From patchwork Mon Dec 19 17:54:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ondrej Mosnacek X-Patchwork-Id: 13076953 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5DB3CC4167B for ; Mon, 19 Dec 2022 17:55:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231702AbiLSRzr (ORCPT ); Mon, 19 Dec 2022 12:55:47 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60372 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231726AbiLSRzp (ORCPT ); Mon, 19 Dec 2022 12:55:45 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7F76512751 for ; Mon, 19 Dec 2022 09:54:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1671472497; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=s8EQJBe1ACqmTPnCsFrmQTUM9ZhpffhytSBj2Oj+XKs=; b=PM7FZ7iUyFADfddEhrxMWM43k9hcOGhZSHCnX6dkCpmHLYrVXaI/MNh6+0vlvgTNNIrZDb OFjfPSqRNtngH3N6MlK1SPY5dOxJ38GINjCW6gXahKUkwmPXlNtwkiRvar6OwAx586S2jM TOSkj9XjZJvfUaQ9OUWeMzAngfxPpdw= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-311-hPQ7a9HqPfyd-H09Ky5zFQ-1; Mon, 19 Dec 2022 12:54:56 -0500 X-MC-Unique: hPQ7a9HqPfyd-H09Ky5zFQ-1 Received: by mail-ej1-f71.google.com with SMTP id hq42-20020a1709073f2a00b007c100387d64so6578827ejc.3 for ; Mon, 19 Dec 2022 09:54:56 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=s8EQJBe1ACqmTPnCsFrmQTUM9ZhpffhytSBj2Oj+XKs=; b=kOKg6e6r63dsvxoETFZqsxvL2QeSGf3/DlkK2IvKZJiK/H4hMHqjGzNzxump+O7oBO awQgoxS27lNLn5GOz5MNE43bDrP8zGupdbMtxg9SVfFK4QLEfkWpaiIUETn2kFop/tdM wPDr8a9kjY+ZWB+VlEzuLIYOKIwNiFQ51aHK5cB2xjcKnJH+is2nnVPjD0qvvWOOXLHX 9S6Uadr3QLAjvrbbQDuPA8BbxMDlp66F9tZcuSDyRqI4ScxtHdIeXdbHGZl/KXTftmV4 efBjnRdxOeRVPWl+O6YjBJDudT4yo6Z2/HBb30/8vOo5823LikChCn++TVrUgdTxX87r wPJA== X-Gm-Message-State: ANoB5pnGqJc4j/bPm64DGe/UlrFLn05uZg8KvHDvJjZ0IBFW1EXVj+AF zKr0wWkeZj0JOlww+EOFtV90r/67K9wp/p/om/rh5lSgzX3PkCn5Nhbpx1q6voz4nYLgIOekKu3 VnNatdCx5+EO4N+5AYMf79oHvgK96XR1GlZEp X-Received: by 2002:a17:906:698f:b0:7ad:d250:b903 with SMTP id i15-20020a170906698f00b007add250b903mr48341347ejr.56.1671472494473; Mon, 19 Dec 2022 09:54:54 -0800 (PST) X-Google-Smtp-Source: AA0mqf6YLtenQUjr2R0cuTQaiwIA9ywz+DM8e52twvcfKvsLPFUnaFvMUzZOwGwHSPNzGMgA0eMYNg== X-Received: by 2002:a17:906:698f:b0:7ad:d250:b903 with SMTP id i15-20020a170906698f00b007add250b903mr48341337ejr.56.1671472494319; Mon, 19 Dec 2022 09:54:54 -0800 (PST) Received: from localhost.localdomain ([2a02:8308:b104:2c00:2e8:ec99:5760:fb52]) by smtp.gmail.com with ESMTPSA id g4-20020a1709063b0400b007bdc2de90e6sm4604210ejf.42.2022.12.19.09.54.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 Dec 2022 09:54:53 -0800 (PST) From: Ondrej Mosnacek To: Paul Moore Cc: selinux@vger.kernel.org, linux-audit@redhat.com, linux-security-module@vger.kernel.org, =?utf-8?q?Thi=C3=A9baud_Weksteen?= , Peter Enderborg , Michal Sekletar , Zdenek Pytela Subject: [PATCH 1/2] audit: introduce a struct to represent an audit timestamp Date: Mon, 19 Dec 2022 18:54:48 +0100 Message-Id: <20221219175449.1657640-2-omosnace@redhat.