Discussion:
[PATCH] audit: use ktime_get_coarse_real_ts64() for timestamps
Paul Moore
2018-07-17 18:58:29 UTC
Permalink
Commit c72051d5778a ("audit: use ktime_get_coarse_ts64() for time
access") converted audit's use of current_kernel_time64() to the
new ktime_get_coarse_ts64() function. Unfortunately this resulted
in incorrect timestamps, e.g. events stamped with the year 1969
despite it being 2018. This patch corrects this by using
ktime_get_coarse_real_ts64() just like the current_kernel_time64()
wrapper.

Fixes: c72051d5778a ("audit: use ktime_get_coarse_ts64() for time access")
Signed-off-by: Paul Moore <***@paul-moore.com>
---
kernel/audit.c | 2 +-
kernel/auditsc.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/audit.c b/kernel/audit.c
index e17bc697d11c..2a8058764aa6 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1721,7 +1721,7 @@ static inline void audit_get_stamp(struct audit_context *ctx,
struct timespec64 *t, unsigned int *serial)
{
if (!ctx || !auditsc_get_stamp(ctx, t, serial)) {
- ktime_get_coarse_ts64(t);
+ ktime_get_coarse_real_ts64(t);
*serial = audit_serial();
}
}
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index f6a0cb32d76e..fb207466e99b 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1543,7 +1543,7 @@ void __audit_syscall_entry(int major, unsigned long a1, unsigned long a2,
context->in_syscall = 1;
context->current_state = state;
context->ppid = 0;
- ktime_get_coarse_ts64(&context->ctime);
+ ktime_get_coarse_real_ts64(&context->ctime);
}

/**
Arnd Bergmann
2018-07-17 19:37:12 UTC
Permalink
Post by Paul Moore
Commit c72051d5778a ("audit: use ktime_get_coarse_ts64() for time
access") converted audit's use of current_kernel_time64() to the
new ktime_get_coarse_ts64() function. Unfortunately this resulted
in incorrect timestamps, e.g. events stamped with the year 1969
despite it being 2018. This patch corrects this by using
ktime_get_coarse_real_ts64() just like the current_kernel_time64()
wrapper.
Fixes: c72051d5778a ("audit: use ktime_get_coarse_ts64() for time access")
Sorry about my mistake, I clearly intended to use the 'real' accessors
here, but ended up with a typo after many other calls got converted
to the monotonic version on purpose.

Reviewed-by: Arnd Bergmann <***@arndb.de>

Loading...