Allow the user process to query the kernel's notion of a maximum

audit record size at run-time, which can be used by the user
process to size the user space buffer it reads into from the audit
pipe.

Perforce change:	105098
Obtained from:		TrustedBSD Project

share/man/man4/auditpipe.4

@@ -74,7 +74,7 @@ preselection parameters independent of the global audit trail parameters.
 .Ss Audit Pipe Queue Ioctls
 The following ioctls retrieve and set various audit pipe record queue
 properties:
-.Bl -tag -width AUDITPIPE_GET_QLIMIT_MIN
+.Bl -tag -width AUDITPIPE_GET_MAXAUDITDATA
 .It AUDITPIPE_GET_QLEN
 Query the current number of records available for reading on the pipe.
 .It AUDITPIPE_GET_QLIMIT
@@ -95,6 +95,9 @@ reading on the pipe.
 Flush all outstanding records on the audit pipe; useful after setting initial
 preselection properties to delete records queued during the configuration
 process which may not match the interests of the user process.
+.It AUDITPIPE_GET_MAXAUDITDATA
+Query the maximum size of an audit record, which is a useful minimum size for
+a user space buffer intended to hold audit records read from the audit pipe.
 .El
 .Ss Audit Pipe Preselection Mode Ioctls
 By default, the audit pipe facility configures pipes to present records

sys/security/audit/audit_ioctl.h

@@ -73,6 +73,7 @@ struct auditpipe_ioctl_preselect {
 #define	AUDITPIPE_GET_PRESELECT_MODE	_IOR(AUDITPIPE_IOBASE, 14, int)
 #define	AUDITPIPE_SET_PRESELECT_MODE	_IOW(AUDITPIPE_IOBASE, 15, int)
 #define	AUDITPIPE_FLUSH			_IO(AUDITPIPE_IOBASE, 16)
+#define	AUDITPIPE_GET_MAXAUDITDATA	_IOR(AUDITPIPE_IOBASE, 17, u_int)
 
 /*
  * Ioctls to retrieve audit pipe statistics.

sys/security/audit/audit_pipe.c

@@ -855,6 +855,11 @@ audit_pipe_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag,
 		error = 0;
 		break;
 
+	case AUDITPIPE_GET_MAXAUDITDATA:
+		*(u_int *)data = MAXAUDITDATA;
+		error = 0;
+		break;
+
 	case AUDITPIPE_GET_INSERTS:
 		*(u_int *)data = ap->ap_inserts;
 		error = 0;