[PATCH 00/23] y2038 cleanups

[PATCH 00/23] y2038 cleanups

[Arnd Bergmann]

This is a series of cleanups for the y2038 work, mostly intended
for namespace cleaning: the kernel defines the traditional
time_t, timeval and timespec types that often lead to y2038-unsafe
code. Even though the unsafe usage is mostly gone from the kernel,
having the types and associated functions around means that we
can still grow new users, and that we may be missing conversions
to safe types that actually matter.

As there is no rush on any of these patches, I would either
queue them up in linux-next through my y2038 branch, or
Thomas could add them to the tip tree if he wants.

As mentioned in another series, this is part of a larger
effort to fix all the remaining bits and pieces that are
not completed yet from the y2038 conversion, and the full
set can be found at:

https://git.kernel.org/pub/scm/linux/kernel/git/arnd/playground.git/log/?h=y2038-endgame

Maintainers, please review and provide Acks.

Let me know if you have any opinion on whether we should do
the include last two patches of this series or not.

     Arnd

Arnd Bergmann (23):
  y2038: remove CONFIG_64BIT_TIME
  y2038: add __kernel_old_timespec and __kernel_old_time_t
  y2038: vdso: change timeval to __kernel_old_timeval
  y2038: vdso: change timespec to __kernel_old_timespec
  y2038: vdso: change time_t to __kernel_old_time_t
  y2038: vdso: nds32: open-code timespec_add_ns()
  y2038: vdso: powerpc: avoid timespec references
  y2038: ipc: remove __kernel_time_t reference from headers
  y2038: stat: avoid 'time_t' in 'struct stat'
  y2038: uapi: change __kernel_time_t to __kernel_old_time_t
  y2038: rusage: use __kernel_old_timeval
  y2038: syscalls: change remaining timeval to __kernel_old_timeval
  y2038: socket: remove timespec reference in timestamping
  y2038: make ns_to_compat_timeval use __kernel_old_timeval
  y2038: elfcore: Use __kernel_old_timeval for process times
  y2038: timerfd: Use timespec64 internally
  y2038: time: avoid timespec usage in settimeofday()
  y2038: itimer: compat handling to itimer.c
  y2038: use compat_{get,set}_itimer on alpha
  y2038: move itimer reset into itimer.c
  y2038: itimer: change implementation to timespec64
  [RFC] y2038: itimer: use ktime_t internally
  y2038: allow disabling time32 system calls

