->nlh) {
518 ab->nlh->nlmsg_len = ab->total; 518 ab->nlh->nlmsg_len = ab->total;
519 ab->nlh->nlmsg_type = ab->type; 519 ab->nlh->nlmsg_type = ab->type;
520 ab->nlh->nlmsg_flags = 0; 520 ab->nlh->nlmsg_flags = 0;
521 ab->nlh->nlmsg_seq = 0; 521 ab->nlh->nlmsg_seq = 0;
522 ab->nlh->nlmsg_pid = ab->pid; 522 ab->nlh->nlmsg_pid = ab->pid;
523 } 523 }
524 skb_get(skb); /* because netlink_* frees */ 524 skb_get(skb); /* because netlink_* frees */
525 retval = netlink_unicast(audit_sock, skb, audit_pid, 525 retval = netlink_unicast(audit_sock, skb, audit_pid,
526 MSG_DONTWAIT); 526 MSG_DONTWAIT);
527 } 527 }
528 if (retval == -EAGAIN && 528 if (retval == -EAGAIN &&
529 (atomic_read(&audit_backlog)) < audit_backlog_limit) { 529 (atomic_read(&audit_backlog)) < audit_backlog_limit) {
530 skb_queue_head(&ab->sklist, skb); 530 skb_queue_head(&ab->sklist, skb);
531 audit_log_end_irq(ab); 531 audit_log_end_irq(ab);
532 return 1; 532 return 1;
533 } 533 }
534 if (retval < 0) { 534 if (retval < 0) {
535 if (retval == -ECONNREFUSED) { 535 if (retval == -ECONNREFUSED) {
536 printk(KERN_ERR 536 printk(KERN_ERR
537 "audit: *NO* daemon at audit_pid=%d\n", 537 "audit: *NO* daemon at audit_pid=%d\n",
538 audit_pid); 538 audit_pid);
539 audit_pid = 0; 539 audit_pid = 0;
540 } else 540 } else
541 audit_log_lost("netlink socket too busy"); 541 audit_log_lost("netlink socket too busy");
542 } 542 }
543 if (!audit_pid) { /* No daemon */ 543 if (!audit_pid) { /* No daemon */
544 int offset = ab->nlh ? NLMSG_SPACE(0) : 0; 544 int offset = ab->nlh ? NLMSG_SPACE(0) : 0;
545 int len = skb->len - offset; 545 int len = skb->len - offset;
546 skb->data[offset + len] = '\0'; 546 skb->data[offset + len] = '\0';
547 printk(KERN_ERR "%s\n", skb->data + offset); 547 printk(KERN_ERR "%s\n", skb->data + offset);
548 } 548 }
549 kfree_skb(skb); 549 kfree_skb(skb);
550 ab->nlh = NULL; 550 ab->nlh = NULL;
551 } 551 }
552 return 0; 552 return 0;
553 } 553 }
554 554
555 /* Initialize audit support at boot time. */ 555 /* Initialize audit support at boot time. */
556 static int __init audit_init(void) 556 static int __init audit_init(void)
557 { 557 {
558 printk(KERN_INFO "audit: initializing netlink socket (%s)\n", 558 printk(KERN_INFO "audit: initializing netlink socket (%s)\n",
559 audit_default ? "enabled" : "disabled"); 559 audit_default ? "enabled" : "disabled");
560 audit_sock = netlink_kernel_create(NETLINK_AUDIT, audit_receive); 560 audit_sock = netlink_kernel_create(NETLINK_AUDIT, audit_receive);
561 if (!audit_sock) 561 if (!audit_sock)
562 audit_panic("cannot initialize netlink socket"); 562 audit_panic("cannot initialize netlink socket");
563 563
564 audit_initialized = 1; 564 audit_initialized = 1;
565 audit_enabled = audit_default; 565 audit_enabled = audit_default;
566 audit_log(NULL, "initialized"); 566 audit_log(NULL, "initialized");
567 return 0; 567 return 0;
568 } 568 }
569 569
570 #else 570 #else
571 /* Without CONFIG_NET, we have no skbuffs. For now, print what we have 571 /* Without CONFIG_NET, we have no skbuffs. For now, print what we have
572 * in the buffer. */ 572 * in the buffer. */
573 static void audit_log_move(struct audit_buffer *ab) 573 static void audit_log_move(struct audit_buffer *ab)
574 { 574 {
