[PATCH] audit: convert status version to a feature bitmap

Thu Nov 13 20:38:17 UTC 2014

On Thu, 2014-11-13 at 15:29 -0500, Richard Guy Briggs wrote:
> The version field defined in the audit status structure was found to have
> limitations in terms of its expressibility of features supported.  This is
> distict from the get/set features call to be able to command those features
> that are present.
> 
> Converting this field from a version number to a feature bitmap will allow
> distributions to selectively backport and support certain features and will
> allow upstream to be able to deprecate features in the future.  It will allow
> userspace clients to first query the kernel for which features are actually
> present and supported.  Currently, EINVAL is returned rather than EOPNOTSUP,
> which isn't helpful in determining if there was an error in the command, or if
> it simply isn't supported yet.  Past features are not represented by this
> bitmap, but their use may be converted to EOPNOTSUP if needed in the future.

Maybe use DECLARE_BITMAP instead of u32 and test_bit/set_bit

> diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h

> @@ -322,9 +322,15 @@ enum {
>  #define AUDIT_STATUS_BACKLOG_LIMIT	0x0010
>  #define AUDIT_STATUS_BACKLOG_WAIT_TIME	0x0020
>  
> -#define AUDIT_VERSION_BACKLOG_LIMIT	1
> -#define AUDIT_VERSION_BACKLOG_WAIT_TIME	2
> -#define AUDIT_VERSION_LATEST AUDIT_VERSION_BACKLOG_WAIT_TIME
> +#define AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT	0x00000001
> +#define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME	0x00000002
> +#define AUDIT_FEATURE_BITMAP (	AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT     | \
> +				AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME   )
> +
> +/* deprecated: AUDIT_VERSION_* */
> +#define AUDIT_VERSION_LATEST 		AUDIT_FEATURE_BITMAP
> +#define AUDIT_VERSION_BACKLOG_LIMIT	AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT
> +#define AUDIT_VERSION_BACKLOG_WAIT_TIME	AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME
>  
>  				/* Failure-to-log actions */
>  #define AUDIT_FAIL_SILENT	0
> @@ -403,7 +409,10 @@ struct audit_status {
>  	__u32		backlog_limit;	/* waiting messages limit */
>  	__u32		lost;		/* messages lost */
>  	__u32		backlog;	/* messages waiting in queue */
> -	__u32		version;	/* audit api version number */
> +	union {
> +		__u32	version;	/* deprecated: audit api version num */
> +		__u32	feature_bitmap;	/* bitmap of kernel audit features */
> +	};
>  	__u32		backlog_wait_time;/* message queue wait timeout */
>  };
>  
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 8ee4508..c9d0e30 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -842,7 +842,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
>  		s.backlog_limit		= audit_backlog_limit;
>  		s.lost			= atomic_read(&audit_lost);
>  		s.backlog		= skb_queue_len(&audit_skb_queue);
> -		s.version		= AUDIT_VERSION_LATEST;
> +		s.feature_bitmap	= AUDIT_FEATURE_BITMAP;
>  		s.backlog_wait_time	= audit_backlog_wait_time;
>  		audit_send_reply(skb, seq, AUDIT_GET, 0, 0, &s, sizeof(s));
>  		break;