From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.2 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 15D25C432C3 for ; Thu, 14 Nov 2019 14:05:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id E43F720672 for ; Thu, 14 Nov 2019 14:05:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727137AbfKNOFP (ORCPT ); Thu, 14 Nov 2019 09:05:15 -0500 Received: from Galois.linutronix.de ([193.142.43.55]:40734 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726327AbfKNOFO (ORCPT ); Thu, 14 Nov 2019 09:05:14 -0500 Received: from [5.158.153.52] (helo=nanos.tec.linutronix.de) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1iVFjv-0003mN-UV; Thu, 14 Nov 2019 15:04:52 +0100 Date: Thu, 14 Nov 2019 15:04:51 +0100 (CET) From: Thomas Gleixner To: Arnd Bergmann cc: y2038 Mailman List , John Stultz , "linux-kernel@vger.kernel.org" , Stephen Boyd , David Howells , Al Viro , Deepa Dinamani , Christian Brauner , Jens Axboe , Ingo Molnar , Corey Minyard , zhengbin , Li RongQing , Linux API Subject: Re: [PATCH 17/23] y2038: time: avoid timespec usage in settimeofday() In-Reply-To: Message-ID: References: <20191108210236.1296047-1-arnd@arndb.de> <20191108211323.1806194-8-arnd@arndb.de> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 14 Nov 2019, Arnd Bergmann wrote: > On Wed, Nov 13, 2019 at 10:53 PM Thomas Gleixner wrote: > > > > On Fri, 8 Nov 2019, Arnd Bergmann wrote: > > > -SYSCALL_DEFINE2(settimeofday, struct timeval __user *, tv, > > > +SYSCALL_DEFINE2(settimeofday, struct __kernel_old_timeval __user *, tv, > > > struct timezone __user *, tz) > > > { > > > struct timespec64 new_ts; > > > - struct timeval user_tv; > > > struct timezone new_tz; > > > > > > if (tv) { > > > - if (copy_from_user(&user_tv, tv, sizeof(*tv))) > > > + if (get_user(new_ts.tv_sec, &tv->tv_sec) || > > > + get_user(new_ts.tv_nsec, &tv->tv_usec)) > > > return -EFAULT; > > > > How is that supposed to be correct on a 32bit kernel? > > I don't see the problem you are referring to. This should behave the > same way on a 32-bit kernel and on a 64-bit kernel, sign-extending > the tv_sec field, and copying the user tv_usec field into the > kernel tv_nsec, to be multiplied by 1000 a few lines later. You're right. Tired brain failed to see the implicit sign extension in get_user(). > Am I missing something? No. > > > - if (!timeval_valid(&user_tv)) > > > + if (tv->tv_usec > USEC_PER_SEC) > > > return -EINVAL; > > > > That's incomplete: > > > > static inline bool timeval_valid(const struct timeval *tv) > > { > > /* Dates before 1970 are bogus */ > > if (tv->tv_sec < 0) > > return false; > > > > /* Can't have more microseconds then a second */ > > if (tv->tv_usec < 0 || tv->tv_usec >= USEC_PER_SEC) > > return false; > > > > return true; > > } > > My idea was to not duplicate the range check that is done > in do_sys_settimeofday64() and again in do_settimeofday64: > > if (!timespec64_valid_settod(ts)) > return -EINVAL; > > The only check we should need in addition to this is to ensure > that passing an invalid tv_usec number doesn't become an > unexpectedly valid tv_nsec after the multiplication. Right, but please add a proper comment as you/we are going to scratch heads 4 weeks from now when staring at that check and wondering why it is incomplete. Thanks, tglx From mboxrd@z Thu Jan 1 00:00:00 1970 From: Thomas Gleixner Subject: Re: [PATCH 17/23] y2038: time: avoid timespec usage in settimeofday() Date: Thu, 14 Nov 2019 15:04:51 +0100 (CET) Message-ID: References: <20191108210236.1296047-1-arnd@arndb.de> <20191108211323.1806194-8-arnd@arndb.de> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: y2038-bounces@lists.linaro.org Sender: "Y2038" To: Arnd Bergmann Cc: Jens Axboe , Corey Minyard , y2038 Mailman List , Linux API , "linux-kernel@vger.kernel.org" , Li RongQing , David Howells , Stephen Boyd , zhengbin , John Stultz , Al Viro , Ingo Molnar , Christian Brauner , Deepa Dinamani List-Id: linux-api@vger.kernel.org T24gVGh1LCAxNCBOb3YgMjAxOSwgQXJuZCBCZXJnbWFubiB3cm90ZToKPiBPbiBXZWQsIE5vdiAx MywgMjAxOSBhdCAxMDo1MyBQTSBUaG9tYXMgR2xlaXhuZXIgPHRnbHhAbGludXRyb25peC5kZT4g d3JvdGU6Cj4gPgo+ID4gT24gRnJpLCA4IE5vdiAyMDE5LCBBcm5kIEJlcmdtYW5uIHdyb3RlOgo+ ID4gPiAtU1lTQ0FMTF9ERUZJTkUyKHNldHRpbWVvZmRheSwgc3RydWN0IHRpbWV2YWwgX191c2Vy ICosIHR2LAo+ID4gPiArU1lTQ0FMTF9ERUZJTkUyKHNldHRpbWVvZmRheSwgc3RydWN0IF9fa2Vy bmVsX29sZF90aW1ldmFsIF9fdXNlciAqLCB0diwKPiA+ID4gICAgICAgICAgICAgICBzdHJ1Y3Qg dGltZXpvbmUgX191c2VyICosIHR6KQo+ID4gPiAgewo+ID4gPiAgICAgICBzdHJ1Y3QgdGltZXNw ZWM2NCBuZXdfdHM7Cj4gPiA+IC0gICAgIHN0cnVjdCB0aW1ldmFsIHVzZXJfdHY7Cj4gPiA+ICAg ICAgIHN0cnVjdCB0aW1lem9uZSBuZXdfdHo7Cj4gPiA+Cj4gPiA+ICAgICAgIGlmICh0dikgewo+ ID4gPiAtICAgICAgICAgICAgIGlmIChjb3B5X2Zyb21fdXNlcigmdXNlcl90diwgdHYsIHNpemVv ZigqdHYpKSkKPiA+ID4gKyAgICAgICAgICAgICBpZiAoZ2V0X3VzZXIobmV3X3RzLnR2X3NlYywg JnR2LT50dl9zZWMpIHx8Cj4gPiA+ICsgICAgICAgICAgICAgICAgIGdldF91c2VyKG5ld190cy50 