Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp88057yba;
        Mon, 1 Apr 2019 02:18:21 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzE9C0OBMsytDdxPK/PwrFHEwnoORQFcMwU33CLyB5ZKm5SJZ8RLP9o3BwZn7B+iVBoLCrw
X-Received: by 2002:a62:b418:: with SMTP id h24mr52420319pfn.145.1554110301611;
        Mon, 01 Apr 2019 02:18:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1554110301; cv=none;
        d=google.com; s=arc-20160816;
        b=CcVHSxSLdnLI+9W1HheV+f+fXDaMIu+XIHciEKT+DRVtKiaRKH/oQTxmwE3N3N4jbp
         z3Z+0+fGuuK+ktNgulzLGhSTo1ePQOZaF+wr8KJgp1F5+dk6DtmbTUUg6o6SuAnaWuSD
         i+FfGRXTh9XLjgihFcXjU06XMaUksMTAUipu51yog8H/AxOAaulguqNWIMFIbDstU6aW
         S+TpLt5m631DXfhXlm0VeAq/oUP/PPVjBCnqtEFg223Mq4dRksK+2Rdc2ZJEHROUEvlT
         6M6BZUfaV//NhnGpu4GiCgeDNJq2SOHXK+gepm38yOtzDfVfJdJzPBu+1253OIlziBgb
         LH+A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version;
        bh=N+oLSmWs9QxUqdsB5rde/qXE+3wWFB5/ZGcVSlmjCb8=;
        b=avJjBhme/bM5STDrcg6/sN/W/FV1yy1h2RAtxXw4KuNj2U4AoE+SwZ1WlhSVyJWHpg
         E55R6FXnJYI5JfvwbKhcdrd8PCYZeSGHtxekFo1LiAuRMqImduNDZfU8hW22iUrHn7Fg
         FTZS3EBkht0fEFQfXwwCgI4jXrcD9zXVc/G68Zat+DzdMQuYLOMd0zrzHZfBJNPTmzeH
         oUwKmz9BdgCafwFCXKIaBpo0PhYzGOdRs4i/LAFpjB30A7O46nxum78HgERlqIdH6d9k
         GGlv49cuNvGobjRbrTLR4oFVt6kNa/QZVG/IuC7FAPHTvdIZIjyINsQ8OMlTC9SeSGVz
         Z+Uw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q7si8293400pls.259.2019.04.01.02.18.06;
        Mon, 01 Apr 2019 02:18:21 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1725882AbfDAJRA (ORCPT <rfc822;radocaj.bane@gmail.com>
        + 99 others); Mon, 1 Apr 2019 05:17:00 -0400
Received: from mail-ot1-f66.google.com ([209.85.210.66]:44428 "EHLO
        mail-ot1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725817AbfDAJRA (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 1 Apr 2019 05:17:00 -0400
Received: by mail-ot1-f66.google.com with SMTP id d24so7846168otl.11
        for <linux-kernel@vger.kernel.org>; Mon, 01 Apr 2019 02:17:00 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=N+oLSmWs9QxUqdsB5rde/qXE+3wWFB5/ZGcVSlmjCb8=;
        b=S8JBeb53/blhPSzaHxV3dms29S6P4F6t5b4HY7tHr5WHpMe0aaoOYLZ08bjow6grM5
         SORSZ4HHK6YjSQQai58YlaaEwk1vgVXYjMe1RyO3mHpcSITx78SMEacJR15orLR1sIw4
         9QMaYlu3S+mESzlJss8OjeidFxe4nM0HkMI8P7mCdvP8mrAAU7ruT78V+ZXKpguANiB9
         xB8NncQKZfnGJOJSo6j7vj/ZG3p3jGeq/G+B/o8FK3BLsedrbLzxWxsu2r6RSduvSh52
         5TLse8H2W1fV3RlaR3S2a8fovyD/+1AjJxz+cEP+Wfe9CmXnW3E7qkawcHbqGSD5t6rv
         0BCg==
X-Gm-Message-State: APjAAAVbtncGOJSmsd9/A0QEtZOjPR4B0P68XSWeBKfCupS8CA5P88T2
        CEKjKyg6zTixJImu+T5vhNzTshWbJPQbNOHsAfZelQ==
X-Received: by 2002:a9d:5e90:: with SMTP id f16mr14460185otl.86.1554110219669;
 Mon, 01 Apr 2019 02:16:59 -0700 (PDT)
MIME-Version: 1.0
References: <20190307123254.348-1-omosnace@redhat.com> <20190307123254.348-2-omosnace@redhat.com>
 <alpine.DEB.2.21.1903280020390.1789@nanos.tec.linutronix.de>
In-Reply-To: <alpine.DEB.2.21.1903280020390.1789@nanos.tec.linutronix.de>
From:   Ondrej Mosnacek <omosnace@redhat.com>
Date:   Mon, 1 Apr 2019 11:16:48 +0200
Message-ID: <CAFqZXNtHxt6Huv2ufU-gp-0Y4WfyQSJkYVS0cmd0o+G=D1A-UQ@mail.gmail.com>
Subject: Re: [RFC PATCH ghak10 v6 1/2] timekeeping: Audit clock adjustments
To:     Thomas Gleixner <tglx@linutronix.de>
Cc:     Linux-Audit Mailing List <linux-audit@redhat.com>,
        Paul Moore <paul@paul-moore.com>,
        Richard Guy Briggs <rgb@redhat.com>,
        Steve Grubb <sgrubb@redhat.com>,
        Miroslav Lichvar <mlichvar@redhat.com>,
        John Stultz <john.stultz@linaro.org>,
        Stephen Boyd <sboyd@kernel.org>,
        Linux kernel mailing list <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Mar 28, 2019 at 1:09 AM Thomas Gleixner <tglx@linutronix.de> wrote:
> On Thu, 7 Mar 2019, Ondrej Mosnacek wrote:
> > --- a/kernel/auditsc.c
> > +++ b/kernel/auditsc.c
> > @@ -2512,6 +2512,14 @@ void __audit_fanotify(unsigned int response)
> >               AUDIT_FANOTIFY, "resp=%u", response);
> >  }
> >
> > +/* We need to allocate with GFP_ATOMIC here, since these two functions will be
> > + * called while holding the timekeeping lock: */
>
> Audit is no justification for doing ATOMIC allocations just because it's
> convenient in the middle of code which blocks every concurrent reader.
>
> Please find a place outside of the timekeeper lock to do that audit
> logging. Either that or allocate your buffer upfront in a preemptible
> section and commit after the critical section.
>
> /*
>  * Aside of that please use proper multiline comment style and not this
>  * horrible other one.
>  */

