Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp3156889imm; Fri, 24 Aug 2018 11:35:00 -0700 (PDT) X-Google-Smtp-Source: ANB0Vda65oDP8YOKBmLHzr4JI3YUk/z+tEGcz71ayhIzv07cF10gARm34WsLfHc+Eo1hcLc9m3yB X-Received: by 2002:a63:990a:: with SMTP id d10-v6mr2788562pge.80.1535135700785; Fri, 24 Aug 2018 11:35:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535135700; cv=none; d=google.com; s=arc-20160816; b=dmm8HXhFOiP3oMUsDL5ovoO/0dU7Muhxm4wqDntFoN6D0iktRVnIqve/aotXV42C07 +taIl26GeC2cOzy04D+PUt/kapYfYIQ2xxmo0pQlUN6vGG2kx8SbdgfLsRGgUAJZp7l4 NPUXiQmKhuhwrGqfhLJp4bPU5yDXdeYTPLg4bN5VojEArayoXkBUhKXwJ+komk7PlSzO 0NMgpCtTdtWWF7KgAe5Udf3UA1WWwZP5vuCD7zMAhHo+NgvuMeOMZFtrm+4nKiMA1PiG 9JvJwEJm7EY7Sz0bs89nHXkzM5y5xyKrnLZNDkVw8LxVuslO63tJIPw2sgceUAx2twso iSQg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=68TodATwyQ8q+tJSMPrlzLpct6ImMwswJQejaPcpD3M=; b=QAMU1HO+qKgJeU8VWb+S2C0RdOocG0xJ3pKspx+SRZv3rf/8W6Oo2O299qG+B3U6u4 NGPglYF0C9XGIu8ZYGyhy1C82UU+4yq9V3HsZCbR5jpHvbgELo6B3ceinkcBRBFQTkOz zfT8qfcrMgfpq2GEHNVwYVdWQ7vammyADgNG+rTbKgTHt99E3bxt884oS9ptXCF5DocU 7akbWbKf0FbsDbUn91RodasXWc/O1XqcziMVeE/m0en1AHvrstHq7gzENza0mp289qaS qx/SMRJ6d/K5Fz1axGxC1pkUJ/CfZBFn417eJ9m2enPOgpzt+HXfsclJb7OV9IPXXgmM y44A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Le18FBhJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o6-v6si7505164plh.226.2018.08.24.11.34.45; Fri, 24 Aug 2018 11:35:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Le18FBhJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727317AbeHXWI4 (ORCPT + 99 others); Fri, 24 Aug 2018 18:08:56 -0400 Received: from mail-wm0-f66.google.com ([74.125.82.66]:34234 "EHLO mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726911AbeHXWI4 (ORCPT ); Fri, 24 Aug 2018 18:08:56 -0400 Received: by mail-wm0-f66.google.com with SMTP id m199-v6so4883236wma.1 for ; Fri, 24 Aug 2018 11:33:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=68TodATwyQ8q+tJSMPrlzLpct6ImMwswJQejaPcpD3M=; b=Le18FBhJmadSC0YiUul6Ka+7nxVgHBuxrd0lGH7n4QouWWa2NAVTf4YLeh/Oy7UcSf 2btoMV8/evRUI+Cu8THzo/73TEwPPbXQmPovC5VIaYqIRMDrv2Ks8WWKWVKn/vUlR7tn jIv4aXTaVIQm2VefK4nmvmJKfVX5e1Qo1bEek= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=68TodATwyQ8q+tJSMPrlzLpct6ImMwswJQejaPcpD3M=; b=OIll0DfBWoz32lO0x1kRvo28SsiVj0NXUPOsXJ6vkM23UYUD2gLtfgqIe7/JIdoKHK VEMtmG3cSrkEqW4Ro/QiiHNrXON4Jiz8EicGrfNsSyO5IeELWlJ1P2HO4pBUGPi1bRv3 qC43S4JiFOpjIA1oXPFifxl6ts4Bnm1IL8TXPtXTk59wu08gSXX2TuWiCvUeiZA536Xl culMd6sEbegERBTj5RXQ8sGD9Us+O+8+50nvJurJtKmNrFo1PZxdbdV9WL+5EtNxR1iN ydrgRgW2PhNnehq8TxY1NlZIC9aTVtvpdXiN/Pme6yJUHCXjPQryTHfdo1EtG6ITEnqv 4Buw== X-Gm-Message-State: APzg51ATotultiD/i8gQURJ2r8aX29MRBbtMXDwj/y5WLU9WbvbJfuRo JML7b/ItlgT4kwa3h07H7xUk7tZfXLPCHO5eKZgGHQ== X-Received: by 2002:a1c:1c92:: with SMTP id c140-v6mr1969147wmc.155.1535135587574; Fri, 24 Aug 2018 11:33:07 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a1c:c243:0:0:0:0:0 with HTTP; Fri, 24 Aug 2018 11:33:06 -0700 (PDT) In-Reply-To: <20180824120001.20771-2-omosnace@redhat.com> References: <20180824120001.20771-1-omosnace@redhat.com> <20180824120001.20771-2-omosnace@redhat.com> From: John Stultz Date: Fri, 24 Aug 2018 11:33:06 -0700 Message-ID: Subject: Re: [PATCH ghak10 v5 1/2] audit: Add functions to log time adjustments To: Ondrej Mosnacek Cc: linux-audit@redhat.com, Paul Moore , Richard Guy Briggs , Steve Grubb , Miroslav Lichvar , Thomas Gleixner , Stephen Boyd , lkml Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Aug 24, 2018 at 5:00 AM, Ondrej Mosnacek wrote: > This patch adds two auxiliary record types that will be used to annotate > the adjtimex SYSCALL records with the NTP/timekeeping values that have > been changed. > > Next, it adds two functions to the audit interface: > - audit_tk_injoffset(), which will be called whenever a timekeeping > offset is injected by a syscall from userspace, > - audit_ntp_adjust(), which will be called whenever an NTP internal > variable is changed by a syscall from userspace. > > Quick reference for the fields of the new records: > AUDIT_TIME_INJOFFSET > sec - the 'seconds' part of the offset > nsec - the 'nanoseconds' part of the offset > AUDIT_TIME_ADJNTPVAL > op - which value was adjusted: > offset - corresponding to the time_offset variable > freq - corresponding