From mboxrd@z Thu Jan 1 00:00:00 1970 From: Baolin Wang Subject: Re: [PATCH 05/11] time/posix-timers:Convert to the 64bit methods for k_clock callback functions Date: Tue, 21 Apr 2015 16:36:13 +0800 Message-ID: References: <1429509459-17068-1-git-send-email-baolin.wang@linaro.org> <1429509459-17068-6-git-send-email-baolin.wang@linaro.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5371854255723363967==" Cc: Xunlei Pang , peterz@infradead.org, heiko.carstens@de.ibm.com, paulus@samba.org, cl@linux.com, Heena Sirwani , linux-arch@vger.kernel.org, linux-s390@vger.kernel.org, y2038 Mailman List , rafael.j.wysocki@intel.com, Andrew Hunter , =?UTF-8?B?RnLDqWTDqXJpYyBXZWlzYmVja2Vy?= , Paul Turner , riel@redhat.com, Arnd Bergmann , Richard Cochran , schwidefsky@de.ibm.com, John Stultz , rth@twiddle.net, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, tj@kernel.org, linux390@de.ibm.com, linuxppc-dev@lists.ozlabs.org To: Thomas Gleixner Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: linuxppc-dev-bounces+glppe-linuxppc-embedded-2=m.gmane.org@lists.ozlabs.org Sender: "Linuxppc-dev" List-Id: netdev.vger.kernel.org --===============5371854255723363967== Content-Type: multipart/alternative; boundary=089e0122f07478b051051437f06d --089e0122f07478b051051437f06d Content-Type: text/plain; charset=UTF-8 On 21 April 2015 at 04:48, Thomas Gleixner wrote: > On Mon, 20 Apr 2015, Baolin Wang wrote: > > /* Set clock_realtime */ > > static int posix_clock_realtime_set(const clockid_t which_clock, > > - const struct timespec *tp) > > + const struct timespec64 *tp) > > { > > - return do_sys_settimeofday(tp, NULL); > > + struct timespec ts = timespec64_to_timespec(*tp); > > + > > + return do_sys_settimeofday(&ts, NULL); > > Sigh. No. We first provide a proper function for this, which takes a > timespec64, i.e. do_sys_settimeofday64() instead of having this > wrapper mess all over the place. > Thanks for your comments,but if use do_sys_settimeofday64() here that will introduce a security bug: do_sys_settimeofday contains a capability check that normally prevents non-root users from setting the time. With your change, any user can set the system time. > > > /* SIGEV_NONE timers are not queued ! See common_timer_get */ > > if (((timr->it_sigev_notify & ~SIGEV_THREAD_ID) == SIGEV_NONE)) { > > diff --git a/kernel/time/timekeeping.h b/kernel/time/timekeeping.h > > index 1d91416..144af14 100644 > > --- a/kernel/time/timekeeping.h > > +++ b/kernel/time/timekeeping.h > > @@ -15,7 +15,7 @@ extern u64 timekeeping_max_deferment(void); > > extern int timekeeping_inject_offset(struct timespec *ts); > > extern s32 timekeeping_get_tai_offset(void); > > extern void timekeeping_set_tai_offset(s32 tai_offset); > > -extern void timekeeping_clocktai(struct timespec *ts); > > +extern void timekeeping_clocktai(struct timespec64 *ts); > > # git grep timekeeping_clocktai() is your friend. > > Thanks, > > tglx > -- Baolin.wang Best Regards --089e0122f07478b051051437f06d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


On 21 April 2015 at 04:48, Thomas Gleixner <tglx@linutronix.de>= ; wrote:
On Mon, 20 Apr 2015, Baolin Wang wrote:
>=C2=A0 /* Set clock_realtime */
>=C2=A0 static int posix_clock_realtime_set(const clockid_t which_clock,=
> -=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0const struct timespec *tp)=
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0const struct timespec64 *t= p)
>=C2=A0 {
> -=C2=A0 =C2=A0 =C2=A0return do_sys_settimeofday(tp, NULL);
> +=C2=A0 =C2=A0 =C2=A0struct timespec ts =3D timespec64_to_timespec(*tp= );
> +
> +=C2=A0 =C2=A0 =C2=A0return do_sys_settimeofday(&ts, NULL);

Sigh. No. We first provide a proper function for this, which takes a=
timespec64, i.e. do_sys_settimeofday64() instead of having this
wrapper mess all over the place.