 arch/Kconfig                              |  11 +-
 arch/alpha/kernel/osf_sys.c               |  67 +-----
 arch/alpha/kernel/syscalls/syscall.tbl    |   4 +-
 arch/ia64/kernel/asm-offsets.c            |   2 +-
 arch/mips/include/uapi/asm/msgbuf.h       |   6 +-
 arch/mips/include/uapi/asm/sembuf.h       |   4 +-
 arch/mips/include/uapi/asm/shmbuf.h       |   6 +-
 arch/mips/include/uapi/asm/stat.h         |  16 +-
 arch/mips/kernel/binfmt_elfn32.c          |   4 +-
 arch/mips/kernel/binfmt_elfo32.c          |   4 +-
 arch/nds32/kernel/vdso/gettimeofday.c     |  61 +++--
 arch/parisc/include/uapi/asm/msgbuf.h     |   6 +-
 arch/parisc/include/uapi/asm/sembuf.h     |   4 +-
 arch/parisc/include/uapi/asm/shmbuf.h     |   6 +-
 arch/powerpc/include/asm/asm-prototypes.h |   3 +-
 arch/powerpc/include/asm/vdso_datapage.h  |   6 +-
 arch/powerpc/include/uapi/asm/msgbuf.h    |   6 +-
 arch/powerpc/include/uapi/asm/sembuf.h    |   4 +-
 arch/powerpc/include/uapi/asm/shmbuf.h    |   6 +-
 arch/powerpc/include/uapi/asm/stat.h      |   2 +-
 arch/powerpc/kernel/asm-offsets.c         |  18 +-
 arch/powerpc/kernel/syscalls.c            |   4 +-
 arch/powerpc/kernel/time.c                |   5 +-
 arch/powerpc/kernel/vdso32/gettimeofday.S |   6 +-
 arch/powerpc/kernel/vdso64/gettimeofday.S |   8 +-
 arch/sparc/include/uapi/asm/msgbuf.h      |   6 +-
 arch/sparc/include/uapi/asm/sembuf.h      |   4 +-
 arch/sparc/include/uapi/asm/shmbuf.h      |   6 +-
 arch/sparc/include/uapi/asm/stat.h        |  24 +-
 arch/sparc/vdso/vclock_gettime.c          |  36 +--
 arch/x86/entry/vdso/vclock_gettime.c      |   6 +-
 arch/x86/entry/vsyscall/vsyscall_64.c     |   4 +-
 arch/x86/include/uapi/asm/msgbuf.h        |   6 +-
 arch/x86/include/uapi/asm/sembuf.h        |   4 +-
 arch/x86/include/uapi/asm/shmbuf.h        |   6 +-
 arch/x86/um/vdso/um_vdso.c                |  12 +-
 fs/aio.c                                  |   2 +-
 fs/binfmt_elf.c                           |  12 +-
 fs/binfmt_elf_fdpic.c                     |  12 +-
 fs/compat_binfmt_elf.c                    |   4 +-
 fs/select.c                               |  10 +-
 fs/timerfd.c                              |  14 +-
 fs/utimes.c                               |   8 +-
 include/linux/compat.h                    |  19 +-
 include/linux/syscalls.h                  |  16 +-
 include/linux/time.h                      |   9 +-
 include/linux/time32.h                    |   2 +-
 include/linux/types.h                     |   2 +-
 include/trace/events/timer.h              |  29 +--
 include/uapi/asm-generic/msgbuf.h         |  12 +-
 include/uapi/asm-generic/posix_types.h    |   1 +
 include/uapi/asm-generic/sembuf.h         |   7 +-
 include/uapi/asm-generic/shmbuf.h         |  12 +-
 include/uapi/linux/cyclades.h             |   6 +-
 include/uapi/linux/elfcore.h              |   8 +-
 include/uapi/linux/errqueue.h             |   7 +
 include/uapi/linux/msg.h                  |   6 +-
 include/uapi/linux/ppp_defs.h             |   4 +-
 include/uapi/linux/resource.h             |   4 +-
 include/uapi/linux/sem.h                  |   4 +-
 include/uapi/linux/shm.h                  |   6 +-
 include/uapi/linux/time.h                 |   6 +-
 include/uapi/linux/time_types.h           |   5 +
 include/uapi/linux/utime.h                |   4 +-
 ipc/syscall.c                             |   2 +-
 kernel/compat.c                           |  24 --
 kernel/power/power.h                      |   2 +-
 kernel/sys.c                              |   4 +-
 kernel/sys_ni.c                           |  23 ++
 kernel/time/hrtimer.c                     |   2 +-
 kernel/time/itimer.c                      | 280 ++++++++++++++--------
 kernel/time/time.c                        |  32 ++-
 lib/vdso/gettimeofday.c                   |   4 +-
 net/core/scm.c                            |   6 +-
 net/socket.c                              |   2 +-
 security/selinux/hooks.c                  |  10 +-
 76 files changed, 501 insertions(+), 504 deletions(-)

-- 
2.20.0

Cc: rth@twiddle.net
Cc: tony.luck@intel.com
Cc: paul.burton@mips.com
Cc: green.hu@gmail.com
Cc: deller@gmx.de
Cc: mpe@ellerman.id.au
Cc: davem@davemloft.net
Cc: tglx@linutronix.de
Cc: x86@kernel.org
Cc: jdike@addtoit.com
Cc: richard@nod.at
Cc: viro@zeniv.linux.org.uk
Cc: bcrl@kvack.org
Cc: john.stultz@linaro.org
Cc: sboyd@kernel.org
Cc: rostedt@goodmis.org
Cc: arnd@arndb.de
Cc: vincenzo.frascino@arm.com
Cc: paul@paul-moore.com
Cc: sds@tycho.nsa.gov
Cc: eparis@parisplace.org
Cc: peterz@infradead.org
Cc: will@kernel.org
Cc: deepa.kernel@gmail.com
Cc: christian@brauner.io
Cc: heiko.carstens@de.ibm.com
Cc: christophe.leroy@c-s.fr
Cc: ebiederm@xmission.com
Cc: linux-kernel@vger.kernel.org
Cc: linux-alpha@vger.kernel.org>
Cc: linux-ia64@vger.kernel.org>
Cc: linux-mips@vger.kernel.org>
Cc: linux-parisc@vger.kernel.org>
Cc: linuxppc-dev@lists.ozlabs.org>
Cc: sparclinux@vger.kernel.org>
Cc: linux-um@lists.infradead.org>
Cc: linux-fsdevel@vger.kernel.org>
Cc: linux-aio@kvack.org>
Cc: linux-api@vger.kernel.org>
Cc: linux-arch@vger.kernel.org>
Cc: netdev@vger.kernel.org>
Cc: selinux@vger.kernel.org>

