rpms/kernel/FC-4 linux-2.6.13-rc3-audit-git.patch,1.2,1.3

Mon Jul 18 18:34:31 UTC 2005

Author: dwmw2

Update of /cvs/dist/rpms/kernel/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv13116

Modified Files:
	linux-2.6.13-rc3-audit-git.patch 
Log Message:
reduce contention on audit_serial()

linux-2.6.13-rc3-audit-git.patch:
 MAINTAINERS                    |    8 +
 fs/namei.c                     |    2 
 include/linux/audit.h          |   36 ++++--
 kernel/audit.c                 |  123 ++++++++++++++-------
 kernel/auditsc.c               |  231 +++++++++++++++++++++++++++++------------
 security/selinux/avc.c         |    4 
 security/selinux/hooks.c       |    2 
 security/selinux/ss/services.c |    4 
 8 files changed, 285 insertions(+), 125 deletions(-)

Index: linux-2.6.13-rc3-audit-git.patch
===================================================================
RCS file: /cvs/dist/rpms/kernel/FC-4/linux-2.6.13-rc3-audit-git.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3

--- linux-2.6.13-rc3-audit-git.patch	14 Jul 2005 13:42:06 -0000	1.2
+++ linux-2.6.13-rc3-audit-git.patch	18 Jul 2005 18:34:27 -0000	1.3
@@ -287,7 +287,45 @@
  	nlh = (struct nlmsghdr *)skb_put(ab->skb, NLMSG_SPACE(0));
  	nlh->nlmsg_type = type;
  	nlh->nlmsg_flags = 0;
-@@ -644,17 +649,43 @@ static inline void audit_get_stamp(struc
+@@ -605,26 +610,27 @@ err:
+  * (timestamp,serial) tuple is unique for each syscall and is live from
+  * syscall entry to syscall exit.
+  *
+- * Atomic values are only guaranteed to be 24-bit, so we count down.
+- *
+  * NOTE: Another possibility is to store the formatted records off the
+  * audit context (for those records that have a context), and emit them
+  * all at syscall exit.  However, this could delay the reporting of
+  * significant errors until syscall exit (or never, if the system
+  * halts). */
++
+ unsigned int audit_serial(void)
+ {
+-	static atomic_t serial = ATOMIC_INIT(0xffffff);
+-	unsigned int a, b;
++	static spinlock_t serial_lock = SPIN_LOCK_UNLOCKED;
++	static unsigned int serial = 0;
++
++	unsigned long flags;
++	unsigned int ret;
+ 
++	spin_lock_irqsave(&serial_lock, flags);
+ 	do {
+-		a = atomic_read(&serial);
+-		if (atomic_dec_and_test(&serial))
+-			atomic_set(&serial, 0xffffff);
+-		b = atomic_read(&serial);
+-	} while (b != a - 1);
++		ret = ++serial;
++	} while (unlikely(!ret));
++	spin_unlock_irqrestore(&serial_lock, flags);
+ 
+-	return 0xffffff - b;
++	return ret;
+ }
+ 
+ static inline void audit_get_stamp(struct audit_context *ctx, 
+@@ -644,17 +650,43 @@ static inline void audit_get_stamp(struc
   * syscall, then the syscall is marked as auditable and an audit record
   * will be written at syscall exit.  If there is no associated task, tsk
   * should be NULL. */
@@ -334,7 +372,7 @@
  		if (audit_rate_check())
  			printk(KERN_WARNING
  			       "audit: audit_backlog=%d > "
-@@ -662,10 +693,12 @@ struct audit_buffer *audit_log_start(str
+@@ -662,10 +694,12 @@ struct audit_buffer *audit_log_start(str
  			       skb_queue_len(&audit_skb_queue),
  			       audit_backlog_limit);
  		audit_log_lost("backlog limit exceeded");
@@ -348,7 +386,7 @@
  	if (!ab) {
  		audit_log_lost("out of memory in audit_log_start");
  		return NULL;
-@@ -689,7 +722,7 @@ static inline int audit_expand(struct au
+@@ -689,7 +723,7 @@ static inline int audit_expand(struct au
  {
  	struct sk_buff *skb = ab->skb;
  	int ret = pskb_expand_head(skb, skb_headroom(skb), extra,
@@ -357,7 +395,7 @@
  	if (ret < 0) {
  		audit_log_lost("out of memory in audit_expand");
  		return 0;
-@@ -808,7 +841,7 @@ void audit_log_d_path(struct audit_buffe
+@@ -808,7 +842,7 @@ void audit_log_d_path(struct audit_buffe
  		audit_log_format(ab, " %s", prefix);
  