Thanks for your comments,but if use=C2=A0do_sys_= settimeofday64() here that will=C2=A0=C2=A0i= ntroduce a security bug: do_sys_settimeofday contains a capability
check that no= rmally prevents non-root users from setting the time.

With your change, any user can set the system time.=C2=A0
<= blockquote class=3D"gmail_quote" style=3D"margin-top:0px;margin-right:0px;m= argin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:= rgb(204,204,204);border-left-style:solid;padding-left:1ex">
>=C2=A0 =C2=A0 =C2=A0 =C2=A0/* SIGEV_NONE timers are not queued ! See co= mmon_timer_get */
>=C2=A0 =C2=A0 =C2=A0 =C2=A0if (((timr->it_sigev_notify & ~SIGEV_= THREAD_ID) =3D=3D SIGEV_NONE)) {
> diff --git a/kernel/time/timekeeping.h b/kernel/time/timekeeping.h
> index 1d91416..144af14 100644
> --- a/kernel/time/timekeeping.h
> +++ b/kernel/time/timekeeping.h
> @@ -15,7 +15,7 @@ extern u64 timekeeping_max_deferment(void);
>=C2=A0 extern int timekeeping_inject_offset(struct timespec *ts);
>=C2=A0 extern s32 timekeeping_get_tai_offset(void);
>=C2=A0 extern void timekeeping_set_tai_offset(s32 tai_offset);
> -extern void timekeeping_clocktai(struct timespec *ts);
> +extern void timekeeping_clocktai(struct timespec64 *ts);

# git grep timekeeping_clocktai() is your friend.

Thanks,

=C2=A0 =C2=A0 =C2=A0 =C2=A0 tglx



--
Baolin.wang
Best Regard= s
--089e0122f07478b051051437f06d-- --===============5371854255723363967== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KTGludXhwcGMt ZGV2IG1haWxpbmcgbGlzdApMaW51eHBwYy1kZXZAbGlzdHMub3psYWJzLm9yZwpodHRwczovL2xp c3RzLm96bGFicy5vcmcvbGlzdGluZm8vbGludXhwcGMtZGV2 --===============5371854255723363967==-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 098431A0025 for ; Tue, 21 Apr 2015 18:36:17 +1000 (AEST) Received: by wgsk9 with SMTP id k9so204957045wgs.3 for ; Tue, 21 Apr 2015 01:36:13 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: <1429509459-17068-1-git-send-email-baolin.wang@linaro.org> <1429509459-17068-6-git-send-email-baolin.wang@linaro.org> Date: Tue, 21 Apr 2015 16:36:13 +0800 Message-ID: Subject: Re: [PATCH 05/11] time/posix-timers:Convert to the 64bit methods for k_clock callback functions From: Baolin Wang To: Thomas Gleixner Content-Type: multipart/alternative; boundary=089e0122f07478b051051437f06d Cc: Xunlei Pang , peterz@infradead.org, heiko.carstens@de.ibm.com, paulus@samba.org, cl@linux.com, Heena Sirwani , linux-arch@vger.kernel.org, linux-s390@vger.kernel.org, y2038 Mailman List , rafael.j.wysocki@intel.com, Andrew Hunter , =?UTF-8?B?RnLDqWTDqXJpYyBXZWlzYmVja2Vy?= , Paul Turner , riel@redhat.com, Arnd Bergmann , Richard Cochran , schwidefsky@de.ibm.com, John Stultz , rth@twiddle.net, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, tj@kernel.org, linux390@de.ibm.com, linuxppc-dev@lists.ozlabs.org List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --089e0122f07478b051051437f06d Content-Type: text/plain; charset=UTF-8 On 21 April 2015 at 04:48, Thomas Gleixner wrote: > On Mon, 20 Apr 2015, Baolin Wang wrote: > > /* Set clock_realtime */ > > static int posix_clock_realtime_set(const clockid_t which_clock, > > - const struct timespec *tp) > > + const struct timespec64 *tp) > > { > > - return do_sys_settimeofday(tp, NULL); > > + struct timespec ts = timespec64_to_timespec(*tp); > > + > > + return do_sys_settimeofday(&ts, NULL); > > Sigh. No. We first provide a proper function for this, which takes a > timespec64, i.e. do_sys_settimeofday64() instead of having this > wrapper mess all over the place. > Thanks for your comments,but if use do_sys_settimeofday64() here that will introduce a security bug: do_sys_settimeofday contains a capability check that normally prevents non-root users from setting the time. With your change, any user can set the system time. > > > /* SIGEV_NONE timers are not queued ! See common_timer_get */ > > if (((timr->it_sigev_notify & ~SIGEV_THREAD_ID) == SIGEV_NONE)) { > > diff --git a/kernel/time/timekeeping.h b/kernel/time/timekeeping.h > > index 1d91416..144af14 100644 > > --- a/kernel/time/timekeeping.h > > +++ b/kernel/time/timekeeping.h > > @@ -15,7 +15,7 @@ extern u64 timekeeping_max_deferment(void); > > extern int timekeeping_inject_offset(struct timespec *ts); > > extern s32 timekeeping_get_tai_offset(void); > > extern void timekeeping_set_tai_offset(s32 tai_offset); > > -extern void timekeeping_clocktai(struct timespec *ts); > > +extern void timekeeping_clocktai(struct timespec64 *ts); > > # git grep timekeeping_clocktai() is your friend. > > Thanks, > > tglx > -- Baolin.wang Best Regards --089e0122f07478b051051437f06d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