575 printk(KERN_ERR "%*.*s\n", ab->len, ab->len, ab->tmp); 575 printk(KERN_ERR "%*.*s\n", ab->len, ab->len, ab->tmp);
576 ab->len = 0; 576 ab->len = 0;
577 } 577 }
578 578
579 static inline int audit_log_drain(struct audit_buffer *ab) 579 static inline int audit_log_drain(struct audit_buffer *ab)
580 { 580 {
581 return 0; 581 return 0;
582 } 582 }
583 583
584 /* Initialize audit support at boot time. */ 584 /* Initialize audit support at boot time. */
585 int __init audit_init(void) 585 int __init audit_init(void)
586 { 586 {
587 printk(KERN_INFO "audit: initializing WITHOUT netlink support\n"); 587 printk(KERN_INFO "audit: initializing WITHOUT netlink support\n");
588 audit_sock = NULL; 588 audit_sock = NULL;
589 audit_pid = 0; 589 audit_pid = 0;
590 590
591 audit_initialized = 1; 591 audit_initialized = 1;
592 audit_enabled = audit_default; 592 audit_enabled = audit_default;
593 audit_log(NULL, "initialized"); 593 audit_log(NULL, "initialized");
594 return 0; 594 return 0;
595 } 595 }
596 #endif 596 #endif
597 597
598 __initcall(audit_init); 598 __initcall(audit_init);
599 599
600 /* Process kernel command-line parameter at boot time. audit=0 or audit=1. */ 600 /* Process kernel command-line parameter at boot time. audit=0 or audit=1. */
601 static int __init audit_enable(char *str) 601 static int __init audit_enable(char *str)
602 { 602 {
603 audit_default = !!simple_strtol(str, NULL, 0); 603 audit_default = !!simple_strtol(str, NULL, 0);
604 printk(KERN_INFO "audit: %s%s\n", 604 printk(KERN_INFO "audit: %s%s\n",
605 audit_default ? "enabled" : "disabled", 605 audit_default ? "enabled" : "disabled",
606 audit_initialized ? "" : " (after initialization)"); 606 audit_initialized ? "" : " (after initialization)");
607 if (audit_initialized) 607 if (audit_initialized)
608 audit_enabled = audit_default; 608 audit_enabled = audit_default;
609 return 0; 609 return 0;
610 } 610 }
611 611
612 __setup("audit=", audit_enable); 612 __setup("audit=", audit_enable);
613 613
614 614
615 /* Obtain an audit buffer. This routine does locking to obtain the 615 /* Obtain an audit buffer. This routine does locking to obtain the
616 * audit buffer, but then no locking is required for calls to 616 * audit buffer, but then no locking is required for calls to
617 * audit_log_*format. If the tsk is a task that is currently in a 617 * audit_log_*format. If the tsk is a task that is currently in a
618 * syscall, then the syscall is marked as auditable and an audit record 618 * syscall, then the syscall is marked as auditable and an audit record
619 * will be written at syscall exit. If there is no associated task, tsk 619 * will be written at syscall exit. If there is no associated task, tsk
620 * should be NULL. */ 620 * should be NULL. */
621 struct audit_buffer *audit_log_start(struct audit_context *ctx) 621 struct audit_buffer *audit_log_start(struct audit_context *ctx)
622 { 622 {
623 struct audit_buffer *ab = NULL; 623 struct audit_buffer *ab = NULL;
624 unsigned long flags; 624 unsigned long flags;
625 struct timespec t; 625 struct timespec t;
626 unsigned int serial; 626 unsigned int serial;
627 627
628 if (!audit_initialized) 628 if (!audit_initialized)
629 return NULL; 629 return NULL;
630 630
631 if (audit_backlog_limit 631 if (audit_backlog_limit
