Re: [RFC PATCH ghak10 v6 1/2] timekeeping: Audit clock adjustments

On Thu, 7 Mar 2019, Ondrej Mosnacek wrote: > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -2512,6 +2512,14 @@ void __audit_fanotify(unsigned int response) > AUDIT_FANOTIFY, "resp=%u", response); > } > > +/* We need to allocate with GFP_ATOMIC here, since these two functions will be > + * called while holding the timekeeping lock: */ Audit is no justification for doing ATOMIC allocations just because it's convenient in the middle of code which blocks every concurrent reader. Please find a place outside of the timekeeper lock to do that audit logging. Either that or allocate your buffer upfront in a preemptible section and commit after the critical section. /* * Aside of that please use proper multiline comment style and not this * horrible other one. */

> +void __audit_tk_injoffset(struct timespec64 offset) > +{ > + audit_log(audit_context(), GFP_ATOMIC, AUDIT_TIME_INJOFFSET, > + "sec=%lli nsec=%li", (long long)offset.tv_sec, offset.tv_nsec); > +} > + > @@ -1250,6 +1251,9 @@ out: > /* signal hrtimers about time change */ > clock_was_set(); > > + if (!ret) > + audit_tk_injoffset(ts_delta); This one does not need GFP_ATOMIC at all. > + > return ret; > } > EXPORT_SYMBOL(do_settimeofday64); > @@ -2322,6 +2326,8 @@ int do_adjtimex(struct timex *txc) > ret = timekeeping_inject_offset(&delta); > if (ret) > return ret; > + > + audit_tk_injoffset(delta); > } > > ktime_get_real_ts64(&ts); This can be done at the end of do_adjtimex() quite nicely in preemptible context.