From: Arnd Bergmann <arnd@arndb.de> To: Thomas Gleixner <tglx@linutronix.de> Cc: y2038 Mailman List <y2038@lists.linaro.org>, John Stultz <john.stultz@linaro.org>, "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>, Stephen Boyd <sboyd@kernel.org>, David Howells <dhowells@redhat.com>, Al Viro <viro@zeniv.linux.org.uk>, Deepa Dinamani <deepa.kernel@gmail.com>, Christian Brauner <christian@brauner.io>, Jens Axboe <axboe@kernel.dk>, Ingo Molnar <mingo@kernel.org>, Corey Minyard <cminyard@mvista.com>, zhengbin <zhengbin13@huawei.com>, Li RongQing <lirongqing@baidu.com>, Linux API <linux-api@vger.kernel.org> Subject: Re: [PATCH 17/23] y2038: time: avoid timespec usage in settimeofday() Date: Thu, 14 Nov 2019 12:06:28 +0100 [thread overview] Message-ID: <CAK8P3a2bxDZVKgcJoa99wr3tDyYckQAdk2f=RnL4vTFPjm3tXQ@mail.gmail.com> (raw) In-Reply-To: <alpine.DEB.2.21.1911132250010.2507@nanos.tec.linutronix.de> On Wed, Nov 13, 2019 at 10:53 PM Thomas Gleixner <tglx@linutronix.de> wrote: > > On Fri, 8 Nov 2019, Arnd Bergmann wrote: > > -SYSCALL_DEFINE2(settimeofday, struct timeval __user *, tv, > > +SYSCALL_DEFINE2(settimeofday, struct __kernel_old_timeval __user *, tv, > > struct timezone __user *, tz) > > { > > struct timespec64 new_ts; > > - struct timeval user_tv; > > struct timezone new_tz; > > > > if (tv) { > > - if (copy_from_user(&user_tv, tv, sizeof(*tv))) > > + if (get_user(new_ts.tv_sec, &tv->tv_sec) || > > + get_user(new_ts.tv_nsec, &tv->tv_usec)) > > return -EFAULT; > > How is that supposed to be correct on a 32bit kernel? I don't see the problem you are referring to. This should behave the same way on a 32-bit kernel and on a 64-bit kernel, sign-extending the tv_sec field, and copying the user tv_usec field into the kernel tv_nsec, to be multiplied by 1000 a few lines later. Am I missing something? > > - if (!timeval_valid(&user_tv)) > > + if (tv->tv_usec > USEC_PER_SEC) > > return -EINVAL; > > That's incomplete: > > static inline bool timeval_valid(const struct timeval *tv) > { > /* Dates before 1970 are bogus */ > if (tv->tv_sec < 0) > return false; > > /* Can't have more microseconds then a second */ > if (tv->tv_usec < 0 || tv->tv_usec >= USEC_PER_SEC) > return false; > > return true; > } My idea was to not duplicate the range check that is done in do_sys_settimeofday64() and again in do_settimeofday64: if (!timespec64_valid_settod(ts)) return -EINVAL; The only check we should need in addition to this is to ensure that passing an invalid tv_usec number doesn't become an unexpectedly valid tv_nsec after the multiplication. I agree the patch looks like I'm missing a check here, but the code after the patch appears clear enough to me. Arnd
WARNING: multiple messages have this Message-ID (diff)