632 && atomic_read(&audit_backlog) > audit_backlog_limit) { 632 && atomic_read(&audit_backlog) > audit_backlog_limit) {
633 if (audit_rate_check()) 633 if (audit_rate_check())
634 printk(KERN_WARNING 634 printk(KERN_WARNING
635 "audit: audit_backlog=%d > " 635 "audit: audit_backlog=%d > "
636 "audit_backlog_limit=%d\n", 636 "audit_backlog_limit=%d\n",
637 atomic_read(&audit_backlog), 637 atomic_read(&audit_backlog),
638 audit_backlog_limit); 638 audit_backlog_limit);
639 audit_log_lost("backlog limit exceeded"); 639 audit_log_lost("backlog limit exceeded");
640 return NULL; 640 return NULL;
641 } 641 }
642 642
643 spin_lock_irqsave(&audit_freelist_lock, flags); 643 spin_lock_irqsave(&audit_freelist_lock, flags);
644 if (!list_empty(&audit_freelist)) { 644 if (!list_empty(&audit_freelist)) {
645 ab = list_entry(audit_freelist.next, 645 ab = list_entry(audit_freelist.next,
646 struct audit_buffer, list); 646 struct audit_buffer, list);
647 list_del(&ab->list); 647 list_del(&ab->list);
648 --audit_freelist_count; 648 --audit_freelist_count;
649 } 649 }
650 spin_unlock_irqrestore(&audit_freelist_lock, flags); 650 spin_unlock_irqrestore(&audit_freelist_lock, flags);
651 651
652 if (!ab) 652 if (!ab)
653 ab = kmalloc(sizeof(*ab), GFP_ATOMIC); 653 ab = kmalloc(sizeof(*ab), GFP_ATOMIC);
654 if (!ab) { 654 if (!ab) {
655 audit_log_lost("out of memory in audit_log_start"); 655 audit_log_lost("out of memory in audit_log_start");
656 return NULL; 656 return NULL;
657 } 657 }
658 658
659 atomic_inc(&audit_backlog); 659 atomic_inc(&audit_backlog);
660 skb_queue_head_init(&ab->sklist); 660 skb_queue_head_init(&ab->sklist);
661 661
662 ab->ctx = ctx; 662 ab->ctx = ctx;
663 ab->len = 0; 663 ab->len = 0;
664 ab->nlh = NULL; 664 ab->nlh = NULL;
665 ab->total = 0; 665 ab->total = 0;
666 ab->type = AUDIT_KERNEL; 666 ab->type = AUDIT_KERNEL;
667 ab->pid = 0; 667 ab->pid = 0;
668 668
669 #ifdef CONFIG_AUDITSYSCALL 669 #ifdef CONFIG_AUDITSYSCALL
670 if (ab->ctx) 670 if (ab->ctx)
671 audit_get_stamp(ab->ctx, &t, &serial); 671 audit_get_stamp(ab->ctx, &t, &serial);
672 else 672 else
673 #endif 673 #endif
674 { 674 {
675 t = CURRENT_TIME; 675 t = CURRENT_TIME;
676 serial = 0; 676 serial = 0;
677 } 677 }
678 audit_log_format(ab, "audit(%lu.%03lu:%u): ", 678 audit_log_format(ab, "audit(%lu.%03lu:%u): ",
679 t.tv_sec, t.tv_nsec/1000000, serial); 679 t.tv_sec, t.tv_nsec/1000000, serial);
680 return ab; 680 return ab;
681 } 681 }
682 682
683 683
684 /* Format an audit message into the audit buffer. If there isn't enough 684 /* Format an audit message into the audit buffer. If there isn't enough
685 * room in the audit buffer, more room will be allocated and vsnprint 685 * room in the audit buffer, more room will be allocated and vsnprint
686 * will be called a second time. Currently, we assume that a printk 686 * will be called a second time. Currently, we assume that a printk
687 * can't format message larger than 1024 bytes, so we don't either. */ 687 * can't format message larger than 1024 bytes, so we don't either. */
688 static void audit_log_vformat(struct audit_buffer *ab, const char *fmt, 688 static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
689 va_list args) 689 va_list args)
690 { 690 {
691 int len, avail; 691 int len, avail;
692 692
693 if (!ab) 693 if (!ab)
