From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751946AbcFJApp (ORCPT ); Thu, 9 Jun 2016 20:45:45 -0400 Received: from mail-it0-f66.google.com ([209.85.214.66]:36749 "EHLO mail-it0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750759AbcFJApo (ORCPT ); Thu, 9 Jun 2016 20:45:44 -0400 MIME-Version: 1.0 In-Reply-To: <15760445.1IAucOxmWy@x2> References: <1465448705-25055-1-git-send-email-deepa.kernel@gmail.com> <1465448705-25055-18-git-send-email-deepa.kernel@gmail.com> <15760445.1IAucOxmWy@x2> From: Deepa Dinamani Date: Thu, 9 Jun 2016 17:45:42 -0700 Message-ID: Subject: Re: [PATCH 17/21] audit: Use timespec64 to represent audit timestamps To: Steve Grubb Cc: linux-audit@redhat.com, Linux FS-devel Mailing List , Linux Kernel Mailing List , Arnd Bergmann , y2038@lists.linaro.org, Al Viro , Thomas Gleixner , Linus Torvalds Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jun 9, 2016 at 7:31 AM, Steve Grubb wrote: > On Wednesday, June 08, 2016 10:05:01 PM Deepa Dinamani wrote: >> Audit timestamps are recorded in string format into >> an audit buffer for a given context. >> These mark the entry timestamps for the syscalls. >> Use y2038 safe struct timespec64 to represent the times. >> The log strings can handle this transition as strings can >> hold upto 1024 characters. > > Have you tested this with ausearch or any audit utilities? As an aside, a time > stamp that is up to 1024 characters long is terribly wasteful considering how > many events we get. /* AUDIT_BUFSIZ is the size of the temporary buffer used for formatting * audit records. Since printk uses a 1024 byte buffer, this buffer * should be at least that large. */ #define AUDIT_BUFSIZ 1024 The commit text is pointing out that the reserve space ensured in each call to audit_log_vformat is already much more than is needed by this call from audit_log_start. Also, since struct timespec64 is already the same as struct timespec on 64-bit systems, there is really no functional change except on 32-bit machines. Let me know if you want me to try it out on a 32-bit system. -Deepa