[PATCH 20/23] y2038: move itimer reset into itimer.c

[Arnd Bergmann]

Preparing for a change to the itimer internals, stop using the
do_setitimer() symbol and instead use a new higher-level interface.

The do_getitimer()/do_setitimer functions can now be made static,
allowing the compiler to potentially produce better object code.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
 include/linux/time.h     |  9 +++++----
 kernel/time/itimer.c     | 15 +++++++++++++--
 security/selinux/hooks.c | 10 +++-------
 3 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/include/linux/time.h b/include/linux/time.h
index 27d83fd2ae61..0760a4f5a15c 100644
--- a/include/linux/time.h
+++ b/include/linux/time.h
@@ -35,10 +35,11 @@ extern time64_t mktime64(const unsigned int year, const unsigned int mon,
 extern u32 (*arch_gettimeoffset)(void);
 #endif
 
-struct itimerval;
-extern int do_setitimer(int which, struct itimerval *value,
-			struct itimerval *ovalue);
-extern int do_getitimer(int which, struct itimerval *value);
+#ifdef CONFIG_POSIX_TIMERS
+extern void clear_itimer(void);
+#else
+static inline void clear_itimer(void) {}
+#endif
 
 extern long do_utimes(int dfd, const char __user *filename, struct timespec64 *times, int flags);
 
diff --git a/kernel/time/itimer.c b/kernel/time/itimer.c
index 4664c6addf69..ce9cd19ce72e 100644
--- a/kernel/time/itimer.c
+++ b/kernel/time/itimer.c
@@ -73,7 +73,7 @@ static void get_cpu_itimer(struct task_struct *tsk, unsigned int clock_id,
 	value->it_interval = ns_to_timeval(interval);
 }
 
-int do_getitimer(int which, struct itimerval *value)
+static int do_getitimer(int which, struct itimerval *value)
 {
 	struct task_struct *tsk = current;
 
@@ -197,7 +197,7 @@ static void set_cpu_itimer(struct task_struct *tsk, unsigned int clock_id,
 #define timeval_valid(t) \
 	(((t)->tv_sec >= 0) && (((unsigned long) (t)->tv_usec) < USEC_PER_SEC))
 
-int do_setitimer(int which, struct itimerval *value, struct itimerval *ovalue)
+static int do_setitimer(int which, struct itimerval *value, struct itimerval *ovalue)
 {
 	struct task_struct *tsk = current;
 	struct hrtimer *timer;
@@ -249,6 +249,17 @@ int do_setitimer(int which, struct itimerval *value, struct itimerval *ovalue)
 	return 0;
 }
 
+#ifdef CONFIG_SECURITY_SELINUX
+void clear_itimer(void)
+{
+	struct itimerval v = {};
+	int i;
+
+	for (i = 0; i < 3; i++)
+		do_setitimer(i, &v, NULL);
+}
+#endif
+
 #ifdef __ARCH_WANT_SYS_ALARM
 
 /**
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 9625b99e677f..c3f2e89acb87 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2549,9 +2549,8 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
 static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
 {
 	const struct task_security_struct *tsec = selinux_cred(current_cred());
-	struct itimerval itimer;
 	u32 osid, sid;
-	int rc, i;
+	int rc;
 
 	osid = tsec->osid;
 	sid = tsec->sid;
@@ -2569,11 +2568,8 @@ static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
 	rc = avc_has_perm(&selinux_state,
 			  osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
 	if (rc) {
-		if (IS_ENABLED(CONFIG_POSIX_TIMERS)) {
-			memset(&itimer, 0, sizeof itimer);
-			for (i = 0; i < 3; i++)
-				do_setitimer(i, &itimer, NULL);
-		}
+		if (IS_ENABLED(CONFIG_POSIX_TIMERS))
+			clear_itimer();
 		spin_lock_irq(&current->sighand->siglock);
 		if (!fatal_signal_pending(current)) {
 			flush_sigqueue(&current->pending);
-- 
2.20.0