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221219175449.1657640-1-omosnace@redhat.com> References: <20221219175449.1657640-1-omosnace@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: bulk List-ID: Join the two fields that comprise an audit timestamp into a common structure. This will be used further in later commits. Signed-off-by: Ondrej Mosnacek --- include/linux/audit.h | 5 +++++ kernel/audit.c | 16 ++++++++-------- kernel/audit.h | 4 ++-- kernel/auditsc.c | 9 ++++----- 4 files changed, 19 insertions(+), 15 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index 3608992848d3..788ab93c3be4 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -84,6 +84,11 @@ enum audit_ntp_type { AUDIT_NTP_NVALS /* count */ }; +struct audit_timestamp { + struct timespec64 t; + unsigned int serial; +}; + #ifdef CONFIG_AUDITSYSCALL struct audit_ntp_val { long long oldval, newval; diff --git a/kernel/audit.c b/kernel/audit.c index 9bc0b0301198..aded2d69ea69 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1818,11 +1818,11 @@ unsigned int audit_serial(void) } static inline void audit_get_stamp(struct audit_context *ctx, - struct timespec64 *t, unsigned int *serial) + struct audit_timestamp *ts) { - if (!ctx || !auditsc_get_stamp(ctx, t, serial)) { - ktime_get_coarse_real_ts64(t); - *serial = audit_serial(); + if (!ctx || !auditsc_get_stamp(ctx, ts)) { + ktime_get_coarse_real_ts64(&ts->t); + ts->serial = audit_serial(); } } @@ -1845,8 +1845,7 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) { struct audit_buffer *ab; - struct timespec64 t; - unsigned int serial; + struct audit_timestamp ts; if (audit_initialized != AUDIT_INITIALIZED) return NULL; @@ -1901,12 +1900,13 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, return NULL; } - audit_get_stamp(ab->ctx, &t, &serial); + audit_get_stamp(ab->ctx, &ts); /* cancel dummy context to enable supporting records */ if (ctx) ctx->dummy = 0; audit_log_format(ab, "audit(%llu.%03lu:%u): ", - (unsigned long long)t.tv_sec, t.tv_nsec/1000000, serial); + (unsigned long long)ts.t.tv_sec, ts.t.tv_nsec/1000000, + ts.serial); return ab; } diff --git a/kernel/audit.h b/kernel/audit.h index c57b008b9914..e3ea00ea399a 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -262,7 +262,7 @@ extern void audit_put_tty(struct tty_struct *tty); #ifdef CONFIG_AUDITSYSCALL extern unsigned int audit_serial(void); extern int auditsc_get_stamp(struct audit_context *ctx, - struct timespec64 *t, unsigned int *serial); + struct audit_timestamp *ts); extern void audit_put_watch(struct audit_watch *watch); extern void audit_get_watch(struct audit_watch *watch); @@ -303,7 +303,7 @@ extern void audit_filter_inodes(struct task_struct *tsk, struct audit_context *ctx); extern struct list_head *audit_killed_trees(void); #else /* CONFIG_AUDITSYSCALL */ -#define auditsc_get_stamp(c, t, s) 0 +#define auditsc_get_stamp(c, ts) 0 #define audit_put_watch(w) do { } while (0) #define audit_get_watch(w) do { } while (0) #define audit_to_watch(k, p, l, o) (-EINVAL) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 9f8c05228d6d..061009ba9959 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2513,16 +2513,15 @@ EXPORT_SYMBOL_GPL(__audit_inode_child); * * Also sets the context as auditable. */ -int auditsc_get_stamp(struct audit_context *ctx, - struct timespec64 *t, unsigned int *serial) +int auditsc_get_stamp(struct audit_context *ctx, struct audit_timestamp *ts) { if (ctx->context == AUDIT_CTX_UNUSED) return 0; if (!ctx->serial) ctx->serial = audit_serial(); - t->tv_sec = ctx->ctime.tv_sec; - t->tv_nsec = ctx->ctime.tv_nsec; - *serial = ctx->serial; + ts->t.tv_sec = ctx->ctime.tv_sec; + ts->t.tv_nsec = ctx->ctime.tv_nsec; + ts->serial = ctx->serial; if (!ctx->prio) { ctx->prio = 1; ctx->current_state = AUDIT_STATE_RECORD;