From: Arnd Bergmann <arnd@arndb.de> To: Thomas Gleixner <tglx@linutronix.de> Cc: Jens Axboe <axboe@kernel.dk>, Corey Minyard <cminyard@mvista.com>, y2038 Mailman List <y2038@lists.linaro.org>, Linux API <linux-api@vger.kernel.org>, "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>, Li RongQing <lirongqing@baidu.com>, David Howells <dhowells@redhat.com>, Stephen Boyd <sboyd@kernel.org>, zhengbin <zhengbin13@huawei.com>, John Stultz <john.stultz@linaro.org>, Al Viro <viro@zeniv.linux.org.uk>, Ingo Molnar <mingo@kernel.org>, Christian Brauner <christian@brauner.io>, Deepa Dinamani <deepa.kernel@gmail.com> Subject: Re: [PATCH 17/23] y2038: time: avoid timespec usage in settimeofday() Date: Thu, 14 Nov 2019 12:06:28 +0100 [thread overview] Message-ID: <CAK8P3a2bxDZVKgcJoa99wr3tDyYckQAdk2f=RnL4vTFPjm3tXQ@mail.gmail.com> (raw) In-Reply-To: <alpine.DEB.2.21.1911132250010.2507@nanos.tec.linutronix.de> On Wed, Nov 13, 2019 at 10:53 PM Thomas Gleixner <tglx@linutronix.de> wrote: > > On Fri, 8 Nov 2019, Arnd Bergmann wrote: > > -SYSCALL_DEFINE2(settimeofday, struct timeval __user *, tv, > > +SYSCALL_DEFINE2(settimeofday, struct __kernel_old_timeval __user *, tv, > > struct timezone __user *, tz) > > { > > struct timespec64 new_ts; > > - struct timeval user_tv; > > struct timezone new_tz; > > > > if (tv) { > > - if (copy_from_user(&user_tv, tv, sizeof(*tv))) > > + if (get_user(new_ts.tv_sec, &tv->tv_sec) || > > + get_user(new_ts.tv_nsec, &tv->tv_usec)) > > return -EFAULT; > > How is that supposed to be correct on a 32bit kernel? I don't see the problem you are referring to. This should behave the same way on a 32-bit kernel and on a 64-bit kernel, sign-extending the tv_sec field, and copying the user tv_usec field into the kernel tv_nsec, to be multiplied by 1000 a few lines later. Am I missing something? > > - if (!timeval_valid(&user_tv)) > > + if (tv->tv_usec > USEC_PER_SEC) > > return -EINVAL; > > That's incomplete: > > static inline bool timeval_valid(const struct timeval *tv) > { > /* Dates before 1970 are bogus */ > if (tv->tv_sec < 0) > return false; > > /* Can't have more microseconds then a second */ > if (tv->tv_usec < 0 || tv->tv_usec >= USEC_PER_SEC) > return false; > > return true; > } My idea was to not duplicate the range check that is done in do_sys_settimeofday64() and again in do_settimeofday64: if (!timespec64_valid_settod(ts)) return -EINVAL; The only check we should need in addition to this is to ensure that passing an invalid tv_usec number doesn't become an unexpectedly valid tv_nsec after the multiplication. I agree the patch looks like I'm missing a check here, but the code after the patch appears clear enough to me. Arnd _______________________________________________ Y2038 mailing list Y2038@lists.linaro.org https://lists.linaro.org/mailman/listinfo/y2038
next prev parent reply other threads:[~2019-11-14 11:06 UTC|newest] Thread overview: 124+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-11-08 21:02 [PATCH 00/23] y2038 cleanups Arnd Bergmann 2019-11-08 21:02 ` Arnd Bergmann 2019-11-08 21:02 ` Arnd Bergmann 2019-11-08 21:02 ` Arnd Bergmann 2019-11-08 21:02 ` Arnd Bergmann 2019-11-08 21:02 ` Arnd Bergmann 2019-11-08 21:02 ` Arnd Bergmann 2019-11-08 21:07 ` [PATCH 01/23] y2038: remove CONFIG_64BIT_TIME Arnd Bergmann 2019-11-20 