Re: [PATCH 20/23] y2038: move itimer reset into itimer.c

[Ondrej Mosnacek]

On Fri, Nov 8, 2019 at 10:18 PM Arnd Bergmann <arnd@arndb.de> wrote:
> Preparing for a change to the itimer internals, stop using the
> do_setitimer() symbol and instead use a new higher-level interface.
>
> The do_getitimer()/do_setitimer functions can now be made static,
> allowing the compiler to potentially produce better object code.
>
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> ---
>  include/linux/time.h     |  9 +++++----
>  kernel/time/itimer.c     | 15 +++++++++++++--
>  security/selinux/hooks.c | 10 +++-------
>  3 files changed, 21 insertions(+), 13 deletions(-)
>
> diff --git a/include/linux/time.h b/include/linux/time.h
> index 27d83fd2ae61..0760a4f5a15c 100644
> --- a/include/linux/time.h
> +++ b/include/linux/time.h
> @@ -35,10 +35,11 @@ extern time64_t mktime64(const unsigned int year, const unsigned int mon,
>  extern u32 (*arch_gettimeoffset)(void);
>  #endif
>
> -struct itimerval;
> -extern int do_setitimer(int which, struct itimerval *value,
> -                       struct itimerval *ovalue);
> -extern int do_getitimer(int which, struct itimerval *value);
> +#ifdef CONFIG_POSIX_TIMERS
> +extern void clear_itimer(void);
> +#else
> +static inline void clear_itimer(void) {}
> +#endif
>
>  extern long do_utimes(int dfd, const char __user *filename, struct timespec64 *times, int flags);
>
> diff --git a/kernel/time/itimer.c b/kernel/time/itimer.c
> index 4664c6addf69..ce9cd19ce72e 100644
> --- a/kernel/time/itimer.c
> +++ b/kernel/time/itimer.c
> @@ -73,7 +73,7 @@ static void get_cpu_itimer(struct task_struct *tsk, unsigned int clock_id,
>         value->it_interval = ns_to_timeval(interval);
>  }
>
> -int do_getitimer(int which, struct itimerval *value)
> +static int do_getitimer(int which, struct itimerval *value)
>  {
>         struct task_struct *tsk = current;
>
> @@ -197,7 +197,7 @@ static void set_cpu_itimer(struct task_struct *tsk, unsigned int clock_id,
>  #define timeval_valid(t) \
>         (((t)->tv_sec >= 0) && (((unsigned long) (t)->tv_usec) < USEC_PER_SEC))
>
> -int do_setitimer(int which, struct itimerval *value, struct itimerval *ovalue)
> +static int do_setitimer(int which, struct itimerval *value, struct itimerval *ovalue)
>  {
>         struct task_struct *tsk = current;
>         struct hrtimer *timer;
> @@ -249,6 +249,17 @@ int do_setitimer(int which, struct itimerval *value, struct itimerval *ovalue)
>         return 0;
>  }
>
> +#ifdef CONFIG_SECURITY_SELINUX

Did you mean "#ifdef CONFIG_POSIX_TIMERS" here to match the header?

> +void clear_itimer(void)
> +{
> +       struct itimerval v = {};
> +       int i;
> +
> +       for (i = 0; i < 3; i++)
> +               do_setitimer(i, &v, NULL);
> +}
> +#endif
> +
>  #ifdef __ARCH_WANT_SYS_ALARM
>
>  /**
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 9625b99e677f..c3f2e89acb87 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -2549,9 +2549,8 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
>  static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
>  {
>         const struct task_security_struct *tsec = selinux_cred(current_cred());
> -       struct itimerval itimer;
>         u32 osid, sid;
> -       int rc, i;
> +       int rc;
>
>         osid = tsec->osid;
>         sid = tsec->sid;
> @@ -2569,11 +2568,8 @@ static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
>         rc = avc_has_perm(&selinux_state,
>                           osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
>         if (rc) {
> -               if (IS_ENABLED(CONFIG_POSIX_TIMERS)) {
> -                       memset(&itimer, 0, sizeof itimer);
> -                       for (i = 0; i < 3; i++)
> -                               do_setitimer(i, &itimer, NULL);
> -               }
> +               if (IS_ENABLED(CONFIG_POSIX_TIMERS))
> +                       clear_itimer();

Since you already define a no-op fallback for the case of
!IS_ENABLED(CONFIG_POSIX_TIMERS) in time.h, why not simply call
clear_itimer() unconditionally?

