SELinux Archive on lore.kernel.org
 help / color / Atom feed
From: Ondrej Mosnacek <omosnace@redhat.com>
To: Arnd Bergmann <arnd@arndb.de>
Cc: y2038@lists.linaro.org, John Stultz <john.stultz@linaro.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Paul Moore <paul@paul-moore.com>,
	Stephen Smalley <sds@tycho.nsa.gov>,
	Eric Paris <eparis@parisplace.org>,
	Linux kernel mailing list <linux-kernel@vger.kernel.org>,
	Stephen Boyd <sboyd@kernel.org>,
	Sebastian Andrzej Siewior <bigeasy@linutronix.de>,
	Ingo Molnar <mingo@kernel.org>,
	Anna-Maria Gleixner <anna-maria@linutronix.de>,
	Al Viro <viro@zeniv.linux.org.uk>,
	SElinux list <selinux@vger.kernel.org>
Subject: Re: [PATCH 20/23] y2038: move itimer reset into itimer.c
Date: Sat, 9 Nov 2019 14:43:06 +0100
Message-ID: <CAFqZXNuevxW9d91Zpy6fw3LKrF=xtajAiB61soGQLxgP4xRnFg@mail.gmail.com> (raw)
In-Reply-To: <20191108211323.1806194-11-arnd@arndb.de>

On Fri, Nov 8, 2019 at 10:18 PM Arnd Bergmann <arnd@arndb.de> wrote:
> Preparing for a change to the itimer internals, stop using the
> do_setitimer() symbol and instead use a new higher-level interface.
>
> The do_getitimer()/do_setitimer functions can now be made static,
> allowing the compiler to potentially produce better object code.
>
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> ---
>  include/linux/time.h     |  9 +++++----
>  kernel/time/itimer.c     | 15 +++++++++++++--
>  security/selinux/hooks.c | 10 +++-------
>  3 files changed, 21 insertions(+), 13 deletions(-)
>
> diff --git a/include/linux/time.h b/include/linux/time.h
> index 27d83fd2ae61..0760a4f5a15c 100644
> --- a/include/linux/time.h
> +++ b/include/linux/time.h
> @@ -35,10 +35,11 @@ extern time64_t mktime64(const unsigned int year, const unsigned int mon,
>  extern u32 (*arch_gettimeoffset)(void);
>  #endif
>
> -struct itimerval;
> -extern int do_setitimer(int which, struct itimerval *value,
> -                       struct itimerval *ovalue);
> -extern int do_getitimer(int which, struct itimerval *value);
> +#ifdef CONFIG_POSIX_TIMERS
> +extern void clear_itimer(void);
> +#else
> +static inline void clear_itimer(void) {}
> +#endif
>
>  extern long do_utimes(int dfd, const char __user *filename, struct timespec64 *times, int flags);
>
> diff --git a/kernel/time/itimer.c b/kernel/time/itimer.c
> index 4664c6addf69..ce9cd19ce72e 100644
> --- a/kernel/time/itimer.c
> +++ b/kernel/time/itimer.c
> @@ -73,7 +73,7 @@ static void get_cpu_itimer(struct task_struct *tsk, unsigned int clock_id,
>         value->it_interval = ns_to_timeval(interval);
>  }
>
> -int do_getitimer(int which, struct itimerval *value)
> +static int do_getitimer(int which, struct itimerval *value)
>  {
>         struct task_struct *tsk = current;
>
> @@ -197,7 +197,7 @@ static void set_cpu_itimer(struct task_struct *tsk, unsigned int clock_id,
>  #define timeval_valid(t) \
>         (((t)->tv_sec >= 0) && (((unsigned long) (t)->tv_usec) < USEC_PER_SEC))
>
> -int do_setitimer(int which, struct itimerval *value, struct itimerval *ovalue)
> +static int do_setitimer(int which, struct itimerval *value, struct itimerval *ovalue)
>  {
>         struct task_struct *tsk = current;
>         struct hrtimer *timer;
> @@ -249,6 +249,17 @@ int do_setitimer(int which, struct itimerval *value, struct itimerval *ovalue)
>         return 0;
>  }
>
> +#ifdef CONFIG_SECURITY_SELINUX

Did you mean "#ifdef CONFIG_POSIX_TIMERS" here to match the header?

> +void clear_itimer(void)
> +{
> +       struct itimerval v = {};
> +       int i;
> +
> +       for (i = 0; i < 3; i++)
> +               do_setitimer(i, &v, NULL);
> +}
> +#endif
> +
>  #ifdef __ARCH_WANT_SYS_ALARM
>
>  /**
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 9625b99e677f..c3f2e89acb87 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -2549,9 +2549,8 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
>  static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
>  {
>         const struct task_security_struct *tsec = selinux_cred(current_cred());
> -       struct itimerval itimer;
>         u32 osid, sid;
> -       int rc, i;
> +       int rc;
>
>         osid = tsec->osid;
>         sid = tsec->sid;
> @@ -2569,11 +2568,8 @@ static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
>         rc = avc_has_perm(&selinux_state,
>                           osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
>         if (rc) {
> -               if (IS_ENABLED(CONFIG_POSIX_TIMERS)) {
> -                       memset(&itimer, 0, sizeof itimer);
> -                       for (i = 0; i < 3; i++)
> -                               do_setitimer(i, &itimer, NULL);
> -               }
> +               if (IS_ENABLED(CONFIG_POSIX_TIMERS))
> +                       clear_itimer();

Since you already define a no-op fallback for the case of
!IS_ENABLED(CONFIG_POSIX_TIMERS) in time.h, why not simply call
clear_itimer() unconditionally?

>                 spin_lock_irq(&current->sighand->siglock);
>                 if (!fatal_signal_pending(current)) {
>                         flush_sigqueue(&current->pending);
> --
> 2.20.0
>

-- 
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.


  reply index

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-11-08 21:02 [PATCH 00/23] y2038 cleanups Arnd Bergmann
2019-11-08 21:12 ` [PATCH 20/23] y2038: move itimer reset into itimer.c Arnd Bergmann
2019-11-09 13:43   ` Ondrej Mosnacek [this message]
2019-11-09 21:02     ` Arnd Bergmann
2019-11-09 23:07       ` Ondrej Mosnacek
2019-11-11 10:57         ` Arnd Bergmann
2019-11-14  8:51           ` Ondrej Mosnacek
2019-11-14 10:51             ` Thomas Gleixner
2019-11-13 22:03   ` Thomas Gleixner
2019-11-13 21:40 ` [PATCH 00/23] y2038 cleanups Arnd Bergmann

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAFqZXNuevxW9d91Zpy6fw3LKrF=xtajAiB61soGQLxgP4xRnFg@mail.gmail.com' \
    --to=omosnace@redhat.com \
    --cc=anna-maria@linutronix.de \
    --cc=arnd@arndb.de \
    --cc=bigeasy@linutronix.de \
    --cc=eparis@parisplace.org \
    --cc=john.stultz@linaro.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@kernel.org \
    --cc=paul@paul-moore.com \
    --cc=sboyd@kernel.org \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@vger.kernel.org \
    --cc=tglx@linutronix.de \
    --cc=viro@zeniv.linux.org.uk \
    --cc=y2038@lists.linaro.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

SELinux Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/selinux/0 selinux/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 selinux selinux/ https://lore.kernel.org/selinux \
		selinux@vger.kernel.org
	public-inbox-index selinux

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.selinux


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git