dl9uc2VjLCAmdHYtPnR2X3VzZWMpKQo+ID4gPiAgICAgICAgICAgICAgICAgICAgICAgcmV0dXJu IC1FRkFVTFQ7Cj4gPgo+ID4gSG93IGlzIHRoYXQgc3VwcG9zZWQgdG8gYmUgY29ycmVjdCBvbiBh IDMyYml0IGtlcm5lbD8KPiAKPiBJIGRvbid0IHNlZSB0aGUgcHJvYmxlbSB5b3UgYXJlIHJlZmVy cmluZyB0by4gVGhpcyBzaG91bGQgYmVoYXZlIHRoZQo+IHNhbWUgd2F5IG9uIGEgMzItYml0IGtl cm5lbCBhbmQgb24gYSA2NC1iaXQga2VybmVsLCBzaWduLWV4dGVuZGluZwo+IHRoZSB0dl9zZWMg ZmllbGQsIGFuZCBjb3B5aW5nIHRoZSB1c2VyIHR2X3VzZWMgZmllbGQgaW50byB0aGUKPiBrZXJu ZWwgdHZfbnNlYywgdG8gYmUgbXVsdGlwbGllZCBieSAxMDAwIGEgZmV3IGxpbmVzIGxhdGVyLgoK WW91J3JlIHJpZ2h0LiBUaXJlZCBicmFpbiBmYWlsZWQgdG8gc2VlIHRoZSBpbXBsaWNpdCBzaWdu IGV4dGVuc2lvbiBpbgpnZXRfdXNlcigpLgoKPiBBbSBJIG1pc3Npbmcgc29tZXRoaW5nPwoKTm8u Cgo+ID4gPiAtICAgICAgICAgICAgIGlmICghdGltZXZhbF92YWxpZCgmdXNlcl90dikpCj4gPiA+ ICsgICAgICAgICAgICAgaWYgKHR2LT50dl91c2VjID4gVVNFQ19QRVJfU0VDKQo+ID4gPiAgICAg ICAgICAgICAgICAgICAgICAgcmV0dXJuIC1FSU5WQUw7Cj4gPgo+ID4gVGhhdCdzIGluY29tcGxl dGU6Cj4gPgo+ID4gc3RhdGljIGlubGluZSBib29sIHRpbWV2YWxfdmFsaWQoY29uc3Qgc3RydWN0 IHRpbWV2YWwgKnR2KQo+ID4gewo+ID4gICAgICAgICAvKiBEYXRlcyBiZWZvcmUgMTk3MCBhcmUg Ym9ndXMgKi8KPiA+ICAgICAgICAgaWYgKHR2LT50dl9zZWMgPCAwKQo+ID4gICAgICAgICAgICAg ICAgIHJldHVybiBmYWxzZTsKPiA+Cj4gPiAgICAgICAgIC8qIENhbid0IGhhdmUgbW9yZSBtaWNy b3NlY29uZHMgdGhlbiBhIHNlY29uZCAqLwo+ID4gICAgICAgICBpZiAodHYtPnR2X3VzZWMgPCAw IHx8IHR2LT50dl91c2VjID49IFVTRUNfUEVSX1NFQykKPiA+ICAgICAgICAgICAgICAgICByZXR1 cm4gZmFsc2U7Cj4gPgo+ID4gICAgICAgICByZXR1cm4gdHJ1ZTsKPiA+IH0KPiAKPiBNeSBpZGVh IHdhcyB0byBub3QgZHVwbGljYXRlIHRoZSByYW5nZSBjaGVjayB0aGF0IGlzIGRvbmUKPiBpbiBk b19zeXNfc2V0dGltZW9mZGF5NjQoKSBhbmQgYWdhaW4gaW4gZG9fc2V0dGltZW9mZGF5NjQ6Cj4g Cj4gICAgICAgICBpZiAoIXRpbWVzcGVjNjRfdmFsaWRfc2V0dG9kKHRzKSkKPiAgICAgICAgICAg ICAgICAgcmV0dXJuIC1FSU5WQUw7Cj4gCj4gVGhlIG9ubHkgY2hlY2sgd2Ugc2hvdWxkIG5lZWQg aW4gYWRkaXRpb24gdG8gdGhpcyBpcyB0byBlbnN1cmUKPiB0aGF0IHBhc3NpbmcgYW4gaW52YWxp ZCB0dl91c2VjIG51bWJlciBkb2Vzbid0IGJlY29tZSBhbgo+IHVuZXhwZWN0ZWRseSB2YWxpZCB0 dl9uc2VjIGFmdGVyIHRoZSBtdWx0aXBsaWNhdGlvbi4KClJpZ2h0LCBidXQgcGxlYXNlIGFkZCBh IHByb3BlciBjb21tZW50IGFzIHlvdS93ZSBhcmUgZ29pbmcgdG8gc2NyYXRjaCBoZWFkcwo0IHdl ZWtzIGZyb20gbm93IHdoZW4gc3RhcmluZyBhdCB0aGF0IGNoZWNrIGFuZCB3b25kZXJpbmcgd2h5 IGl0IGlzCmluY29tcGxldGUuCgpUaGFua3MsCgoJdGdseApfX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fXwpZMjAzOCBtYWlsaW5nIGxpc3QKWTIwMzhAbGlzdHMu bGluYXJvLm9yZwpodHRwczovL2xpc3RzLmxpbmFyby5vcmcvbWFpbG1hbi9saXN0aW5mby95MjAz OAo=