694 return; 694 return;
695 695
696 avail = sizeof(ab->tmp) - ab->len; 696 avail = sizeof(ab->tmp) - ab->len;
697 if (avail <= 0) { 697 if (avail <= 0) {
698 audit_log_move(ab); 698 audit_log_move(ab);
699 avail = sizeof(ab->tmp) - ab->len; 699 avail = sizeof(ab->tmp) - ab->len;
700 } 700 }
701 len = vsnprintf(ab->tmp + ab->len, avail, fmt, args); 701 len = vsnprintf(ab->tmp + ab->len, avail, fmt, args);
702 if (len >= avail) { 702 if (len >= avail) {
703 /* The printk buffer is 1024 bytes long, so if we get 703 /* The printk buffer is 1024 bytes long, so if we get
704 * here and AUDIT_BUFSIZ is at least 1024, then we can 704 * here and AUDIT_BUFSIZ is at least 1024, then we can
705 * log everything that printk could have logged. */ 705 * log everything that printk could have logged. */
706 audit_log_move(ab); 706 audit_log_move(ab);
707 avail = sizeof(ab->tmp) - ab->len; 707 avail = sizeof(ab->tmp) - ab->len;
708 len = vsnprintf(ab->tmp + ab->len, avail, fmt, args); 708 len = vsnprintf(ab->tmp + ab->len, avail, fmt, args);
709 } 709 }
710 ab->len += (len < avail) ? len : avail; 710 ab->len += (len < avail) ? len : avail;
711 ab->total += (len < avail) ? len : avail; 711 ab->total += (len < avail) ? len : avail;
712 } 712 }
713 713
714 /* Format a message into the audit buffer. All the work is done in 714 /* Format a message into the audit buffer. All the work is done in
715 * audit_log_vformat. */ 715 * audit_log_vformat. */
716 void audit_log_format(struct audit_buffer *ab, const char *fmt, ...) 716 void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)
717 { 717 {
718 va_list args; 718 va_list args;
719 719
720 if (!ab) 720 if (!ab)
721 return; 721 return;
722 va_start(args, fmt); 722 va_start(args, fmt);
723 audit_log_vformat(ab, fmt, args); 723 audit_log_vformat(ab, fmt, args);
724 va_end(args); 724 va_end(args);
725 } 725 }
726 726
727 void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf, size_t len) 727 void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf, size_t len)
728 { 728 {
729 int i; 729 int i;
730 730
731 for (i=0; i<len; i++) 731 for (i=0; i<len; i++)
732 audit_log_format(ab, "%02x", buf[i]); 732 audit_log_format(ab, "%02x", buf[i]);
733 } 733 }
734 734
735 void audit_log_untrustedstring(struct audit_buffer *ab, const char *string) 735 void audit_log_untrustedstring(struct audit_buffer *ab, const char *string)
736 { 736 {
737 const unsigned char *p = string; 737 const unsigned char *p = string;
738 738
739 while (*p) { 739 while (*p) {
740 if (*p == '"' || *p == ' ' || *p < 0x20 || *p > 0x7f) { 740 if (*p == '"' || *p == ' ' || *p < 0x20 || *p > 0x7f) {
741 audit_log_hex(ab, string, strlen(string)); 741 audit_log_hex(ab, string, strlen(string));
742 return; 742 return;
743 } 743 }
744 p++; 744 p++;
745 } 745 }
746 audit_log_format(ab, "\"%s\"", string); 746 audit_log_format(ab, "\"%s\"", string);
747 } 747 }
748 748
749 749
750 /* This is a helper-function to print the d_path without using a static 750 /* This is a helper-function to print the d_path without using a static
751 * buffer or allocating another buffer in addition to the one in 751 * buffer or allocating another buffer in addition to the one in
752 * audit_buffer. */ 752 * audit_buffer. */