On 21 April 2015 at 04:48, Thomas Gleixner <tglx@linutronix.de>= ; wrote:
On Mon, 20 Apr 2015, Baolin Wang wrote:
>=C2=A0 /* Set clock_realtime */
>=C2=A0 static int posix_clock_realtime_set(const clockid_t which_clock,=
> -=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0const struct timespec *tp)=
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0const struct timespec64 *t= p)
>=C2=A0 {
> -=C2=A0 =C2=A0 =C2=A0return do_sys_settimeofday(tp, NULL);
> +=C2=A0 =C2=A0 =C2=A0struct timespec ts =3D timespec64_to_timespec(*tp= );
> +
> +=C2=A0 =C2=A0 =C2=A0return do_sys_settimeofday(&ts, NULL);

Sigh. No. We first provide a proper function for this, which takes a=
timespec64, i.e. do_sys_settimeofday64() instead of having this
wrapper mess all over the place.

Thanks for your comments,but if use=C2=A0do_sys_= settimeofday64() here that will=C2=A0=C2=A0i= ntroduce a security bug: do_sys_settimeofday contains a capability
check that no= rmally prevents non-root users from setting the time.

With your change, any user can set the system time.=C2=A0
<= blockquote class=3D"gmail_quote" style=3D"margin-top:0px;margin-right:0px;m= argin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:= rgb(204,204,204);border-left-style:solid;padding-left:1ex">
>=C2=A0 =C2=A0 =C2=A0 =C2=A0/* SIGEV_NONE timers are not queued ! See co= mmon_timer_get */
>=C2=A0 =C2=A0 =C2=A0 =C2=A0if (((timr->it_sigev_notify & ~SIGEV_= THREAD_ID) =3D=3D SIGEV_NONE)) {
> diff --git a/kernel/time/timekeeping.h b/kernel/time/timekeeping.h
> index 1d91416..144af14 100644
> --- a/kernel/time/timekeeping.h
> +++ b/kernel/time/timekeeping.h
> @@ -15,7 +15,7 @@ extern u64 timekeeping_max_deferment(void);
>=C2=A0 extern int timekeeping_inject_offset(struct timespec *ts);
>=C2=A0 extern s32 timekeeping_get_tai_offset(void);
>=C2=A0 extern void timekeeping_set_tai_offset(s32 tai_offset);
> -extern void timekeeping_clocktai(struct timespec *ts);
> +extern void timekeeping_clocktai(struct timespec64 *ts);

# git grep timekeeping_clocktai() is your friend.

Thanks,

=C2=A0 =C2=A0 =C2=A0 =C2=A0 tglx



--
Baolin.wang
Best Regard= s
--089e0122f07478b051051437f06d--