From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: [PATCH 17/21] audit: Use timespec64 to represent audit
	timestamps
Date: Thu, 09 Jun 2016 20:19:53 -0400
Message-ID: <1850599.zs4hA4SSlr@x2>
References: <1465448705-25055-1-git-send-email-deepa.kernel@gmail.com>
 <15760445.1IAucOxmWy@x2> <20160609235943.GL18488@madcap2.tricolour.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <y2038-bounces@lists.linaro.org>
In-Reply-To: <20160609235943.GL18488@madcap2.tricolour.ca>
List-Unsubscribe: <https://lists.linaro.org/mailman/options/y2038>,
 <mailto:y2038-request@lists.linaro.org?subject=unsubscribe>
List-Archive: <http://lists.linaro.org/pipermail/y2038/>
List-Post: <mailto:y2038@lists.linaro.org>
List-Help: <mailto:y2038-request@lists.linaro.org?subject=help>
List-Subscribe: <https://lists.linaro.org/mailman/listinfo/y2038>,
 <mailto:y2038-request@lists.linaro.org?subject=subscribe>
Errors-To: y2038-bounces@lists.linaro.org
Sender: "Y2038" <y2038-bounces@lists.linaro.org>
To: Richard Guy Briggs <rgb@redhat.com>
Cc: Arnd Bergmann <arnd@arndb.de>, y2038@lists.linaro.org, linux-kernel@vger.kernel.org, linux-audit@redhat.com, Al Viro <viro@zeniv.linux.org.uk>, linux-fsdevel@vger.kernel.org, Thomas Gleixner <tglx@linutronix.de>, Linus Torvalds <torvalds@linux-foundation.org>, Deepa Dinamani <deepa.kernel@gmail.com>
List-Id: linux-audit@redhat.com

T24gVGh1cnNkYXksIEp1bmUgMDksIDIwMTYgMDc6NTk6NDMgUE0gUmljaGFyZCBHdXkgQnJpZ2dz
IHdyb3RlOgo+IE9uIDE2LzA2LzA5LCBTdGV2ZSBHcnViYiB3cm90ZToKPiA+IE9uIFdlZG5lc2Rh
eSwgSnVuZSAwOCwgMjAxNiAxMDowNTowMSBQTSBEZWVwYSBEaW5hbWFuaSB3cm90ZToKPiA+ID4g
c3RydWN0IHRpbWVzcGVjIGlzIG5vdCB5MjAzOCBzYWZlLgo+ID4gPiBBdWRpdCB0aW1lc3RhbXBz
IGFyZSByZWNvcmRlZCBpbiBzdHJpbmcgZm9ybWF0IGludG8KPiA+ID4gYW4gYXVkaXQgYnVmZmVy
IGZvciBhIGdpdmVuIGNvbnRleHQuCj4gPiA+IFRoZXNlIG1hcmsgdGhlIGVudHJ5IHRpbWVzdGFt
cHMgZm9yIHRoZSBzeXNjYWxscy4KPiA+ID4gVXNlIHkyMDM4IHNhZmUgc3RydWN0IHRpbWVzcGVj
NjQgdG8gcmVwcmVzZW50IHRoZSB0aW1lcy4KPiA+ID4gVGhlIGxvZyBzdHJpbmdzIGNhbiBoYW5k
bGUgdGhpcyB0cmFuc2l0aW9uIGFzIHN0cmluZ3MgY2FuCj4gPiA+IGhvbGQgdXB0byAxMDI0IGNo
YXJhY3RlcnMuCj4gPiAKPiA+IEhhdmUgeW91IHRlc3RlZCB0aGlzIHdpdGggYXVzZWFyY2ggb3Ig
YW55IGF1ZGl0IHV0aWxpdGllcz8gQXMgYW4gYXNpZGUsIGEKPiA+IHRpbWUgc3RhbXAgdGhhdCBp
cyB1cCB0byAxMDI0IGNoYXJhY3RlcnMgbG9uZyBpcyB0ZXJyaWJseSB3YXN0ZWZ1bAo+ID4gY29u
c2lkZXJpbmcgaG93IG1hbnkgZXZlbnRzIHdlIGdldC4KPiAKPiBTdGV2ZSwKPiAKPiBJIGRvbid0
IGV4cGVjdCB0aGUgc2l6ZSBvZiB0aGUgdGltZSBzdGFtcCB0ZXh0IHRvIGNoYW5nZSBzaW5jZSB0
aGUKPiBmb3JtYXQgaXNuJ3QgYmVpbmcgY2hhbmdlZCBhbmQgSSBkb24ndCBleHBlY3QgdGhlIGRh
dGUgc3RhbXAgdGV4dCBsZW5ndGgKPiB0byBjaGFuZ2UgdW50aWwgWTEwSywgYnV0IHlvdSBuZXZl
ciBrbm93IHdoYXQgd2lsbCBoYXBwZW4gaW4gOAo+IG1pbGxlbmlhLi4uICAoV2hvIGtub3dzLCBt
YXliZSB0aGF0IGRhbW4gTGludXggc2VydmVyIGluIG15IGJhc2VtZW50Cj4gd2lsbCBzdGlsbCBi
ZSBydW5uaW5nIHRoZW4uLi4pCj4gCj4gSXNuJ3QgdGhlIG1heGltdW0gbWVzc2FnZSBsZW5ndGgg
TUFYX0FVRElUX01FU1NBR0VfTEVOR1RIICg4OTcwIG9jdGV0cyk/CgpCeXRlcywgeWVzLiBCdXQg
SSB3YXMgdGhpbmtpbmcgdGhhdCBpZiBpdHMgZ29pbmcgdG8gZ2V0IGJpZyB3ZSBzaG91bGQgY29u
c2lkZXIgCnN3aXRjaGluZyBmcm9tIGEgYmFzZSAxMCByZXByZXNlbnRhdGlvbiB0byBiYXNlIDE2
LiBUaGF0IHdvdWxkIGdpdmUgdXMgYmFjayBhIApmZXcgYnl0ZXMuIFdlIGRpc2N1c3MgdGhpcyBv
biB0aGUgbGludXgtYXVkaXQgbGlzdCByYXRoZXIgdGhhbiB0aGUgbWFpbiBsaXN0LgoKLVN0ZXZl
Cl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fClkyMDM4IG1h
aWxpbmcgbGlzdApZMjAzOEBsaXN0cy5saW5hcm8ub3JnCmh0dHBzOi8vbGlzdHMubGluYXJvLm9y
Zy9tYWlsbWFuL2xpc3RpbmZvL3kyMDM4Cg==

