From: "Mickaël Salaün" <mic@digikod.net>
To: "Eric Paris" <eparis@redhat.com>,
"Paul Moore" <paul@paul-moore.com>,
"Günther Noack" <gnoack@google.com>,
"Serge E . Hallyn" <serge@hallyn.com>
Cc: "Mickaël Salaün" <mic@digikod.net>,
"Ben Scarlato" <akhna@google.com>,
"Casey Schaufler" <casey@schaufler-ca.com>,
"Charles Zaffery" <czaffery@roblox.com>,
"Francis Laniel" <flaniel@linux.microsoft.com>,
"James Morris" <jmorris@namei.org>,
"Jann Horn" <jannh@google.com>, "Jeff Xu" <jeffxu@google.com>,
"Jorge Lucangeli Obes" <jorgelo@google.com>,
"Kees Cook" <kees@kernel.org>,
"Konstantin Meskhidze" <konstantin.meskhidze@huawei.com>,
"Matt Bobrowski" <mattbobrowski@google.com>,
"Mikhail Ivanov" <ivanov.mikhail1@huawei-partners.com>,
"Phil Sutter" <phil@nwl.cc>,
"Praveen K Paladugu" <prapal@linux.microsoft.com>,
"Robert Salvet" <robert.salvet@roblox.com>,
"Shervin Oloumi" <enlightened@google.com>,
"Song Liu" <song@kernel.org>,
"Tahera Fahimi" <fahimitahera@gmail.com>,
audit@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: [PATCH v3 09/23] audit: Add a new audit_get_ctime() helper
Date: Fri, 22 Nov 2024 15:33:39 +0100 [thread overview]
Message-ID: <20241122143353.59367-10-mic@digikod.net> (raw)
In-Reply-To: <20241122143353.59367-1-mic@digikod.net>
It may be useful to synchronize with the audit's timestamp e.g., to
identify asynchronous events as being created with a previous audit
record (see next commit).
auditsc_get_stamp() does more than just getting a timestamp, so add a
new helper instead of exposing it and risking side effects.
It should be noted that we cannot reliably expose event's serial numbers
because there may not be any related event, which would then create
holes in the sequence of serial numbers.
Cc: Eric Paris <eparis@redhat.com>
Cc: Paul Moore <paul@paul-moore.com>
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Link: https://lore.kernel.org/r/20241122143353.59367-10-mic@digikod.net
---
Changes since v2:
- New patch.
---
include/linux/audit.h | 8 ++++++++
kernel/auditsc.c | 21 ++++++++++++++++++---
2 files changed, 26 insertions(+), 3 deletions(-)
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 0050ef288ab3..cff07525c6ae 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -12,6 +12,7 @@
#include <linux/sched.h>
#include <linux/ptrace.h>
#include <linux/audit_arch.h>
+#include <linux/time64.h>
#include <uapi/linux/audit.h>
#include <uapi/linux/netfilter/nf_tables.h>
#include <uapi/linux/fanotify.h>
@@ -408,6 +409,7 @@ extern int __audit_socketcall(int nargs, unsigned long *args);
extern int __audit_sockaddr(int len, void *addr);
extern void __audit_fd_pair(int fd1, int fd2);
extern void __audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr);
+extern struct timespec64 audit_get_ctime(const struct audit_context *ctx);
extern void __audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec64 *abs_timeout);
extern void __audit_mq_notify(mqd_t mqdes, const struct sigevent *notification);
extern void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat);
@@ -653,6 +655,12 @@ static inline int audit_sockaddr(int len, void *addr)
}
static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr)
{ }
+static inline struct timespec64 audit_get_ctime(const struct audit_context *ctx)
+{
+ struct timespec64 t = {};
+
+ return t;
+}
static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len,
unsigned int msg_prio,
const struct timespec64 *abs_timeout)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index cd57053b4a69..3b7dcb47f5af 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2511,6 +2511,22 @@ void __audit_inode_child(struct inode *parent,
}
EXPORT_SYMBOL_GPL(__audit_inode_child);
+/**
+ * audit_get_ctime - get creation time of audit_context
+ *
+ * @ctx: audit_context for the task
+ *
+ * Returns an empty timespec64 if ctx is NULL.