Oh, sorry, I wrote that code last summer, when I didn't quite have the
kernel coding style in my blood yet :) But fortunately I shouldn't
need that comment at all in the next version...

>
> > +void __audit_tk_injoffset(struct timespec64 offset)
> > +{
> > +     audit_log(audit_context(), GFP_ATOMIC, AUDIT_TIME_INJOFFSET,
> > +               "sec=%lli nsec=%li", (long long)offset.tv_sec, offset.tv_nsec);
> > +}
> > +
> > @@ -1250,6 +1251,9 @@ out:
> >       /* signal hrtimers about time change */
> >       clock_was_set();
> >
> > +     if (!ret)
> > +             audit_tk_injoffset(ts_delta);
>
> This one does not need GFP_ATOMIC at all.
>
> > +
> >       return ret;
> >  }
> >  EXPORT_SYMBOL(do_settimeofday64);
> > @@ -2322,6 +2326,8 @@ int do_adjtimex(struct timex *txc)
> >               ret = timekeeping_inject_offset(&delta);
> >               if (ret)
> >                       return ret;
> > +
> > +             audit_tk_injoffset(delta);
> >       }
> >
> >       ktime_get_real_ts64(&ts);
>
> This can be done at the end of do_adjtimex() quite nicely in preemptible
> context.

But wait, isn't this call outside of the critical section as well? (I
must have been moving the call around when I was writing the code and
didn't realize that this function actually doesn't need GFP_ATOMIC at
all...) Or am I missing something?


--
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.