Re: [PATCH] audit: convert status version to a feature bitmap

On Thu, 2014-11-13 at 15:29 -0500, Richard Guy Briggs wrote: > The version field defined in the audit status structure was found to have > limitations in terms of its expressibility of features supported. This is > distict from the get/set features call to be able to command those features > that are present. > > Converting this field from a version number to a feature bitmap will allow > distributions to selectively backport and support certain features and will > allow upstream to be able to deprecate features in the future. It will allow > userspace clients to first query the kernel for which features are actually > present and supported. Currently, EINVAL is returned rather than EOPNOTSUP, > which isn't helpful in determining if there was an error in the command, or if > it simply isn't supported yet. Past features are not represented by this > bitmap, but their use may be converted to EOPNOTSUP if needed in the future. Maybe use DECLARE_BITMAP instead of u32 and test_bit/set_bit

> diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h > @@ -322,9 +322,15 @@ enum { > #define AUDIT_STATUS_BACKLOG_LIMIT 0x0010 > #define AUDIT_STATUS_BACKLOG_WAIT_TIME 0x0020 > > -#define AUDIT_VERSION_BACKLOG_LIMIT 1 > -#define AUDIT_VERSION_BACKLOG_WAIT_TIME 2 > -#define AUDIT_VERSION_LATEST AUDIT_VERSION_BACKLOG_WAIT_TIME > +#define AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT 0x00000001 > +#define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME 0x00000002 > +#define AUDIT_FEATURE_BITMAP ( AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT | \ > + AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME ) > + > +/* deprecated: AUDIT_VERSION_* */ > +#define AUDIT_VERSION_LATEST AUDIT_FEATURE_BITMAP > +#define AUDIT_VERSION_BACKLOG_LIMIT AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT > +#define AUDIT_VERSION_BACKLOG_WAIT_TIME AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME > > /* Failure-to-log actions */ > #define AUDIT_FAIL_SILENT 0 > @@ -403,7 +409,10 @@ struct audit_status { > __u32 backlog_limit; /* waiting messages limit */ > __u32 lost; /* messages lost */ > __u32 backlog; /* messages waiting in queue */ > - __u32 version; /* audit api version number */ > + union { > + __u32 version; /* deprecated: audit api version num */ > + __u32 feature_bitmap; /* bitmap of kernel audit features */ > + }; > __u32 backlog_wait_time;/* message queue wait timeout */ > }; > > diff --git a/kernel/audit.c b/kernel/audit.c > index 8ee4508..c9d0e30 100644 > --- a/kernel/audit.c > +++ b/kernel/audit.c > @@ -842,7 +842,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) > s.backlog_limit = audit_backlog_limit; > s.lost = atomic_read(&audit_lost); > s.backlog = skb_queue_len(&audit_skb_queue); > - s.version = AUDIT_VERSION_LATEST; > + s.feature_bitmap = AUDIT_FEATURE_BITMAP; > s.backlog_wait_time = audit_backlog_wait_time; > audit_send_reply(skb, seq, AUDIT_GET, 0, 0, &s, sizeof(s)); > break;