[PATCH v2 17/24] audit: Use timespec64 to represent audit timestamps

Richard Guy Briggs rgb at redhat.com
Mon Jun 20 15:16:42 UTC 2016 

On 2016-06-19 17:27, Deepa Dinamani wrote:
> struct timespec is not y2038 safe.
> Audit timestamps are recorded in string format into
> an audit buffer for a given context.
> These mark the entry timestamps for the syscalls.
> Use y2038 safe struct timespec64 to represent the times.
> The log strings can handle this transition as strings can
> hold upto 1024 characters.
> 
> Signed-off-by: Deepa Dinamani <deepa.kernel at gmail.com>
> Cc: Paul Moore <paul at paul-moore.com>
> Cc: Eric Paris <eparis at redhat.com>
> Cc: linux-audit at redhat.com
> Acked-by: Paul Moore <paul at paul-moore.com>

Acked-by: Richard Guy Briggs <rgb at redhat.com>

> ---
>  include/linux/audit.h |  4 ++--
>  kernel/audit.c        | 10 +++++-----
>  kernel/audit.h        |  2 +-
>  kernel/auditsc.c      |  6 +++---
>  4 files changed, 11 insertions(+), 11 deletions(-)
> 
> diff --git a/include/linux/audit.h b/include/linux/audit.h
> index 961a417..2f6a1123 100644
> --- a/include/linux/audit.h
> +++ b/include/linux/audit.h
> @@ -335,7 +335,7 @@ static inline void audit_ptrace(struct task_struct *t)
>  				/* Private API (for audit.c only) */
>  extern unsigned int audit_serial(void);
>  extern int auditsc_get_stamp(struct audit_context *ctx,
> -			      struct timespec *t, unsigned int *serial);
> +			      struct timespec64 *t, unsigned int *serial);
>  extern int audit_set_loginuid(kuid_t loginuid);
>  
>  static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
> @@ -510,7 +510,7 @@ static inline void __audit_seccomp(unsigned long syscall, long signr, int code)
>  static inline void audit_seccomp(unsigned long syscall, long signr, int code)
>  { }
>  static inline int auditsc_get_stamp(struct audit_context *ctx,
> -			      struct timespec *t, unsigned int *serial)
> +			      struct timespec64 *t, unsigned int *serial)
>  {
>  	return 0;
>  }
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 22bb4f2..6c2f405 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -1325,10 +1325,10 @@ unsigned int audit_serial(void)
>  }
>  
>  static inline void audit_get_stamp(struct audit_context *ctx,
> -				   struct timespec *t, unsigned int *serial)
> +				   struct timespec64 *t, unsigned int *serial)
>  {
>  	if (!ctx || !auditsc_get_stamp(ctx, t, serial)) {
> -		*t = CURRENT_TIME;
> +		ktime_get_real_ts64(t);
>  		*serial = audit_serial();
>  	}
>  }
> @@ -1370,7 +1370,7 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
>  				     int type)
>  {
>  	struct audit_buffer	*ab	= NULL;
> -	struct timespec		t;
> +	struct timespec64	t;
>  	unsigned int		uninitialized_var(serial);
>  	int reserve = 5; /* Allow atomic callers to go up to five
>  			    entries over the normal backlog limit */
> @@ -1422,8 +1422,8 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
>  
>  	audit_get_stamp(ab->ctx, &t, &serial);
>  
> -	audit_log_format(ab, "audit(%lu.%03lu:%u): ",
> -			 t.tv_sec, t.tv_nsec/1000000, serial);
> +	audit_log_format(ab, "audit(%llu.%03lu:%u): ",
> +			 (unsigned long long)t.tv_sec, t.tv_nsec/1000000, serial);
>  	return ab;
>  }
>  
> diff --git a/kernel/audit.h b/kernel/audit.h
> index cbbe6bb..029d674 100644
> --- a/kernel/audit.h
> +++ b/kernel/audit.h
> @@ -111,7 +111,7 @@ struct audit_context {
>  	enum audit_state    state, current_state;
>  	unsigned int	    serial;     /* serial number for record */
>  	int		    major;      /* syscall number */
> -	struct timespec	    ctime;      /* time of syscall entry */
> +	struct timespec64   ctime;      /* time of syscall entry */
>  	unsigned long	    argv[4];    /* syscall arguments */
>  	long		    return_code;/* syscall return code */
>  	u64		    prio;
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index fb1a3df..591c726 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -1527,7 +1527,7 @@ void __audit_syscall_entry(int major, unsigned long a1, unsigned long a2,
>  		return;
>  
>  	context->serial     = 0;
> -	context->ctime      = CURRENT_TIME;
> +	ktime_get_real_ts64(&context->ctime);
>  	context->in_syscall = 1;
>  	context->current_state  = state;
>  	context->ppid       = 0;
> @@ -1936,13 +1936,13 @@ EXPORT_SYMBOL_GPL(__audit_inode_child);
>  /**
>   * auditsc_get_stamp - get local copies of audit_context values
>   * @ctx: audit_context for the task
> - * @t: timespec to store time recorded in the audit_context
> + * @t: timespec64 to store time recorded in the audit_context
>   * @serial: serial value that is recorded in the audit_context
>   *
>   * Also sets the context as auditable.
>   */
>  int auditsc_get_stamp(struct audit_context *ctx,
> -		       struct timespec *t, unsigned int *serial)
> +		       struct timespec64 *t, unsigned int *serial)
>  {
>  	if (!ctx->in_syscall)
>  		return 0;
> -- 
> 1.9.1
> 
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit

- RGB

--
Richard Guy Briggs <rgb at redhat.com>
Kernel Security Engineering, Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635

More information about the Linux-audit mailing list