753 void audit_log_d_path(struct audit_buffer *ab, const char *prefix, 753 void audit_log_d_path(struct audit_buffer *ab, const char *prefix,
754 struct dentry *dentry, struct vfsmount *vfsmnt) 754 struct dentry *dentry, struct vfsmount *vfsmnt)
755 { 755 {
756 char *p; 756 char *p;
757 int len, avail; 757 int len, avail;
758 758
759 if (prefix) audit_log_format(ab, " %s", prefix); 759 if (prefix) audit_log_format(ab, " %s", prefix);
760 760
761 if (ab->len > 128) 761 if (ab->len > 128)
762 audit_log_move(ab); 762 audit_log_move(ab);
763 avail = sizeof(ab->tmp) - ab->len; 763 avail = sizeof(ab->tmp) - ab->len;
764 p = d_path(dentry, vfsmnt, ab->tmp + ab->len, avail); 764 p = d_path(dentry, vfsmnt, ab->tmp + ab->len, avail);
765 if (IS_ERR(p)) { 765 if (IS_ERR(p)) {
766 /* FIXME: can we save some information here? */ 766 /* FIXME: can we save some information here? */
767 audit_log_format(ab, "<toolong>"); 767 audit_log_format(ab, "<toolong>");
768 } else { 768 } else {
769 /* path isn't at start of buffer */ 769 /* path isn't at start of buffer */
770 len = (ab->tmp + sizeof(ab->tmp) - 1) - p; 770 len = (ab->tmp + sizeof(ab->tmp) - 1) - p;
771 memmove(ab->tmp + ab->len, p, len); 771 memmove(ab->tmp + ab->len, p, len);
772 ab->len += len; 772 ab->len += len;
773 ab->total += len; 773 ab->total += len;
774 } 774 }
775 } 775 }
776 776
777 /* Remove queued messages from the audit_txlist and send them to userspace. */ 777 /* Remove queued messages from the audit_txlist and send them to userspace. */
778 static void audit_tasklet_handler(unsigned long arg) 778 static void audit_tasklet_handler(unsigned long arg)
779 { 779 {
780 LIST_HEAD(list); 780 LIST_HEAD(list);
781 struct audit_buffer *ab; 781 struct audit_buffer *ab;
782 unsigned long flags; 782 unsigned long flags;
783 783
784 spin_lock_irqsave(&audit_txlist_lock, flags); 784 spin_lock_irqsave(&audit_txlist_lock, flags);
785 list_splice_init(&audit_txlist, &list); 785 list_splice_init(&audit_txlist, &list);
786 spin_unlock_irqrestore(&audit_txlist_lock, flags); 786 spin_unlock_irqrestore(&audit_txlist_lock, flags);
787 787
788 while (!list_empty(&list)) { 788 while (!list_empty(&list)) {
789 ab = list_entry(list.next, struct audit_buffer, list); 789 ab = list_entry(list.next, struct audit_buffer, list);
790 list_del(&ab->list); 790 list_del(&ab->list);
791 audit_log_end_fast(ab); 791 audit_log_end_fast(ab);
792 } 792 }
793 } 793 }
794 794
795 static DECLARE_TASKLET(audit_tasklet, audit_tasklet_handler, 0); 795 static DECLARE_TASKLET(audit_tasklet, audit_tasklet_handler, 0);
796 796
797 /* The netlink_* functions cannot be called inside an irq context, so 797 /* The netlink_* functions cannot be called inside an irq context, so
798 * the audit buffer is places on a queue and a tasklet is scheduled to 798 * the audit buffer is places on a queue and a tasklet is scheduled to
799 * remove them from the queue outside the irq context. May be called in 799 * remove them from the queue outside the irq context. May be called in
800 * any context. */ 800 * any context. */
801 static void audit_log_end_irq(struct audit_buffer *ab) 801 static void audit_log_end_irq(struct audit_buffer *ab)
802 { 802 {
803 unsigned long flags; 803 unsigned long flags;
804 804
805 if (!ab) 805 if (!ab)
806 return; 806 return;