>                 spin_lock_irq(&current->sighand->siglock);
>                 if (!fatal_signal_pending(current)) {
>                         flush_sigqueue(&current->pending);
> --
> 2.20.0
>

-- 
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.

Re: [PATCH 20/23] y2038: move itimer reset into itimer.c

[Arnd Bergmann]

On Sat, Nov 9, 2019 at 2:43 PM Ondrej Mosnacek <omosnace@redhat.com> wrote:

> > -struct itimerval;
> > -extern int do_setitimer(int which, struct itimerval *value,
> > -                       struct itimerval *ovalue);
> > -extern int do_getitimer(int which, struct itimerval *value);
> > +#ifdef CONFIG_POSIX_TIMERS
> > +extern void clear_itimer(void);
> > +#else
> > +static inline void clear_itimer(void) {}
> > +#endif
> >

> > @@ -249,6 +249,17 @@ int do_setitimer(int which, struct itimerval *value, struct itimerval *ovalue)
> >         return 0;
> >  }
> >
> > +#ifdef CONFIG_SECURITY_SELINUX
>
> Did you mean "#ifdef CONFIG_POSIX_TIMERS" here to match the header?

No, this part is intentional, CONFIG_POSIX_TIMERS already controls
whether itimer.c is
compiled in the first place, but this function is only needed when called from
the selinux driver.

> > -               }
> > +               if (IS_ENABLED(CONFIG_POSIX_TIMERS))
> > +                       clear_itimer();
>
> Since you already define a no-op fallback for the case of
> !IS_ENABLED(CONFIG_POSIX_TIMERS) in time.h, why not simply call
> clear_itimer() unconditionally?

Ah right, that was indeed my plan here when I changed the declaration
in the header, I just forgot to remove the if(). Fixed now.

Thanks for the review!

      Arnd

Re: [PATCH 20/23] y2038: move itimer reset into itimer.c

[Ondrej Mosnacek]

On Sat, Nov 9, 2019 at 10:03 PM Arnd Bergmann <arnd@arndb.de> wrote:
>
> On Sat, Nov 9, 2019 at 2:43 PM Ondrej Mosnacek <omosnace@redhat.com> wrote:
>
> > > -struct itimerval;
> > > -extern int do_setitimer(int which, struct itimerval *value,
> > > -                       struct itimerval *ovalue);
> > > -extern int do_getitimer(int which, struct itimerval *value);
> > > +#ifdef CONFIG_POSIX_TIMERS
> > > +extern void clear_itimer(void);
> > > +#else
> > > +static inline void clear_itimer(void) {}
> > > +#endif
> > >
>
> > > @@ -249,6 +249,17 @@ int do_setitimer(int which, struct itimerval *value, struct itimerval *ovalue)
> > >         return 0;
> > >  }
> > >
> > > +#ifdef CONFIG_SECURITY_SELINUX
> >
> > Did you mean "#ifdef CONFIG_POSIX_TIMERS" here to match the header?
>
> No, this part is intentional, CONFIG_POSIX_TIMERS already controls
> whether itimer.c is
> compiled in the first place, but this function is only needed when called from
> the selinux driver.

All right, but you declare the function in time.h even if
CONFIG_SECURITY_SELINUX is not enabled... it is kind of awkward when
it can happen that the function is declared but not defined anywhere
(even if it shouldn't be used by new users). Maybe you could at least
put the header declaration/definition inside #ifdef
CONFIG_SECURITY_SELINUX as well so it is clear that this function is
intended for SELinux only?

-- 
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.

Re: [PATCH 20/23] y2038: move itimer reset into itimer.c

[Arnd Bergmann]

