Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp88057yba; Mon, 1 Apr 2019 02:18:21 -0700 (PDT) X-Google-Smtp-Source: APXvYqzE9C0OBMsytDdxPK/PwrFHEwnoORQFcMwU33CLyB5ZKm5SJZ8RLP9o3BwZn7B+iVBoLCrw X-Received: by 2002:a62:b418:: with SMTP id h24mr52420319pfn.145.1554110301611; Mon, 01 Apr 2019 02:18:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554110301; cv=none; d=google.com; s=arc-20160816; b=CcVHSxSLdnLI+9W1HheV+f+fXDaMIu+XIHciEKT+DRVtKiaRKH/oQTxmwE3N3N4jbp z3Z+0+fGuuK+ktNgulzLGhSTo1ePQOZaF+wr8KJgp1F5+dk6DtmbTUUg6o6SuAnaWuSD i+FfGRXTh9XLjgihFcXjU06XMaUksMTAUipu51yog8H/AxOAaulguqNWIMFIbDstU6aW S+TpLt5m631DXfhXlm0VeAq/oUP/PPVjBCnqtEFg223Mq4dRksK+2Rdc2ZJEHROUEvlT 6M6BZUfaV//NhnGpu4GiCgeDNJq2SOHXK+gepm38yOtzDfVfJdJzPBu+1253OIlziBgb LH+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version; bh=N+oLSmWs9QxUqdsB5rde/qXE+3wWFB5/ZGcVSlmjCb8=; b=avJjBhme/bM5STDrcg6/sN/W/FV1yy1h2RAtxXw4KuNj2U4AoE+SwZ1WlhSVyJWHpg E55R6FXnJYI5JfvwbKhcdrd8PCYZeSGHtxekFo1LiAuRMqImduNDZfU8hW22iUrHn7Fg FTZS3EBkht0fEFQfXwwCgI4jXrcD9zXVc/G68Zat+DzdMQuYLOMd0zrzHZfBJNPTmzeH oUwKmz9BdgCafwFCXKIaBpo0PhYzGOdRs4i/LAFpjB30A7O46nxum78HgERlqIdH6d9k GGlv49cuNvGobjRbrTLR4oFVt6kNa/QZVG/IuC7FAPHTvdIZIjyINsQ8OMlTC9SeSGVz Z+Uw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q7si8293400pls.259.2019.04.01.02.18.06; Mon, 01 Apr 2019 02:18:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725882AbfDAJRA (ORCPT + 99 others); Mon, 1 Apr 2019 05:17:00 -0400 Received: from mail-ot1-f66.google.com ([209.85.210.66]:44428 "EHLO mail-ot1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725817AbfDAJRA (ORCPT ); Mon, 1 Apr 2019 05:17:00 -0400 Received: by mail-ot1-f66.google.com with SMTP id d24so7846168otl.11 for ; Mon, 01 Apr 2019 02:17:00 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=N+oLSmWs9QxUqdsB5rde/qXE+3wWFB5/ZGcVSlmjCb8=; b=S8JBeb53/blhPSzaHxV3dms29S6P4F6t5b4HY7tHr5WHpMe0aaoOYLZ08bjow6grM5 SORSZ4HHK6YjSQQai58YlaaEwk1vgVXYjMe1RyO3mHpcSITx78SMEacJR15orLR1sIw4 9QMaYlu3S+mESzlJss8OjeidFxe4nM0HkMI8P7mCdvP8mrAAU7ruT78V+ZXKpguANiB9 xB8NncQKZfnGJOJSo6j7vj/ZG3p3jGeq/G+B/o8FK3BLsedrbLzxWxsu2r6RSduvSh52 5TLse8H2W1fV3RlaR3S2a8fovyD/+1AjJxz+cEP+Wfe9CmXnW3E7qkawcHbqGSD5t6rv 0BCg== X-Gm-Message-State: APjAAAVbtncGOJSmsd9/A0QEtZOjPR4B0P68XSWeBKfCupS8CA5P88T2 CEKjKyg6zTixJImu+T5vhNzTshWbJPQbNOHsAfZelQ== X-Received: by 2002:a9d:5e90:: with SMTP id f16mr14460185otl.86.1554110219669; Mon, 01 Apr 2019 02:16:59 -0700 (PDT) MIME-Version: 1.0 References: <20190307123254.348-1-omosnace@redhat.com> <20190307123254.348-2-omosnace@redhat.com> In-Reply-To: From: Ondrej Mosnacek Date: Mon, 1 Apr 2019 11:16:48 +0200 Message-ID: Subject: Re: [RFC PATCH ghak10 v6 1/2] timekeeping: Audit clock adjustments To: Thomas Gleixner Cc: Linux-Audit Mailing List , Paul Moore , Richard Guy Briggs , Steve Grubb , Miroslav Lichvar , John Stultz , Stephen Boyd , Linux kernel mailing list Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 28, 2019 at 1:09 AM Thomas Gleixner wrote: > On Thu, 7 Mar 2019, Ondrej Mosnacek wrote: > > --- a/kernel/auditsc.c > > +++ b/kernel/auditsc.c > > @@ -2512,6 +2512,14 @@ void __audit_fanotify(unsigned int response) > > AUDIT_FANOTIFY, "resp=%u", response); > > } > > > > +/* We need to allocate with GFP_ATOMIC here, since these two functions will be > > + * called while holding the timekeeping lock: */ > > Audit is no justification for doing ATOMIC allocations just because it's > convenient in the middle of code which blocks every concurrent reader. > > Please find a place outside of the timekeeper lock to do that audit > logging. Either that or allocate your buffer upfront in a preemptible > section and commit after the critical section. > > /* > * Aside of that please use proper multiline comment style and not this > * horrible other one. > */ Oh, sorry, I wrote that code last summer, when I didn't quite have the kernel coding style in my blood yet :) But fortunately I shouldn't need that comment at all in the next version... > > > +void __audit_tk_injoffset(struct timespec64 offset) > > +{ > > + audit_log(audit_context(), GFP_ATOMIC, AUDIT_TIME_INJOFFSET, > > + "sec=%lli nsec=%li", (long long)offset.tv_sec, offset.tv_nsec); > > +} > > + > > @@ -1250,6 +1251,9 @@ out: > > /* signal hrtimers about time change */ > > clock_was_set(); > > > > + if (!ret) > > + audit_tk_injoffset(ts_delta); > > This one does not need GFP_ATOMIC at all. > > > + > > return ret; > > } > > EXPORT_SYMBOL(do_settimeofday64); > > @@ -2322,6 +2326,8 @@ int do_adjtimex(struct timex *txc) > > ret = timekeeping_inject_offset(&delta); > > if (ret) > > return ret; > > + > > + audit_tk_injoffset(delta); > > } > > > > ktime_get_real_ts64(&ts); > > This can be done at the end of do_adjtimex() quite nicely in preemptible > context. But wait, isn't this call outside of the critical section as well? (I must have been moving the call around when I was writing the code and didn't realize that this function actually doesn't need GFP_ATOMIC at all...) Or am I missing something? -- Ondrej Mosnacek Software Engineer, Security Technologies Red Hat, Inc.