tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

audit: create audit_stamp structure

Replace the timestamp and serial number pair used in audit records
with a structure containing the two elements.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
[PM: subj tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>

authored by

Casey Schaufler and committed by
Paul Moore 0a561e39 70d00858

+27 -25
+9 -8
kernel/audit.c
··· 1833 1833 } 1834 1834 1835 1835 static inline void audit_get_stamp(struct audit_context *ctx, 1836 - struct timespec64 *t, unsigned int *serial) 1836 + struct audit_stamp *stamp) 1837 1837 { 1838 - if (!ctx || !auditsc_get_stamp(ctx, t, serial)) { 1839 - ktime_get_coarse_real_ts64(t); 1840 - *serial = audit_serial(); 1838 + if (!ctx || !auditsc_get_stamp(ctx, stamp)) { 1839 + ktime_get_coarse_real_ts64(&stamp->ctime); 1840 + stamp->serial = audit_serial(); 1841 1841 } 1842 1842 } 1843 1843 ··· 1860 1860 int type) 1861 1861 { 1862 1862 struct audit_buffer *ab; 1863 - struct timespec64 t; 1864 - unsigned int serial; 1863 + struct audit_stamp stamp; 1865 1864 1866 1865 if (audit_initialized != AUDIT_INITIALIZED) 1867 1866 return NULL; ··· 1915 1916 return NULL; 1916 1917 } 1917 1918 1918 - audit_get_stamp(ab->ctx, &t, &serial); 1919 + audit_get_stamp(ab->ctx, &stamp); 1919 1920 /* cancel dummy context to enable supporting records */ 1920 1921 if (ctx) 1921 1922 ctx->dummy = 0; 1922 1923 audit_log_format(ab, "audit(%llu.%03lu:%u): ", 1923 - (unsigned long long)t.tv_sec, t.tv_nsec/1000000, serial); 1924 + (unsigned long long)stamp.ctime.tv_sec, 1925 + stamp.ctime.tv_nsec/1000000, 1926 + stamp.serial); 1924 1927 1925 1928 return ab; 1926 1929 }
+9 -4
kernel/audit.h
··· 99 99 char *value; /* the cmdline field */ 100 100 }; 101 101 102 + /* A timestamp/serial pair to identify an event */ 103 + struct audit_stamp { 104 + struct timespec64 ctime; /* time of syscall entry */ 105 + unsigned int serial; /* serial number for record */ 106 + }; 107 + 102 108 /* The per-task audit context. */ 103 109 struct audit_context { 104 110 int dummy; /* must be the first element */ ··· 114 108 AUDIT_CTX_URING, /* in use by io_uring */ 115 109 } context; 116 110 enum audit_state state, current_state; 117 - unsigned int serial; /* serial number for record */ 111 + struct audit_stamp stamp; /* event identifier */ 118 112 int major; /* syscall number */ 119 113 int uring_op; /* uring operation */ 120 - struct timespec64 ctime; /* time of syscall entry */ 121 114 unsigned long argv[4]; /* syscall arguments */ 122 115 long return_code;/* syscall return code */ 123 116 u64 prio; ··· 268 263 extern unsigned int audit_serial(void); 269 264 #ifdef CONFIG_AUDITSYSCALL 270 265 extern int auditsc_get_stamp(struct audit_context *ctx, 271 - struct timespec64 *t, unsigned int *serial); 266 + struct audit_stamp *stamp); 272 267 273 268 extern void audit_put_watch(struct audit_watch *watch); 274 269 extern void audit_get_watch(struct audit_watch *watch); ··· 309 304 struct audit_context *ctx); 310 305 extern struct list_head *audit_killed_trees(void); 311 306 #else /* CONFIG_AUDITSYSCALL */ 312 - #define auditsc_get_stamp(c, t, s) 0 307 + #define auditsc_get_stamp(c, s) 0 313 308 #define audit_put_watch(w) do { } while (0) 314 309 #define audit_get_watch(w) do { } while (0) 315 310 #define audit_to_watch(k, p, l, o) (-EINVAL)
+9 -13
kernel/auditsc.c
··· 994 994 */ 995 995 996 996 ctx->current_state = ctx->state; 997 - ctx->serial = 0; 997 + ctx->stamp.serial = 0; 998 + ctx->stamp.ctime = (struct timespec64){ .tv_sec = 0, .tv_nsec = 0 }; 998 999 ctx->major = 0; 999 1000 ctx->uring_op = 0; 1000 - ctx->ctime = (struct timespec64){ .tv_sec = 0, .tv_nsec = 0 }; 1001 1001 memset(ctx->argv, 0, sizeof(ctx->argv)); 1002 1002 ctx->return_code = 0; 1003 1003 ctx->prio = (ctx->state == AUDIT_STATE_RECORD ? ~0ULL : 0); ··· 1918 1918 1919 1919 ctx->context = AUDIT_CTX_URING; 1920 1920 ctx->current_state = ctx->state; 1921 - ktime_get_coarse_real_ts64(&ctx->ctime); 1921 + ktime_get_coarse_real_ts64(&ctx->stamp.ctime); 1922 1922 } 1923 1923 1924 1924 /** ··· 2040 2040 context->argv[3] = a4; 2041 2041 context->context = AUDIT_CTX_SYSCALL; 2042 2042 context->current_state = state; 2043 - ktime_get_coarse_real_ts64(&context->ctime); 2043 + ktime_get_coarse_real_ts64(&context->stamp.ctime); 2044 2044 } 2045 2045 2046 2046 /** ··· 2509 2509 /** 2510 2510 * auditsc_get_stamp - get local copies of audit_context values 2511 2511 * @ctx: audit_context for the task 2512 - * @t: timespec64 to store time recorded in the audit_context 2513 - * @serial: serial value that is recorded in the audit_context 2512 + * @stamp: timestamp to record 2514 2513 * 2515 2514 * Also sets the context as auditable. 2516 2515 */ 2517 - int auditsc_get_stamp(struct audit_context *ctx, 2518 - struct timespec64 *t, unsigned int *serial) 2516 + int auditsc_get_stamp(struct audit_context *ctx, struct audit_stamp *stamp) 2519 2517 { 2520 2518 if (ctx->context == AUDIT_CTX_UNUSED) 2521 2519 return 0; 2522 - if (!ctx->serial) 2523 - ctx->serial = audit_serial(); 2524 - t->tv_sec = ctx->ctime.tv_sec; 2525 - t->tv_nsec = ctx->ctime.tv_nsec; 2526 - *serial = ctx->serial; 2520 + if (!ctx->stamp.serial) 2521 + ctx->stamp.serial = audit_serial(); 2522 + *stamp = ctx->stamp; 2527 2523 if (!ctx->prio) { 2528 2524 ctx->prio = 1; 2529 2525 ctx->current_state = AUDIT_STATE_RECORD;