+ */
+struct timespec64 audit_get_ctime(const struct audit_context *ctx)
+{
+ struct timespec64 t = {};
+
+ if (ctx)
+ return ctx->ctime;
+ return t;
+}
+
/**
* auditsc_get_stamp - get local copies of audit_context values
* @ctx: audit_context for the task
@@ -2526,9 +2542,8 @@ int auditsc_get_stamp(struct audit_context *ctx,
return 0;
if (!ctx->serial)
ctx->serial = audit_serial();
- t->tv_sec = ctx->ctime.tv_sec;
- t->tv_nsec = ctx->ctime.tv_nsec;
- *serial = ctx->serial;
+ *t = audit_get_ctime(ctx);
+ *serial = ctx->serial;
if (!ctx->prio) {
ctx->prio = 1;
ctx->current_state = AUDIT_STATE_RECORD;
--
2.47.0
next prev parent reply other threads:[~2024-11-22 14:34 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-22 14:33 [PATCH v3 00/23] Landlock audit support Mickaël Salaün
2024-11-22 14:33 ` [PATCH v3 01/23] lsm: Only build lsm_audit.c if CONFIG_SECURITY and CONFIG_AUDIT are set Mickaël Salaün
2025-01-04 16:47 ` [PATCH v3 1/23] " Paul Moore
2024-11-22 14:33 ` [PATCH v3 02/23] lsm: Add audit_log_lsm_data() helper Mickaël Salaün
2025-01-05 1:23 ` [PATCH v3 2/23] " Paul Moore
2024-11-22 14:33 ` [PATCH v3 03/23] landlock: Factor out check_access_path() Mickaël Salaün
2024-11-22 14:33 ` [PATCH v3 04/23] landlock: Add unique ID generator Mickaël Salaün
2024-11-22 14:33 ` [PATCH v3 05/23] landlock: Move access types Mickaël Salaün
2024-11-22 14:33 ` [PATCH v3 06/23] landlock: Simplify initially denied access rights Mickaël Salaün
2024-11-22 14:33 ` [PATCH v3 07/23] landlock: Move domain hierarchy management Mickaël Salaün
2024-11-22 14:33 ` [PATCH v3 08/23] landlock: Log ptrace denials Mickaël Salaün
2024-12-20 14:36 ` Francis Laniel
2024-12-24 14:48 ` Mickaël Salaün
2025-01-05 1:23 ` [PATCH v3 8/23] " Paul Moore
2025-01-06 14:45 ` Mickaël Salaün
2024-11-22 14:33 ` Mickaël Salaün [this message]
2025-01-05 1:23 ` [PATCH v3 9/23] audit: Add a new audit_get_ctime() helper Paul Moore
2024-11-22 14:33 ` [PATCH v3 10/23] landlock: Log domain properties and release Mickaël Salaün
2025-01-05 1:23 ` Paul Moore
2025-01-06 14:51 ` Mickaël Salaün
2025-01-06 21:56 ` Paul Moore
2025-01-07 14:16 ` Mickaël Salaün
2024-11-22 14:33 ` [PATCH v3 11/23] landlock: Log mount-related denials Mickaël Salaün
2024-11-22 14:33 ` [PATCH v3 12/23] landlock: Align partial refer access checks with final ones Mickaël Salaün
2024-11-22 14:33 ` [PATCH v3 13/23] selftests/landlock: Add test to check partial access in a mount tree Mickaël Salaün
2024-11-22 14:33 ` [PATCH v3 14/23] landlock: Optimize file path walks and prepare for audit support Mickaël Salaün
2024-11-22 14:33 ` [PATCH v3 15/23] landlock: Log file-related denials Mickaël Salaün
2024-11-22 14:33 ` [PATCH v3 16/23] landlock: Log truncate and ioctl denials Mickaël Salaün
2024-11-22 14:33 ` [PATCH v3 17/23] landlock: Log TCP bind and connect denials Mickaël Salaün
2025-01-05 1:23 ` Paul Moore
2025-01-06 14:51 ` Mickaël Salaün
2025-01-06 22:29 ` Paul Moore
2025-01-07 14:17 ` Mickaël Salaün
2024-11-22 14:33 ` [PATCH v3 18/23] landlock: Log scoped denials Mickaël Salaün
2025-01-05 1:23 ` Paul Moore
2025-01-06 14:51 ` Mickaël Salaün
2025-01-06 22:33 ` Paul Moore
2025-01-07 14:23 ` Mickaël Salaün
2024-11-22 14:33 ` [PATCH v3 19/23] landlock: Control log events with LANDLOCK_RESTRICT_SELF_LOGLESS Mickaël Salaün
2024-11-22 14:33 ` [PATCH v3 20/23] samples/landlock: Do not log denials from the sandboxer by default Mickaël Salaün
2024-12-20 14:36 ` Francis Laniel
2024-12-24 14:48 ` Mickaël Salaün
2024-11-22 14:33 ` [PATCH v3 21/23] selftests/landlock: Extend tests for landlock_restrict_self()'s flags Mickaël Salaün
2024-11-22 14:33 ` [PATCH v3 22/23] selftests/landlock: Add tests for audit Mickaël Salaün
2024-11-22 14:33 ` [PATCH v3 23/23] selftests/landlock: Add audit tests for ptrace Mickaël Salaün
2024-12-20 14:36 ` [PATCH v3 00/23] Landlock audit support Francis Laniel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241122143353.59367-10-mic@digikod.net \
--to=mic@digikod.net \
--cc=akhna@google.com \
--cc=audit@vger.kernel.org \
--cc=casey@schaufler-ca.com \
--cc=czaffery@roblox.com \
--cc=enlightened@google.com \
--cc=eparis@redhat.com \
--cc=fahimitahera@gmail.com \
--cc=flaniel@linux.microsoft.com \
--cc=gnoack@google.com \
--cc=ivanov.mikhail1@huawei-partners.com \
--cc=jannh@google.com \
--cc=jeffxu@google.com \
--cc=jmorris@namei.org \
--cc=jorgelo@google.com \
--cc=kees@kernel.org \
--cc=konstantin.meskhidze@huawei.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mattbobrowski@google.com \
--cc=paul@paul-moore.com \
--cc=phil@nwl.cc \
--cc=prapal@linux.microsoft.com \
--cc=robert.salvet@roblox.com \
--cc=serge@hallyn.com \
--cc=song@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).