  	/* We will allow 11 spaces for ' (deleted)' to be appended */
@@ -366,7 +404,7 @@
  	if (!path) {
  		audit_log_format(ab, "<no memory>");
  		return;
-@@ -840,7 +873,7 @@ void audit_log_end(struct audit_buffer *
+@@ -840,7 +874,7 @@ void audit_log_end(struct audit_buffer *
  			ab->skb = NULL;
  			wake_up_interruptible(&kauditd_wait);
  		} else {
@@ -375,7 +413,7 @@
  		}
  	}
  	audit_buffer_free(ab);
-@@ -849,12 +882,13 @@ void audit_log_end(struct audit_buffer *
+@@ -849,12 +883,13 @@ void audit_log_end(struct audit_buffer *
  /* Log an audit record.  This is a convenience function that calls
   * audit_log_start, audit_log_vformat, and audit_log_end.  It may be
   * called in any context. */
@@ -742,7 +780,7 @@
  
  	audit_free_context(context);
  }
-@@ -876,7 +980,7 @@ void audit_syscall_entry(struct task_str
+@@ -876,11 +980,11 @@ void audit_syscall_entry(struct task_str
  
  	state = context->state;
  	if (state == AUDIT_SETUP_CONTEXT || state == AUDIT_BUILD_CONTEXT)
@@ -751,6 +789,11 @@
  	if (likely(state == AUDIT_DISABLED))
  		return;
  
+-	context->serial     = audit_serial();
++	context->serial     = 0;
+ 	context->ctime      = CURRENT_TIME;
+ 	context->in_syscall = 1;
+ 	context->auditable  = !!(state == AUDIT_RECORD_CONTEXT);
 @@ -905,8 +1009,8 @@ void audit_syscall_exit(struct task_stru
  	if (likely(!context))
  		return;
@@ -771,7 +814,7 @@
  {
  	int idx;
  	struct audit_context *context = current->audit_context;
-@@ -1022,12 +1126,13 @@ void audit_inode(const char *name, const
+@@ -1022,17 +1126,20 @@ void audit_inode(const char *name, const
  		++context->ino_count;
  #endif
  	}
@@ -791,7 +834,14 @@
  }
  
  void auditsc_get_stamp(struct audit_context *ctx,
-@@ -1044,7 +1149,7 @@ int audit_set_loginuid(struct task_struc
+ 		       struct timespec *t, unsigned int *serial)
+ {
++	if (!ctx->serial)
++		ctx->serial = audit_serial();
+ 	t->tv_sec  = ctx->ctime.tv_sec;
+ 	t->tv_nsec = ctx->ctime.tv_nsec;
+ 	*serial    = ctx->serial;
+@@ -1044,7 +1151,7 @@ int audit_set_loginuid(struct task_struc
  	if (task->audit_context) {
  		struct audit_buffer *ab;
  
@@ -800,7 +850,7 @@
  		if (ab) {
  			audit_log_format(ab, "login pid=%d uid=%u "
  				"old auid=%u new auid=%u",
-@@ -1153,7 +1258,7 @@ void audit_signal_info(int sig, struct t
+@@ -1153,7 +1260,7 @@ void audit_signal_info(int sig, struct t
  	extern pid_t audit_sig_pid;
  	extern uid_t audit_sig_uid;
  