On Sun, Nov 10, 2019 at 12:07 AM Ondrej Mosnacek <omosnace@redhat.com> wrote:
>
> On Sat, Nov 9, 2019 at 10:03 PM Arnd Bergmann <arnd@arndb.de> wrote:
> >
> > On Sat, Nov 9, 2019 at 2:43 PM Ondrej Mosnacek <omosnace@redhat.com> wrote:
> >
> > > > -struct itimerval;
> > > > -extern int do_setitimer(int which, struct itimerval *value,
> > > > -                       struct itimerval *ovalue);
> > > > -extern int do_getitimer(int which, struct itimerval *value);
> > > > +#ifdef CONFIG_POSIX_TIMERS
> > > > +extern void clear_itimer(void);
> > > > +#else
> > > > +static inline void clear_itimer(void) {}
> > > > +#endif
> > > >
> >
> > > > @@ -249,6 +249,17 @@ int do_setitimer(int which, struct itimerval *value, struct itimerval *ovalue)
> > > >         return 0;
> > > >  }
> > > >
> > > > +#ifdef CONFIG_SECURITY_SELINUX
> > >
> > > Did you mean "#ifdef CONFIG_POSIX_TIMERS" here to match the header?
> >
> > No, this part is intentional, CONFIG_POSIX_TIMERS already controls
> > whether itimer.c is
> > compiled in the first place, but this function is only needed when called from
> > the selinux driver.
>
> All right, but you declare the function in time.h even if
> CONFIG_SECURITY_SELINUX is not enabled... it is kind of awkward when
> it can happen that the function is declared but not defined anywhere
> (even if it shouldn't be used by new users). Maybe you could at least
> put the header declaration/definition inside #ifdef
> CONFIG_SECURITY_SELINUX as well so it is clear that this function is
> intended for SELinux only?

I don't see that as a problem, we rarely put declarations inside of an #ifdef.
The main effect that would have is forcing any file that includes linux/time.h
to be rebuilt when selinux is turned on or off in the .config.

     Arnd

Re: [PATCH 00/23] y2038 cleanups

[Arnd Bergmann]

On Fri, Nov 8, 2019 at 10:04 PM Arnd Bergmann <arnd@arndb.de> wrote:
>
> This is a series of cleanups for the y2038 work, mostly intended
> for namespace cleaning: the kernel defines the traditional
> time_t, timeval and timespec types that often lead to y2038-unsafe
> code. Even though the unsafe usage is mostly gone from the kernel,
> having the types and associated functions around means that we
> can still grow new users, and that we may be missing conversions
> to safe types that actually matter.
>
> As there is no rush on any of these patches, I would either
> queue them up in linux-next through my y2038 branch, or
> Thomas could add them to the tip tree if he wants.
>
> As mentioned in another series, this is part of a larger
> effort to fix all the remaining bits and pieces that are
> not completed yet from the y2038 conversion, and the full
> set can be found at:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/arnd/playground.git/log/?h=y2038-endgame
>
> Maintainers, please review and provide Acks.
>
> Let me know if you have any opinion on whether we should do
> the include last two patches of this series or not.
>
>      Arnd
>
> Arnd Bergmann (23):
>   y2038: remove CONFIG_64BIT_TIME
>   y2038: add __kernel_old_timespec and __kernel_old_time_t
>   y2038: vdso: change timeval to __kernel_old_timeval
>   y2038: vdso: change timespec to __kernel_old_timespec
>   y2038: vdso: change time_t to __kernel_old_time_t
>   y2038: vdso: nds32: open-code timespec_add_ns()
>   y2038: vdso: powerpc: avoid timespec references
>   y2038: ipc: remove __kernel_time_t reference from headers
>   y2038: stat: avoid 'time_t' in 'struct stat'
>   y2038: uapi: change __kernel_time_t to __kernel_old_time_t
>   y2038: rusage: use __kernel_old_timeval
>   y2038: syscalls: change remaining timeval to __kernel_old_timeval
>   y2038: socket: remove timespec reference in timestamping
>   y2038: make ns_to_compat_timeval use __kernel_old_timeval
>   y2038: elfcore: Use __kernel_old_timeval for process times
>   y2038: timerfd: Use timespec64 internally
>   y2038: time: avoid timespec usage in settimeofday()
>   y2038: itimer: compat handling to itimer.c
>   y2038: use compat_{get,set}_itimer on alpha
>   y2038: move itimer reset into itimer.c
>   y2038: itimer: change implementation to timespec64
>   [RFC] y2038: itimer: use ktime_t internally
>   y2038: allow disabling time32 system calls

I've dropped the "[RFC] y2038: itimer: use ktime_t internally" patch
for the moment,
and added two other patches from other series:

y2038: remove CONFIG_64BIT_TIME
y2038: socket: use __kernel_old_timespec instead of timespec

Tentatively pushed out the patches with the Acks I have received so
far to my y2038 branch on git.kernel.org so it gets included in linux-next.

If I hear no complaints, I'll send a pull request for the merge window,
along with the compat-ioctl series I have already queued up in the same
branch.