to the time_freq variable > status - corresponding to the time_status variable > adjust - corresponding to the time_adjust variable > tick - corresponding to the tick_usec variable > tai - corresponding to the timekeeping's TAI offset > old - the old value > new - the new value > > Signed-off-by: Ondrej Mosnacek > --- > include/linux/audit.h | 21 +++++++++++++++++++++ > include/uapi/linux/audit.h | 2 ++ > kernel/auditsc.c | 15 +++++++++++++++ > 3 files changed, 38 insertions(+) > > diff --git a/include/linux/audit.h b/include/linux/audit.h > index 9334fbef7bae..0d084d4b4042 100644 > --- a/include/linux/audit.h > +++ b/include/linux/audit.h > @@ -26,6 +26,7 @@ > #include > #include > #include > +#include > > #define AUDIT_INO_UNSET ((unsigned long)-1) > #define AUDIT_DEV_UNSET ((dev_t)-1) > @@ -356,6 +357,8 @@ extern void __audit_log_capset(const struct cred *new, const struct cred *old); > extern void __audit_mmap_fd(int fd, int flags); > extern void __audit_log_kern_module(char *name); > extern void __audit_fanotify(unsigned int response); > +extern void __audit_tk_injoffset(struct timespec64 offset); > +extern void __audit_ntp_adjust(const char *type, s64 oldval, s64 newval); > > static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) > { > @@ -458,6 +461,18 @@ static inline void audit_fanotify(unsigned int response) > __audit_fanotify(response); > } > > +static inline void audit_tk_injoffset(struct timespec64 offset) > +{ > + if (!audit_dummy_context()) > + __audit_tk_injoffset(offset); > +} > + > +static inline void audit_ntp_adjust(const char *type, s64 oldval, s64 newval) > +{ > + if (!audit_dummy_context()) > + __audit_ntp_adjust(type, oldval, newval); > +} > + > extern int audit_n_rules; > extern int audit_signals; > #else /* CONFIG_AUDITSYSCALL */ > @@ -584,6 +599,12 @@ static inline void audit_log_kern_module(char *name) > static inline void audit_fanotify(unsigned int response) > { } > > +static inline void audit_tk_injoffset(struct timespec64 offset) > +{ } > + > +static inline void audit_ntp_adjust(const char *type, s64 oldval, s64 newval) > +{ } > + > static inline void audit_ptrace(struct task_struct *t) > { } > #define audit_n_rules 0 > diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h > index 4e3eaba84175..242ce562b41a 100644 > --- a/include/uapi/linux/audit.h > +++ b/include/uapi/linux/audit.h > @@ -114,6 +114,8 @@ > #define AUDIT_REPLACE 1329 /* Replace auditd if this packet unanswerd */ > #define AUDIT_KERN_MODULE 1330 /* Kernel Module events */ > #define AUDIT_FANOTIFY 1331 /* Fanotify access decision */ > +#define AUDIT_TIME_INJOFFSET 1332 /* Timekeeping offset injected */ > +#define AUDIT_TIME_ADJNTPVAL 1333 /* NTP value adjustment */ > > #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ > #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > index fb207466e99b..d355d32d9765 100644 > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -2422,6 +2422,21 @@ void __audit_fanotify(unsigned int response) > AUDIT_FANOTIFY, "resp=%u", response); > } > > +/* We need to allocate with GFP_ATOMIC here, since these two functions will be > + * called while holding the timekeeping lock: */ > +void __audit_tk_injoffset(struct timespec64 offset) > +{ > + audit_log(audit_context(), GFP_ATOMIC, AUDIT_TIME_INJOFFSET, > + "sec=%lli nsec=%li", (long long)offset.tv_sec, offset.tv_nsec); > +} > + > +void __audit_ntp_adjust(const char *type, s64 oldval, s64 newval) > +{ > + audit_log(audit_context(), GFP_ATOMIC, AUDIT_TIME_ADJNTPVAL, > + "op=%s old=%lli new=%lli", type, > + (long long)oldval, (long long)newval); > +} So it looks like you've been careful here, but just want to make sure, nothing in the audit_log path calls anything that might possibly call back into timekeeping code? We've had a number of issues over time where debug calls out to other subsystems end up getting tweaked to add some timestamping and we deadlock. :) One approach we've done to make sure we don't create a trap for future changes in other subsystems, is avoid calling into other subsystems until later when we've dropped the locks, (see clock_was_set). Its a little rough for some of the things done deep in the ntp code, but might be an extra cautious approach to try. thanks -john