[PATCH 3/3] buffer audit msgs directly to skb
Chris Wright
chrisw at osdl.org
Fri May 6 07:55:06 UTC 2005
Drop the use of a tmp buffer in the audit_buffer, and just buffer
directly to the skb. All header data that was temporarily stored in
the audit_buffer can now be stored directly in the netlink header in
the skb. Resize skb as needed. This eliminates the extra copy (and
the audit_log_move function which was responsible for copying).
Signed-off-by: Chris Wright <chrisw at osdl.org>
---
kernel/audit.c | 122 +++++++++++++++++++++------------------------------------ 1 files changed, 46 insertions(+), 76 deletions(-)
kernel/audit.c: 24dbd7ce6967f002e15e8dd6d0b557563067a209
--- k/kernel/audit.c
+++ l/kernel/audit.c
@@ -134,16 +134,18 @@ struct audit_buffer {
struct list_head list;
struct sk_buff *skb; /* formatted skb ready to send */
struct audit_context *ctx; /* NULL or associated context */
- int len; /* used area of tmp */
- int size; /* size of tmp */
- char *tmp;
- int type;
- int pid;
};
void audit_set_type(struct audit_buffer *ab, int type)
{
- ab->type = type;
+ struct nlmsghdr *nlh = (struct nlmsghdr *)ab->skb->data;
+ nlh->nlmsg_type = type;
+}
+
+static void audit_set_pid(struct audit_buffer *ab, pid_t pid)
+{
+ struct nlmsghdr *nlh = (struct nlmsghdr *)ab->skb->data;
+ nlh->nlmsg_pid = pid;
}
struct audit_entry {
@@ -399,8 +401,8 @@ static int audit_receive_msg(struct sk_b
(int)(nlh->nlmsg_len
- ((char *)data - (char *)nlh)),
loginuid, (char *)data);
- ab->type = AUDIT_USER;
- ab->pid = pid;
+ audit_set_type(ab, AUDIT_USER);
+ audit_set_pid(ab, pid);
audit_log_end(ab);
break;
case AUDIT_ADD:
@@ -464,42 +466,7 @@ static void audit_receive(struct sock *s
up(&audit_netlink_sem);
}
-/* Move data from tmp buffer into an skb. This is an extra copy, and
- * that is unfortunate. However, the copy will only occur when a record
- * is being written to user space, which is already a high-overhead
- * operation. (Elimination of the copy is possible, for example, by
- * writing directly into a pre-allocated skb, at the cost of wasting
- * memory. */
-static void audit_log_move(struct audit_buffer *ab)
-{
- struct sk_buff *skb;
- struct nlmsghdr *nlh;
- char *start;
- int len = NLMSG_SPACE(0) + ab->len + 1;
-
- /* possible resubmission */
- if (ab->skb)
- return;
-
- skb = alloc_skb(len, GFP_ATOMIC);
- if (!skb) {
- /* Lose information in ab->tmp */
- audit_log_lost("out of memory in audit_log_move");
- return;
- }
- ab->skb = skb;
- nlh = (struct nlmsghdr *)skb_put(skb, NLMSG_SPACE(0));
- nlh->nlmsg_type = ab->type;
- nlh->nlmsg_len = ab->len;
- nlh->nlmsg_flags = 0;
- nlh->nlmsg_pid = ab->pid;
- nlh->nlmsg_seq = 0;
- start = skb_put(skb, ab->len);
- memcpy(start, ab->tmp, ab->len);
-}
-
-/* Iterate over the skbuff in the audit_buffer, sending their contents
- * to user space. */
+/* Grab skbuff from the audit_buffer and send to user space. */
static inline int audit_log_drain(struct audit_buffer *ab)
{
struct sk_buff *skb = ab->skb;
@@ -508,6 +475,8 @@ static inline int audit_log_drain(struct
int retval = 0;
if (audit_pid) {
+ struct nlmsghdr *nlh = (struct nlmsghdr *)skb->data;
+ nlh->nlmsg_len = skb->len;
skb_get(skb); /* because netlink_* frees */
retval = netlink_unicast(audit_sock, skb, audit_pid,
MSG_DONTWAIT);
@@ -532,7 +501,6 @@ static inline int audit_log_drain(struct
skb->data[offset + len] = '\0';
printk(KERN_ERR "%s\n", skb->data + offset);
}
- kfree_skb(skb);
}
return 0;
}
@@ -603,7 +571,8 @@ static void audit_buffer_free(struct aud
if (!ab)
return;
- kfree(ab->tmp);
+ if (ab->skb)
+ kfree_skb(ab->skb);
atomic_dec(&audit_backlog);