22:28 ` [Y2038] " Ben Hutchings 2019-11-20 22:58 ` Dmitry Safonov 2019-11-08 21:07 ` [PATCH 02/23] y2038: add __kernel_old_timespec and __kernel_old_time_t Arnd Bergmann 2019-11-09 19:02 ` Deepa Dinamani 2019-11-20 22:30 ` [Y2038] " Ben Hutchings 2019-11-21 14:17 ` Arnd Bergmann 2019-11-08 21:07 ` [PATCH 03/23] y2038: vdso: change timeval to __kernel_old_timeval Arnd Bergmann 2019-11-08 21:07 ` Arnd Bergmann 2019-11-08 21:07 ` Arnd Bergmann 2019-11-08 21:07 ` Arnd Bergmann 2019-11-13 21:56 ` Thomas Gleixner 2019-11-13 21:56 ` Thomas Gleixner 2019-11-13 21:56 ` Thomas Gleixner 2019-11-13 21:56 ` Thomas Gleixner 2019-11-08 21:07 ` [PATCH 04/23] y2038: vdso: change timespec to __kernel_old_timespec Arnd Bergmann 2019-11-08 21:07 ` Arnd Bergmann 2019-11-08 21:07 ` Arnd Bergmann 2019-11-08 21:07 ` [PATCH 05/23] y2038: vdso: change time_t to __kernel_old_time_t Arnd Bergmann 2019-11-08 21:07 ` Arnd Bergmann 2019-11-13 21:57 ` Thomas Gleixner 2019-11-13 21:57 ` Thomas Gleixner 2019-11-08 21:07 ` [PATCH 06/23] y2038: vdso: nds32: open-code timespec_add_ns() Arnd Bergmann 2019-11-08 21:07 ` [PATCH 07/23] y2038: vdso: powerpc: avoid timespec references Arnd Bergmann 2019-11-08 21:07 ` Arnd Bergmann 2019-11-20 22:43 ` [Y2038] " Ben Hutchings 2019-11-20 22:43 ` Ben Hutchings 2019-11-21 14:23 ` Arnd Bergmann 2019-11-21 14:23 ` Arnd Bergmann 2019-11-21 16:25 ` Christophe Leroy 2019-11-21 16:25 ` Christophe Leroy 2019-11-27 11:03 ` Arnd Bergmann 2019-11-27 11:03 ` Arnd Bergmann 2019-12-02 12:55 ` Christophe Leroy 2019-12-02 12:55 ` Christophe Leroy 2019-12-02 14:03 ` Arnd Bergmann 2019-12-02 14:03 ` Arnd Bergmann 2019-11-08 21:07 ` [PATCH 08/23] y2038: ipc: remove __kernel_time_t reference from headers Arnd Bergmann 2019-11-08 21:07 ` Arnd Bergmann 2019-11-08 21:07 ` Arnd Bergmann 2019-11-20 22:49 ` [Y2038] " Ben Hutchings 2019-11-20 22:49 ` Ben Hutchings 2019-11-20 22:49 ` Ben Hutchings 2019-11-21 14:28 ` [Y2038] " Arnd Bergmann 2019-11-21 14:28 ` Arnd Bergmann 2019-11-21 14:28 ` Arnd Bergmann 2019-11-21 14:28 ` Arnd Bergmann 2019-11-08 21:07 ` [PATCH 09/23] y2038: stat: avoid 'time_t' in 'struct stat' Arnd Bergmann 2019-11-08 21:07 ` Arnd Bergmann 2019-11-08 21:07 ` Arnd Bergmann 2019-11-08 21:12 ` [PATCH 10/23] y2038: uapi: change __kernel_time_t to __kernel_old_time_t Arnd Bergmann 2019-11-09 19:03 ` Deepa Dinamani 2019-11-11 12:38 ` Christian Brauner 2019-11-08 21:12 ` [PATCH 11/23] y2038: rusage: use __kernel_old_timeval Arnd Bergmann 2019-11-12 21:09 ` Cyrill Gorcunov 2019-11-13 10:02 ` Arnd Bergmann 2019-11-13 17:22 ` Cyrill Gorcunov 2019-11-14 0:38 ` Christian Brauner 2019-11-14 0:38 ` Christian Brauner 2019-11-14 10:18 ` Arnd Bergmann 2019-11-14 10:23 ` Christian Brauner 2019-11-08 21:12 ` [PATCH 12/23] y2038: syscalls: change remaining timeval to __kernel_old_timeval Arnd Bergmann 2019-11-08 21:12 ` Arnd Bergmann 2019-11-11 12:44 ` Christian Brauner 2019-11-11 12:44 ` Christian Brauner 2019-11-11 12:44 ` Christian Brauner 2019-11-13 22:39 ` Rafael J. Wysocki 2019-11-13 22:39 ` Rafael J. Wysocki 2019-11-08 21:12 ` [PATCH 13/23] y2038: socket: remove timespec reference in timestamping Arnd Bergmann 2019-11-09 19:03 ` Deepa Dinamani 2019-11-11 20:24 ` Arnd Bergmann 2019-11-08 21:12 ` [PATCH 14/23] y2038: make ns_to_compat_timeval use __kernel_old_timeval Arnd Bergmann 2019-11-08 21:12 ` [PATCH 15/23] y2038: elfcore: Use __kernel_old_timeval for process times Arnd Bergmann 2019-11-08 21:12 ` [PATCH 16/23] y2038: timerfd: Use timespec64 internally Arnd Bergmann 2019-11-13 21:49 ` Thomas Gleixner 2019-11-08 21:12 ` [PATCH 17/23] y2038: time: avoid timespec usage in settimeofday() Arnd Bergmann 2019-11-13 21:53 ` Thomas Gleixner 2019-11-14 11:06 ` Arnd Bergmann [this message] 2019-11-14 11:06 ` Arnd Bergmann 2019-11-14 14:04 ` Thomas Gleixner 2019-11-14 14:04 ` Thomas Gleixner 2019-11-14 14:35 ` Arnd Bergmann 2019-11-14 23:01 ` Abel Vesa 2019-11-15 7:58 ` Arnd Bergmann 2019-11-15 10:27 ` Rasmus Villemoes 2019-11-15 13:50 ` Arnd Bergmann 2019-11-08 21:12 ` [PATCH 18/23] y2038: itimer: compat handling to itimer.c Arnd Bergmann 2019-11-13 21:54 ` Thomas Gleixner 2019-11-08 21:12 ` [PATCH 19/23] y2038: use compat_{get,set}_itimer on alpha Arnd Bergmann 2019-12-02 13:13 ` Guenter Roeck 2019-11-08 21:12 ` [PATCH 20/23] y2038: move itimer reset into itimer.c Arnd Bergmann 2019-11-09 13:43 ` Ondrej Mosnacek 2019-11-09 21:02 ` Arnd Bergmann 2019-11-09 23:07 ` Ondrej Mosnacek 2019-11-11 10:57 ` Arnd Bergmann 2019-11-14 8:51 ` Ondrej Mosnacek 2019-11-14 10:51 ` Thomas Gleixner 2019-11-13 22:03 ` Thomas Gleixner 2019-11-08 21:12 ` [PATCH 21/23] y2038: itimer: change implementation to timespec64 Arnd Bergmann 2019-11-13 22:28 ` Thomas Gleixner 2019-11-14 2:06 ` Steven Rostedt 2019-11-14 10:48 ` Thomas Gleixner 2019-11-14 10:52 ` Arnd Bergmann 2019-11-14 10:51 ` Arnd Bergmann 2019-11-14 10:57 ` Thomas Gleixner 2019-11-21 16:52 ` [Y2038] " Ben Hutchings 2019-11-25 20:26 ` Arnd Bergmann 2019-11-08 21:12 ` [PATCH 22/23] [RFC] y2038: itimer: use ktime_t internally Arnd Bergmann 2019-11-13 22:30 ` Thomas Gleixner 2019-11-08 21:12 ` [PATCH 23/23] y2038: allow disabling time32 system calls Arnd Bergmann 2019-11-11 12:31 ` Christian Brauner 2019-11-13 21:40 ` [PATCH 00/23] y2038 cleanups Arnd Bergmann 2019-11-13 21:40 ` Arnd Bergmann 2019-11-13 21:40 ` Arnd Bergmann 2019-11-13 21:40 ` Arnd Bergmann 2019-11-13 21:40 ` Arnd Bergmann 2019-11-13 21:40 ` Arnd Bergmann
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to='CAK8P3a2bxDZVKgcJoa99wr3tDyYckQAdk2f=RnL4vTFPjm3tXQ@mail.gmail.com' \ --to=arnd@arndb.de \ --cc=axboe@kernel.dk \ --cc=christian@brauner.io \ --cc=cminyard@mvista.com \ --cc=deepa.kernel@gmail.com \ --cc=dhowells@redhat.com \ --cc=john.stultz@linaro.org \ --cc=linux-api@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=lirongqing@baidu.com \ --cc=mingo@kernel.org \ --cc=sboyd@kernel.org \ --cc=tglx@linutronix.de \ --cc=viro@zeniv.linux.org.uk \ --cc=y2038@lists.linaro.org \ --cc=zhengbin13@huawei.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.