AUDIT: buffer audit msgs directly to skb

Drop the use of a tmp buffer in the audit_buffer, and just buffer
directly to the skb.  All header data that was temporarily stored in
the audit_buffer can now be stored directly in the netlink header in
the skb.  Resize skb as needed.  This eliminates the extra copy (and
the audit_log_move function which was responsible for copying).

Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

1 files changed, 46 insertions, 76 deletions

diff --git a/kernel/audit.c b/kernel/audit.c
index c6e31d209c41..993e445418a7 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -138,16 +138,18 @@ struct audit_buffer {
 	struct list_head     list;
 	struct sk_buff       *skb;	/* formatted skb ready to send */
 	struct audit_context *ctx;	/* NULL or associated context */
-	int		     len;	/* used area of tmp */
-	int		     size;	/* size of tmp */
-	char		     *tmp;	
-	int		     type;
-	int		     pid;
 };
 
 void audit_set_type(struct audit_buffer *ab, int type)
 {
-	ab->type = type;
+	struct nlmsghdr *nlh = (struct nlmsghdr *)ab->skb->data;
+	nlh->nlmsg_type = type;
+}
+
+static void audit_set_pid(struct audit_buffer *ab, pid_t pid)
+{
+	struct nlmsghdr *nlh = (struct nlmsghdr *)ab->skb->data;
+	nlh->nlmsg_pid = pid;
 }
 
 struct audit_entry {
@@ -405,8 +407,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
 				 (int)(nlh->nlmsg_len
 				       - ((char *)data - (char *)nlh)),
 				 loginuid, (char *)data);
-		ab->type = AUDIT_USER;
-		ab->pid  = pid;
+		audit_set_type(ab, AUDIT_USER);
+		audit_set_pid(ab, pid);
 		audit_log_end(ab);
 		break;
 	case AUDIT_ADD:
@@ -476,42 +478,7 @@ static void audit_receive(struct sock *sk, int length)
 	up(&audit_netlink_sem);
 }
 
-/* Move data from tmp buffer into an skb.  This is an extra copy, and
- * that is unfortunate.  However, the copy will only occur when a record
- * is being written to user space, which is already a high-overhead
- * operation.  (Elimination of the copy is possible, for example, by
- * writing directly into a pre-allocated skb, at the cost of wasting
- * memory. */
-static void audit_log_move(struct audit_buffer *ab)
-{
-	struct sk_buff	*skb;
-	struct nlmsghdr *nlh;
-	char		*start;
-	int		len = NLMSG_SPACE(0) + ab->len + 1;
-
-	/* possible resubmission */
-	if (ab->skb)
-		return;
-
-	skb = alloc_skb(len, GFP_ATOMIC);
-	if (!skb) {
-		/* Lose information in ab->tmp */
-		audit_log_lost("out of memory in audit_log_move");
-		return;
-	}
-	ab->skb = skb;
-	nlh = (struct nlmsghdr *)skb_put(skb, NLMSG_SPACE(0));
-	nlh->nlmsg_type = ab->type;
-	nlh->nlmsg_len = ab->len;
-	nlh->nlmsg_flags = 0;
-	nlh->nlmsg_pid = ab->pid;
-	nlh->nlmsg_seq = 0;
-	start = skb_put(skb, ab->len);
-	memcpy(start, ab->tmp, ab->len);
-}
-
-/* Iterate over the skbuff in the audit_buffer, sending their contents
- * to user space. */
+/* Grab skbuff from the audit_buffer and send to user space. */
 static inline int audit_log_drain(struct audit_buffer *ab)
 {
 	struct sk_buff *skb = ab->skb;
@@ -520,6 +487,8 @@ static inline int audit_log_drain(struct audit_buffer *ab)
 		int retval = 0;
 
 		if (audit_pid) {
+			struct nlmsghdr *nlh = (struct nlmsghdr *)skb->data;
+			nlh->nlmsg_len = skb->len;
 			skb_get(skb); /* because netlink_* frees */
 			retval = netlink_unicast(audit_sock, skb, audit_pid,
 						 MSG_DONTWAIT);
@@ -544,7 +513,6 @@ static inline int audit_log_drain(struct audit_buffer *ab)
 			skb->data[offset + len] = '\0';
 			printk(KERN_ERR "%s\n", skb->data + offset);
 		}
-		kfree_skb(skb);
 	}
 	return 0;
 }
@@ -615,7 +583,8 @@ static void audit_buffer_free(struct audit_buffer *ab)
 	if (!ab)
 		return;
 
-	kfree(ab->tmp);
+	if (ab->skb)
+		kfree_skb(ab->skb);
 	atomic_dec(&audit_backlog);
 	spin_lock_irqsave(&audit_freelist_lock, flags);
 	if (++audit_freelist_count > AUDIT_MAXFREE)
@@ -630,6 +599,7 @@ static struct audit_buffer * audit_buffer_alloc(struct audit_context *ctx,
 {
 	unsigned long flags;
 	struct audit_buffer *ab = NULL;
+	struct nlmsghdr *nlh;
 
 	spin_lock_irqsave(&audit_freelist_lock, flags);
 	if (!list_empty(&audit_freelist)) {
@@ -647,16 +617,16 @@ static struct audit_buffer * audit_buffer_alloc(struct audit_context *ctx,
 	}
 	atomic_inc(&audit_backlog);
 
