[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <15760445.1IAucOxmWy@x2>
Date: Thu, 09 Jun 2016 10:31:33 -0400
From: Steve Grubb <sgrubb@...hat.com>
To: linux-audit@...hat.com
Cc: Deepa Dinamani <deepa.kernel@...il.com>,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
Arnd Bergmann <arnd@...db.de>, y2038@...ts.linaro.org,
Al Viro <viro@...iv.linux.org.uk>,
Thomas Gleixner <tglx@...utronix.de>,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH 17/21] audit: Use timespec64 to represent audit timestamps
On Wednesday, June 08, 2016 10:05:01 PM Deepa Dinamani wrote:
> struct timespec is not y2038 safe.
> Audit timestamps are recorded in string format into
> an audit buffer for a given context.
> These mark the entry timestamps for the syscalls.
> Use y2038 safe struct timespec64 to represent the times.
> The log strings can handle this transition as strings can
> hold upto 1024 characters.
Have you tested this with ausearch or any audit utilities? As an aside, a time
stamp that is up to 1024 characters long is terribly wasteful considering how
many events we get.
-Steve
> Signed-off-by: Deepa Dinamani <deepa.kernel@...il.com>
> Cc: Paul Moore <paul@...l-moore.com>
> Cc: Eric Paris <eparis@...hat.com>
> Cc: linux-audit@...hat.com
> ---
> include/linux/audit.h | 4 ++--
> kernel/audit.c | 10 +++++-----
> kernel/audit.h | 2 +-
> kernel/auditsc.c | 6 +++---
> 4 files changed, 11 insertions(+), 11 deletions(-)
>
> diff --git a/include/linux/audit.h b/include/linux/audit.h
> index 961a417..2f6a1123 100644
> --- a/include/linux/audit.h
> +++ b/include/linux/audit.h
> @@ -335,7 +335,7 @@ static inline void audit_ptrace(struct task_struct *t)
> /* Private API (for audit.c only) */
> extern unsigned int audit_serial(void);
> extern int auditsc_get_stamp(struct audit_context *ctx,
> - struct timespec *t, unsigned int *serial);
> + struct timespec64 *t, unsigned int *serial);
> extern int audit_set_loginuid(kuid_t loginuid);
>
> static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
> @@ -510,7 +510,7 @@ static inline void __audit_seccomp(unsigned long
> syscall, long signr, int code) static inline void audit_seccomp(unsigned
> long syscall, long signr, int code) { }
> static inline int auditsc_get_stamp(struct audit_context *ctx,
> - struct timespec *t, unsigned int *serial)
> + struct timespec64 *t, unsigned int *serial)
> {
> return 0;
> }
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 22bb4f2..6c2f405 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -1325,10 +1325,10 @@ unsigned int audit_serial(void)
> }
>
> static inline void audit_get_stamp(struct audit_context *ctx,
> - struct timespec *t, unsigned int *serial)
> + struct timespec64 *t, unsigned int *serial)
> {
> if (!ctx || !auditsc_get_stamp(ctx, t, serial)) {
> - *t = CURRENT_TIME;
> + ktime_get_real_ts64(t);
> *serial = audit_serial();
> }
> }
> @@ -1370,7 +1370,7 @@ struct audit_buffer *audit_log_start(struct
> audit_context *ctx, gfp_t gfp_mask, int type)
> {
> struct audit_buffer *ab = NULL;
> - struct timespec t;
> + struct timespec64 t;
> unsigned int uninitialized_var(serial);
> int reserve = 5; /* Allow atomic callers to go up to five
> entries over the normal backlog limit */
> @@ -1422,8 +1422,8 @@ struct audit_buffer *audit_log_start(struct
> audit_context *ctx, gfp_t gfp_mask,
>
> audit_get_stamp(ab->ctx, &t, &serial);
>
> - audit_log_format(ab, "audit(%lu.%03lu:%u): ",
> - t.tv_sec, t.tv_nsec/1000000, serial);
> + audit_log_format(ab, "audit(%llu.%03lu:%u): ",
> + (unsigned long long)t.tv_sec, t.tv_nsec/1000000, serial);
> return ab;
> }
>
> diff --git a/kernel/audit.h b/kernel/audit.h
> index cbbe6bb..029d674 100644
> --- a/kernel/audit.h
> +++ b/kernel/audit.h
> @@ -111,7 +111,7 @@ struct audit_context {
> enum audit_state state, current_state;
> unsigned int serial; /* serial number for record */
> int major; /* syscall number */
> - struct timespec ctime; /* time of syscall entry */
> + struct timespec64 ctime; /* time of syscall entry */
> unsigned long argv[4]; /* syscall arguments */
> long return_code;/* syscall return code */
> u64 prio;
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 62ab53d..ecebb3c 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -1523,7 +1523,7 @@ void __audit_syscall_entry(int major, unsigned long
> a1, unsigned long a2, return;
>
> context->serial = 0;
> - context->ctime = CURRENT_TIME;
> + ktime_get_real_ts64(&context->ctime);
> context->in_syscall = 1;
> context->current_state = state;
> context->ppid = 0;
> @@ -1932,13 +1932,13 @@ EXPORT_SYMBOL_GPL(__audit_inode_child);
> /**
> * auditsc_get_stamp - get local copies of audit_context values
> * @ctx: audit_context for the task
> - * @t: timespec to store time recorded in the audit_context
> + * @t: timespec64 to store time recorded in the audit_context
> * @serial: serial value that is recorded in the audit_context
> *
> * Also sets the context as auditable.
> */
> int auditsc_get_stamp(struct audit_context *ctx,
> - struct timespec *t, unsigned int *serial)
> + struct timespec64 *t, unsigned int *serial)
> {
> if (!ctx->in_syscall)
> return 0;
Powered by blists - more mailing lists