    Arnd

Re: [PATCH 20/23] y2038: move itimer reset into itimer.c

[Thomas Gleixner]

On Fri, 8 Nov 2019, Arnd Bergmann wrote:

> Preparing for a change to the itimer internals, stop using the
> do_setitimer() symbol and instead use a new higher-level interface.
> 
> The do_getitimer()/do_setitimer functions can now be made static,
> allowing the compiler to potentially produce better object code.
> 
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>

Reviewed-by: Thomas Gleixner <tglx@linutronix.de>

Re: [PATCH 20/23] y2038: move itimer reset into itimer.c

[Ondrej Mosnacek]

On Mon, Nov 11, 2019 at 11:58 AM Arnd Bergmann <arnd@arndb.de> wrote:
>
> On Sun, Nov 10, 2019 at 12:07 AM Ondrej Mosnacek <omosnace@redhat.com> wrote:
> >
> > On Sat, Nov 9, 2019 at 10:03 PM Arnd Bergmann <arnd@arndb.de> wrote:
> > >
> > > On Sat, Nov 9, 2019 at 2:43 PM Ondrej Mosnacek <omosnace@redhat.com> wrote:
> > >
> > > > > -struct itimerval;
> > > > > -extern int do_setitimer(int which, struct itimerval *value,
> > > > > -                       struct itimerval *ovalue);
> > > > > -extern int do_getitimer(int which, struct itimerval *value);
> > > > > +#ifdef CONFIG_POSIX_TIMERS
> > > > > +extern void clear_itimer(void);
> > > > > +#else
> > > > > +static inline void clear_itimer(void) {}
> > > > > +#endif
> > > > >
> > >
> > > > > @@ -249,6 +249,17 @@ int do_setitimer(int which, struct itimerval *value, struct itimerval *ovalue)
> > > > >         return 0;
> > > > >  }
> > > > >
> > > > > +#ifdef CONFIG_SECURITY_SELINUX
> > > >
> > > > Did you mean "#ifdef CONFIG_POSIX_TIMERS" here to match the header?
> > >
> > > No, this part is intentional, CONFIG_POSIX_TIMERS already controls
> > > whether itimer.c is
> > > compiled in the first place, but this function is only needed when called from
> > > the selinux driver.
> >
> > All right, but you declare the function in time.h even if
> > CONFIG_SECURITY_SELINUX is not enabled... it is kind of awkward when
> > it can happen that the function is declared but not defined anywhere
> > (even if it shouldn't be used by new users). Maybe you could at least
> > put the header declaration/definition inside #ifdef
> > CONFIG_SECURITY_SELINUX as well so it is clear that this function is
> > intended for SELinux only?
>
> I don't see that as a problem, we rarely put declarations inside of an #ifdef.
> The main effect that would have is forcing any file that includes linux/time.h
> to be rebuilt when selinux is turned on or off in the .config.

OK, but with this patch if someone tries to use the function
elsewhere, the build will succeed if SELinux is enabled in the config,
but fail if it isn't.  Is that intended?  I would suggest at least
clearly documenting it above the declaration that the function isn't
supposed to be used by new users and doing so will cause build to fail
under CONFIG_SECURITY_SELINUX=n.

--
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.

Re: [PATCH 20/23] y2038: move itimer reset into itimer.c

[Thomas Gleixner]

On Thu, 14 Nov 2019, Ondrej Mosnacek wrote:
> On Mon, Nov 11, 2019 at 11:58 AM Arnd Bergmann <arnd@arndb.de> wrote:
> > I don't see that as a problem, we rarely put declarations inside of an #ifdef.
> > The main effect that would have is forcing any file that includes linux/time.h
> > to be rebuilt when selinux is turned on or off in the .config.
> 
> OK, but with this patch if someone tries to use the function
> elsewhere, the build will succeed if SELinux is enabled in the config,
> but fail if it isn't.  Is that intended?  I would suggest at least
> clearly documenting it above the declaration that the function isn't
> supposed to be used by new users and doing so will cause build to fail
> under CONFIG_SECURITY_SELINUX=n.

Come on. We have enough functions in the kernel which are only available
under a certain config option and if you (ab)use them elsewhere then the
build fails. So what?

The #ifdef documents the limited scope and intended use clearly. If
something else really needs that function, then removing the #ifdef
shouldn't be rocket science either.

Thanks,

	tglx