From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:53537 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751473AbcFJATz (ORCPT <rfc822;linux-fsdevel@vger.kernel.org>);
	Thu, 9 Jun 2016 20:19:55 -0400
From: Steve Grubb <sgrubb@redhat.com>
To: Richard Guy Briggs <rgb@redhat.com>
Cc: linux-audit@redhat.com, Arnd Bergmann <arnd@arndb.de>,
	y2038@lists.linaro.org, linux-kernel@vger.kernel.org,
	Al Viro <viro@zeniv.linux.org.uk>,
	linux-fsdevel@vger.kernel.org,
	Thomas Gleixner <tglx@linutronix.de>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Deepa Dinamani <deepa.kernel@gmail.com>
Subject: Re: [PATCH 17/21] audit: Use timespec64 to represent audit timestamps
Date: Thu, 09 Jun 2016 20:19:53 -0400
Message-ID: <1850599.zs4hA4SSlr@x2>
In-Reply-To: <20160609235943.GL18488@madcap2.tricolour.ca>
References: <1465448705-25055-1-git-send-email-deepa.kernel@gmail.com> <15760445.1IAucOxmWy@x2> <20160609235943.GL18488@madcap2.tricolour.ca>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On Thursday, June 09, 2016 07:59:43 PM Richard Guy Briggs wrote:
> On 16/06/09, Steve Grubb wrote:
> > On Wednesday, June 08, 2016 10:05:01 PM Deepa Dinamani wrote:
> > > struct timespec is not y2038 safe.
> > > Audit timestamps are recorded in string format into
> > > an audit buffer for a given context.
> > > These mark the entry timestamps for the syscalls.
> > > Use y2038 safe struct timespec64 to represent the times.
> > > The log strings can handle this transition as strings can
> > > hold upto 1024 characters.
> > 
> > Have you tested this with ausearch or any audit utilities? As an aside, a
> > time stamp that is up to 1024 characters long is terribly wasteful
> > considering how many events we get.
> 
> Steve,
> 
> I don't expect the size of the time stamp text to change since the
> format isn't being changed and I don't expect the date stamp text length
> to change until Y10K, but you never know what will happen in 8
> millenia...  (Who knows, maybe that damn Linux server in my basement
> will still be running then...)
> 
> Isn't the maximum message length MAX_AUDIT_MESSAGE_LENGTH (8970 octets)?

Bytes, yes. But I was thinking that if its going to get big we should consider 
switching from a base 10 representation to base 16. That would give us back a 
few bytes. We discuss this on the linux-audit list rather than the main list.

-Steve