-	ab->tmp = kmalloc(AUDIT_BUFSIZ, GFP_ATOMIC);
-	if (!ab->tmp)
+	ab->skb = alloc_skb(AUDIT_BUFSIZ, GFP_ATOMIC);
+	if (!ab->skb)
 		goto err;
 
-	ab->skb   = NULL;
 	ab->ctx   = ctx;
-	ab->len   = 0;
-	ab->size  = AUDIT_BUFSIZ;
-	ab->type  = AUDIT_KERNEL;
-	ab->pid   = 0;
+	nlh = (struct nlmsghdr *)skb_put(ab->skb, NLMSG_SPACE(0));
+	nlh->nlmsg_type = AUDIT_KERNEL;
+	nlh->nlmsg_flags = 0;
+	nlh->nlmsg_pid = 0;
+	nlh->nlmsg_seq = 0;
 	return ab;
 err:
 	audit_buffer_free(ab);
@@ -711,7 +681,7 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx)
 }
 
 /**
- * audit_expand - expand tmp buffer in the audit buffer
+ * audit_expand - expand skb in the audit buffer
  * @ab: audit_buffer
  *
  * Returns 0 (no space) on failed expansion, or available space if
@@ -719,17 +689,14 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx)
  */
 static inline int audit_expand(struct audit_buffer *ab)
 {
-	char *tmp;
-	int len = ab->size + AUDIT_BUFSIZ;
-
-	tmp = kmalloc(len, GFP_ATOMIC);
-	if (!tmp)
+	struct sk_buff *skb = ab->skb;
+	int ret = pskb_expand_head(skb, skb_headroom(skb), AUDIT_BUFSIZ,
+				   GFP_ATOMIC);
+	if (ret < 0) {
+		audit_log_lost("out of memory in audit_expand");
 		return 0;
-	memcpy(tmp, ab->tmp, ab->len);
-	kfree(ab->tmp);
-	ab->tmp = tmp;
-	ab->size = len;
-	return ab->size - ab->len;
+	}
+	return skb_tailroom(skb);
 }
 
 /* Format an audit message into the audit buffer.  If there isn't enough
@@ -740,17 +707,20 @@ static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
 			      va_list args)
 {
 	int len, avail;
+	struct sk_buff *skb;
 
 	if (!ab)
 		return;
 
-	avail = ab->size - ab->len;
-	if (avail <= 0) {
+	BUG_ON(!ab->skb);
+	skb = ab->skb;
+	avail = skb_tailroom(skb);
+	if (avail == 0) {
 		avail = audit_expand(ab);
 		if (!avail)
 			goto out;
 	}
-	len = vsnprintf(ab->tmp + ab->len, avail, fmt, args);
+	len = vsnprintf(skb->tail, avail, fmt, args);
 	if (len >= avail) {
 		/* The printk buffer is 1024 bytes long, so if we get
 		 * here and AUDIT_BUFSIZ is at least 1024, then we can
@@ -758,9 +728,9 @@ static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
 		avail = audit_expand(ab);
 		if (!avail)
 			goto out;
-		len = vsnprintf(ab->tmp + ab->len, avail, fmt, args);
+		len = vsnprintf(skb->tail, avail, fmt, args);
 	}
-	ab->len   += (len < avail) ? len : avail;
+	skb_put(skb, (len < avail) ? len : avail);
 out:
 	return;
 }
@@ -808,21 +778,22 @@ void audit_log_d_path(struct audit_buffer *ab, const char *prefix,
 		      struct dentry *dentry, struct vfsmount *vfsmnt)
 {
 	char *p;
+	struct sk_buff *skb = ab->skb;
 	int  len, avail;
 
 	if (prefix)
 		audit_log_format(ab, " %s", prefix);
 
-	avail = ab->size - ab->len;
-	p = d_path(dentry, vfsmnt, ab->tmp + ab->len, avail);
+	avail = skb_tailroom(skb);
+	p = d_path(dentry, vfsmnt, skb->tail, avail);
 	if (IS_ERR(p)) {
 		/* FIXME: can we save some information here? */
 		audit_log_format(ab, "<toolong>");
 	} else {
-				/* path isn't at start of buffer */
-		len = (ab->tmp + ab->size - 1) - p;
-		memmove(ab->tmp + ab->len, p, len);
-		ab->len   += len;
+		/* path isn't at start of buffer */
+		len = ((char *)skb->tail + avail - 1) - p;
+		memmove(skb->tail, p, len);
+		skb_put(skb, len);
 	}
 }
 
@@ -873,7 +844,6 @@ static void audit_log_end_fast(struct audit_buffer *ab)
 	if (!audit_rate_check()) {
 		audit_log_lost("rate limit exceeded");
 	} else {
-		audit_log_move(ab);
 		if (audit_log_drain(ab))
 			return;
 	}