spin_lock_irqsave(&audit_freelist_lock, flags);
if (++audit_freelist_count > AUDIT_MAXFREE)
@@ -618,6 +587,7 @@ static struct audit_buffer * audit_buffe
{
unsigned long flags;
struct audit_buffer *ab = NULL;
+ struct nlmsghdr *nlh;
spin_lock_irqsave(&audit_freelist_lock, flags);
if (!list_empty(&audit_freelist)) {
@@ -635,16 +605,16 @@ static struct audit_buffer * audit_buffe
}
atomic_inc(&audit_backlog);
- ab->tmp = kmalloc(AUDIT_BUFSIZ, GFP_ATOMIC);
- if (!ab->tmp)
+ ab->skb = alloc_skb(AUDIT_BUFSIZ, GFP_ATOMIC);
+ if (!ab->skb)
goto err;
- ab->skb = NULL;
ab->ctx = ctx;
- ab->len = 0;
- ab->size = AUDIT_BUFSIZ;
- ab->type = AUDIT_KERNEL;
- ab->pid = 0;
+ nlh = (struct nlmsghdr *)skb_put(ab->skb, NLMSG_SPACE(0));
+ nlh->nlmsg_type = AUDIT_KERNEL;
+ nlh->nlmsg_flags = 0;
+ nlh->nlmsg_pid = 0;
+ nlh->nlmsg_seq = 0;
return ab;
err:
audit_buffer_free(ab);
@@ -699,7 +669,7 @@ struct audit_buffer *audit_log_start(str
}
/**
- * audit_expand - expand tmp buffer in the audit buffer
+ * audit_expand - expand skb in the audit buffer
* @ab: audit_buffer
*
* Returns 0 (no space) on failed expansion, or available space if
@@ -707,17 +677,14 @@ struct audit_buffer *audit_log_start(str
*/
static inline int audit_expand(struct audit_buffer *ab)
{
- char *tmp;
- int len = ab->size + AUDIT_BUFSIZ;
-
- tmp = kmalloc(len, GFP_ATOMIC);
- if (!tmp)
+ struct sk_buff *skb = ab->skb;
+ int ret = pskb_expand_head(skb, skb_headroom(skb), AUDIT_BUFSIZ,
+ GFP_ATOMIC);
+ if (ret < 0) {
+ audit_log_lost("out of memory in audit_expand");
return 0;
- memcpy(tmp, ab->tmp, ab->len);
- kfree(ab->tmp);
- ab->tmp = tmp;
- ab->size = len;
- return ab->size - ab->len;
+ }
+ return skb_tailroom(skb);
}
/* Format an audit message into the audit buffer. If there isn't enough
@@ -728,17 +695,20 @@ static void audit_log_vformat(struct aud
va_list args)
{
int len, avail;
+ struct sk_buff *skb;
if (!ab)
return;
- avail = ab->size - ab->len;
- if (avail <= 0) {
+ BUG_ON(!ab->skb);
+ skb = ab->skb;
+ avail = skb_tailroom(skb);
+ if (avail == 0) {
avail = audit_expand(ab);
if (!avail)
goto out;
}
- len = vsnprintf(ab->tmp + ab->len, avail, fmt, args);
+ len = vsnprintf(skb->tail, avail, fmt, args);
if (len >= avail) {
/* The printk buffer is 1024 bytes long, so if we get
* here and AUDIT_BUFSIZ is at least 1024, then we can
@@ -746,9 +716,9 @@ static void audit_log_vformat(struct aud
avail = audit_expand(ab);
if (!avail)
goto out;
- len = vsnprintf(ab->tmp + ab->len, avail, fmt, args);
+ len = vsnprintf(skb->tail, avail, fmt, args);
}
- ab->len += (len < avail) ? len : avail;
+ skb_put(skb, (len < avail) ? len : avail);
out:
return;
}
@@ -796,21 +766,22 @@ void audit_log_d_path(struct audit_buffe
struct dentry *dentry, struct vfsmount *vfsmnt)
{
char *p;
+ struct sk_buff *skb = ab->skb;
int len, avail;
if (prefix)
audit_log_format(ab, " %s", prefix);
- avail = ab->size - ab->len;
- p = d_path(dentry, vfsmnt, ab->tmp + ab->len, avail);
+ avail = skb_tailroom(skb);
+ p = d_path(dentry, vfsmnt, skb->tail, avail);
if (IS_ERR(p)) {
/* FIXME: can we save some information here? */
audit_log_format(ab, "<toolong>");
} else {
- /* path isn't at start of buffer */
- len = (ab->tmp + ab->size - 1) - p;
- memmove(ab->tmp + ab->len, p, len);
- ab->len += len;
+ /* path isn't at start of buffer */
+ len = ((char *)skb->tail + avail - 1) - p;
+ memmove(skb->tail, p, len);
+ skb_put(skb, len);
}
}
@@ -861,7 +832,6 @@ static void audit_log_end_fast(struct au
if (!audit_rate_check()) {
audit_log_lost("rate limit exceeded");
} else {
- audit_log_move(ab);
if (audit_log_drain(ab))
return;
}
More information about the Linux-audit
mailing list