807 spin_lock_irqsave(&audit_txlist_lock, flags); 807 spin_lock_irqsave(&audit_txlist_lock, flags);
808 list_add_tail(&ab->list, &audit_txlist); 808 list_add_tail(&ab->list, &audit_txlist);
809 spin_unlock_irqrestore(&audit_txlist_lock, flags); 809 spin_unlock_irqrestore(&audit_txlist_lock, flags);
810 810
811 tasklet_schedule(&audit_tasklet); 811 tasklet_schedule(&audit_tasklet);
812 } 812 }
813 813
814 /* Send the message in the audit buffer directly to user space. May not 814 /* Send the message in the audit buffer directly to user space. May not
815 * be called in an irq context. */ 815 * be called in an irq context. */
816 static void audit_log_end_fast(struct audit_buffer *ab) 816 static void audit_log_end_fast(struct audit_buffer *ab)
817 { 817 {
818 unsigned long flags; 818 unsigned long flags;
819 819
820 BUG_ON(in_irq()); 820 BUG_ON(in_irq());
821 if (!ab) 821 if (!ab)
822 return; 822 return;
823 if (!audit_rate_check()) { 823 if (!audit_rate_check()) {
824 audit_log_lost("rate limit exceeded"); 824 audit_log_lost("rate limit exceeded");
825 } else { 825 } else {
826 audit_log_move(ab); 826 audit_log_move(ab);
827 if (audit_log_drain(ab)) 827 if (audit_log_drain(ab))
828 return; 828 return;
829 } 829 }
830 830
831 atomic_dec(&audit_backlog); 831 atomic_dec(&audit_backlog);
832 spin_lock_irqsave(&audit_freelist_lock, flags); 832 spin_lock_irqsave(&audit_freelist_lock, flags);
833 if (++audit_freelist_count > AUDIT_MAXFREE) 833 if (++audit_freelist_count > AUDIT_MAXFREE)
834 kfree(ab); 834 kfree(ab);
835 else 835 else
836 list_add(&ab->list, &audit_freelist); 836 list_add(&ab->list, &audit_freelist);
837 spin_unlock_irqrestore(&audit_freelist_lock, flags); 837 spin_unlock_irqrestore(&audit_freelist_lock, flags);
838 } 838 }
839 839
840 /* Send or queue the message in the audit buffer, depending on the 840 /* Send or queue the message in the audit buffer, depending on the
841 * current context. (A convenience function that may be called in any 841 * current context. (A convenience function that may be called in any
842 * context.) */ 842 * context.) */
843 void audit_log_end(struct audit_buffer *ab) 843 void audit_log_end(struct audit_buffer *ab)
844 { 844 {
845 if (in_irq()) 845 if (in_irq())
846 audit_log_end_irq(ab); 846 audit_log_end_irq(ab);
847 else 847 else
848 audit_log_end_fast(ab); 848 audit_log_end_fast(ab);
849 } 849 }
850 850
851 /* Log an audit record. This is a convenience function that calls 851 /* Log an audit record. This is a convenience function that calls
852 * audit_log_start, audit_log_vformat, and audit_log_end. It may be 852 * audit_log_start, audit_log_vformat, and audit_log_end. It may be
853 * called in any context. */ 853 * called in any context. */
854 void audit_log(struct audit_context *ctx, const char *fmt, ...) 854 void audit_log(struct audit_context *ctx, const char *fmt, ...)
855 { 855 {
856 struct audit_buffer *ab; 856 struct audit_buffer *ab;
857 va_list args; 857 va_list args;
858 858
859 ab = audit_log_start(ctx); 859 ab = audit_log_start(ctx);
860 if (ab) { 860 if (ab) {
861 va_start(args, fmt); 861 va_start(args, fmt);
862 audit_log_vformat(ab, fmt, args); 862 audit_log_vformat(ab, fmt, args);
863 va_end(args); 863 va_end(args);
864 audit_log_end(ab); 864 audit_log_end(ab);
865 } 865 }
866 } 866 }
867 867