On 12/19/2022 9:54 AM, Ondrej Mosnacek wrote: > Join the two fields that comprise an audit timestamp into a common > structure. This will be used further in later commits.
Patch 30/39 of my LSM stacking patchset[1] is almost identical to this. The only significant difference is the structure name. You use audit_timestamp whereas I use audit_stamp. I believe that audit_stamp is more correct and more consistent with the code that uses it. [1] https://lore.kernel.org/lkml/f6b8ac05-6900-f57d-0daf-02d5ae53b...@schaufler-ca.com/T/#m3205b98b2a6b21a296fb831ed35892f01ead191f > > Signed-off-by: Ondrej Mosnacek <omosn...@redhat.com> > --- > include/linux/audit.h | 5 +++++ > kernel/audit.c | 16 ++++++++-------- > kernel/audit.h | 4 ++-- > kernel/auditsc.c | 9 ++++----- > 4 files changed, 19 insertions(+), 15 deletions(-) > > diff --git a/include/linux/audit.h b/include/linux/audit.h > index 3608992848d3..788ab93c3be4 100644 > --- a/include/linux/audit.h > +++ b/include/linux/audit.h > @@ -84,6 +84,11 @@ enum audit_ntp_type { > AUDIT_NTP_NVALS /* count */ > }; > > +struct audit_timestamp { > + struct timespec64 t; > + unsigned int serial; > +}; > + > #ifdef CONFIG_AUDITSYSCALL > struct audit_ntp_val { > long long oldval, newval; > diff --git a/kernel/audit.c b/kernel/audit.c > index 9bc0b0301198..aded2d69ea69 100644 > --- a/kernel/audit.c > +++ b/kernel/audit.c > @@ -1818,11 +1818,11 @@ unsigned int audit_serial(void) > } > > static inline void audit_get_stamp(struct audit_context *ctx, > - struct timespec64 *t, unsigned int *serial) > + struct audit_timestamp *ts) > { > - if (!ctx || !auditsc_get_stamp(ctx, t, serial)) { > - ktime_get_coarse_real_ts64(t); > - *serial = audit_serial(); > + if (!ctx || !auditsc_get_stamp(ctx, ts)) { > + ktime_get_coarse_real_ts64(&ts->t); > + ts->serial = audit_serial(); > } > } > > @@ -1845,8 +1845,7 @@ struct audit_buffer *audit_log_start(struct > audit_context *ctx, gfp_t gfp_mask, > int type) > { > struct audit_buffer *ab; > - struct timespec64 t; > - unsigned int serial; > + struct audit_timestamp ts; > > if (audit_initialized != AUDIT_INITIALIZED) > return NULL; > @@ -1901,12 +1900,13 @@ struct audit_buffer *audit_log_start(struct > audit_context *ctx, gfp_t gfp_mask, > return NULL; > } > > - audit_get_stamp(ab->ctx, &t, &serial); > + audit_get_stamp(ab->ctx, &ts); > /* cancel dummy context to enable supporting records */ > if (ctx) > ctx->dummy = 0; > audit_log_format(ab, "audit(%llu.%03lu:%u): ", > - (unsigned long long)t.tv_sec, t.tv_nsec/1000000, > serial); > + (unsigned long long)ts.t.tv_sec, ts.t.tv_nsec/1000000, > + ts.serial); > > return ab; > } > diff --git a/kernel/audit.h b/kernel/audit.h > index c57b008b9914..e3ea00ea399a 100644 > --- a/kernel/audit.h > +++ b/kernel/audit.h > @@ -262,7 +262,7 @@ extern void audit_put_tty(struct tty_struct *tty); > #ifdef CONFIG_AUDITSYSCALL > extern unsigned int audit_serial(void); > extern int auditsc_get_stamp(struct audit_context *ctx, > - struct timespec64 *t, unsigned int *serial); > + struct audit_timestamp *ts); > > extern void audit_put_watch(struct audit_watch *watch); > extern void audit_get_watch(struct audit_watch *watch); > @@ -303,7 +303,7 @@ extern void audit_filter_inodes(struct task_struct *tsk, > struct audit_context *ctx); > extern struct list_head *audit_killed_trees(void); > #else /* CONFIG_AUDITSYSCALL */ > -#define auditsc_get_stamp(c, t, s) 0 > +#define auditsc_get_stamp(c, ts) 0 > #define audit_put_watch(w) do { } while (0) > #define audit_get_watch(w) do { } while (0) > #define audit_to_watch(k, p, l, o) (-EINVAL) > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > index 9f8c05228d6d..061009ba9959 100644 > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -2513,16 +2513,15 @@ EXPORT_SYMBOL_GPL(__audit_inode_child); > * > * Also sets the context as auditable. > */ > -int auditsc_get_stamp(struct audit_context *ctx, > - struct timespec64 *t, unsigned int *serial) > +int auditsc_get_stamp(struct audit_context *ctx, struct audit_timestamp *ts) > { > if (ctx->context == AUDIT_CTX_UNUSED) > return 0; > if (!ctx->serial) > ctx->serial = audit_serial(); > - t->tv_sec = ctx->ctime.tv_sec; > - t->tv_nsec = ctx->ctime.tv_nsec; > - *serial = ctx->serial; > + ts->t.tv_sec = ctx->ctime.tv_sec; > + ts->t.tv_nsec = ctx->ctime.tv_nsec; > + ts->serial = ctx->serial; > if (!ctx->prio) { > ctx->prio = 1; > ctx->current_state = AUDIT_STATE_RECORD; -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit
