Stable Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH 1/8] y2038: timex: remove incorrect time_t truncation
       [not found] <20191108203435.112759-1-arnd@arndb.de>
@ 2019-11-08 20:34 ` Arnd Bergmann
  2019-11-10 20:44   ` Deepa Dinamani
  2019-11-12  7:16   ` [tip: timers/urgent] ntp/y2038: Remove " tip-bot2 for Arnd Bergmann
  2019-11-08 20:34 ` [PATCH 6/8] lp: fix sparc64 LPSETTIMEOUT ioctl Arnd Bergmann
                   ` (2 subsequent siblings)
  3 siblings, 2 replies; 8+ messages in thread
From: Arnd Bergmann @ 2019-11-08 20:34 UTC (permalink / raw)
  To: y2038, John Stultz, Thomas Gleixner
  Cc: linux-kernel, Arnd Bergmann, stable, Deepa Dinamani, linux-alpha,
	netdev, Stephen Boyd

A cast to 'time_t' was accidentally left in place during the
conversion of __do_adjtimex() to 64-bit timestamps, so the
resulting value is incorrectly truncated.

Remove the cast so the 64-bit time gets propagated correctly.

Cc: stable@vger.kernel.org
Fixes: ead25417f82e ("timex: use __kernel_timex internally")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
 kernel/time/ntp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c
index 65eb796610dc..069ca78fb0bf 100644
--- a/kernel/time/ntp.c
+++ b/kernel/time/ntp.c
@@ -771,7 +771,7 @@ int __do_adjtimex(struct __kernel_timex *txc, const struct timespec64 *ts,
 	/* fill PPS status fields */
 	pps_fill_timex(txc);
 
-	txc->time.tv_sec = (time_t)ts->tv_sec;
+	txc->time.tv_sec = ts->tv_sec;
 	txc->time.tv_usec = ts->tv_nsec;
 	if (!(time_status & STA_NANO))
 		txc->time.tv_usec = ts->tv_nsec / NSEC_PER_USEC;
-- 
2.20.0


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH 6/8] lp: fix sparc64 LPSETTIMEOUT ioctl
       [not found] <20191108203435.112759-1-arnd@arndb.de>
  2019-11-08 20:34 ` [PATCH 1/8] y2038: timex: remove incorrect time_t truncation Arnd Bergmann
@ 2019-11-08 20:34 ` Arnd Bergmann
  2019-11-08 20:34 ` [PATCH 7/8] ppdev: fix PPGETTIME/PPSETTIME ioctls Arnd Bergmann
  2019-11-08 20:34 ` [PATCH 8/8] Input: input_event: fix struct padding on sparc64 Arnd Bergmann
  3 siblings, 0 replies; 8+ messages in thread
From: Arnd Bergmann @ 2019-11-08 20:34 UTC (permalink / raw)
  To: y2038, Greg Kroah-Hartman
  Cc: linux-kernel, Arnd Bergmann, stable, Bamvor Jian Zhang,
	Sudip Mukherjee, Gustavo A. R. Silva, Thomas Gleixner

The layout of struct timeval is different on sparc64 from
anything else, and the patch I did long ago failed to take
this into account.

Change it now to handle sparc64 user space correctly again.

Quite likely nobody cares about parallel ports on sparc64,
but there is no reason not to fix it.

Cc: stable@vger.kernel.org
Fixes: 9a450484089d ("lp: support 64-bit time_t user space")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
 drivers/char/lp.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/char/lp.c b/drivers/char/lp.c
index 7c9269e3477a..bd95aba1f9fe 100644
--- a/drivers/char/lp.c
+++ b/drivers/char/lp.c
@@ -713,6 +713,10 @@ static int lp_set_timeout64(unsigned int minor, void __user *arg)
 	if (copy_from_user(karg, arg, sizeof(karg)))
 		return -EFAULT;
 
+	/* sparc64 suseconds_t is 32-bit only */
+	if (IS_ENABLED(CONFIG_SPARC64) && !in_compat_syscall())
+		karg[1] >>= 32;
+
 	return lp_set_timeout(minor, karg[0], karg[1]);
 }
 
-- 
2.20.0


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH 7/8] ppdev: fix PPGETTIME/PPSETTIME ioctls
       [not found] <20191108203435.112759-1-arnd@arndb.de>
  2019-11-08 20:34 ` [PATCH 1/8] y2038: timex: remove incorrect time_t truncation Arnd Bergmann
  2019-11-08 20:34 ` [PATCH 6/8] lp: fix sparc64 LPSETTIMEOUT ioctl Arnd Bergmann
@ 2019-11-08 20:34 ` Arnd Bergmann
  2019-11-08 20:34 ` [PATCH 8/8] Input: input_event: fix struct padding on sparc64 Arnd Bergmann
  3 siblings, 0 replies; 8+ messages in thread
From: Arnd Bergmann @ 2019-11-08 20:34 UTC (permalink / raw)
  To: y2038, Sudip Mukherjee, Greg Kroah-Hartman
  Cc: linux-kernel, Arnd Bergmann, stable, Bamvor Jian Zhang,
	Michael S. Tsirkin, Thomas Gleixner

Going through the uses of timeval in the user space API,
I noticed two bugs in ppdev that were introduced in the y2038
conversion:

* The range check was accidentally moved from ppsettime to
  ppgettime

* On sparc64, the microseconds are in the other half of the
  64-bit word.

Fix both, and mark the fix for stable backports.

Cc: stable@vger.kernel.org
Fixes: 3b9ab374a1e6 ("ppdev: convert to y2038 safe")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
 drivers/char/ppdev.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/drivers/char/ppdev.c b/drivers/char/ppdev.c
index c86f18aa8985..34bb88fe0b0a 100644
--- a/drivers/char/ppdev.c
+++ b/drivers/char/ppdev.c
@@ -619,20 +619,27 @@ static int pp_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 		if (copy_from_user(time32, argp, sizeof(time32)))
 			return -EFAULT;
 
+		if ((time32[0] < 0) || (time32[1] < 0))
+			return -EINVAL;
+
 		return pp_set_timeout(pp->pdev, time32[0], time32[1]);
 
 	case PPSETTIME64:
 		if (copy_from_user(time64, argp, sizeof(time64)))
 			return -EFAULT;
 
+		if ((time64[0] < 0) || (time64[1] < 0))
+			return -EINVAL;
+
+		if (IS_ENABLED(CONFIG_SPARC64) && !in_compat_syscall())
+			time64[1] >>= 32;
+
 		return pp_set_timeout(pp->pdev, time64[0], time64[1]);
 
 	case PPGETTIME32:
 		jiffies_to_timespec64(pp->pdev->timeout, &ts);
 		time32[0] = ts.tv_sec;
 		time32[1] = ts.tv_nsec / NSEC_PER_USEC;
-		if ((time32[0] < 0) || (time32[1] < 0))
-			return -EINVAL;
 
 		if (copy_to_user(argp, time32, sizeof(time32)))
 			return -EFAULT;
@@ -643,8 +650,9 @@ static int pp_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 		jiffies_to_timespec64(pp->pdev->timeout, &ts);
 		time64[0] = ts.tv_sec;
 		time64[1] = ts.tv_nsec / NSEC_PER_USEC;
-		if ((time64[0] < 0) || (time64[1] < 0))
-			return -EINVAL;
+
+		if (IS_ENABLED(CONFIG_SPARC64) && !in_compat_syscall())
+			time64[1] <<= 32;
 
 		if (copy_to_user(argp, time64, sizeof(time64)))
 			return -EFAULT;
-- 
2.20.0


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH 8/8] Input: input_event: fix struct padding on sparc64
       [not found] <20191108203435.112759-1-arnd@arndb.de>
                   ` (2 preceding siblings ...)
  2019-11-08 20:34 ` [PATCH 7/8] ppdev: fix PPGETTIME/PPSETTIME ioctls Arnd Bergmann
@ 2019-11-08 20:34 ` Arnd Bergmann
  2019-11-11 18:28   ` Dmitry Torokhov
  3 siblings, 1 reply; 8+ messages in thread
From: Arnd Bergmann @ 2019-11-08 20:34 UTC (permalink / raw)
  To: y2038, Dmitry Torokhov
  Cc: linux-kernel, Arnd Bergmann, sparclinux, David S. Miller, stable,
	Deepa Dinamani, Thomas Gleixner, linux-input

Going through all uses of timeval, I noticed that we screwed up
input_event in the previous attempts to fix it:

The time fields now match between kernel and user space, but
all following fields are in the wrong place.

Add the required padding that is implied by the glibc timeval
definition to fix the layout, and add explicit initialization
to avoid leaking kernel stack data.

Cc: sparclinux@vger.kernel.org
Cc: "David S. Miller" <davem@davemloft.net>
Cc: stable@vger.kernel.org
Fixes: 141e5dcaa735 ("Input: input_event - fix the CONFIG_SPARC64 mixup")
Fixes: 2e746942ebac ("Input: input_event - provide override for sparc64")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
 drivers/input/evdev.c       | 3 +++
 drivers/input/misc/uinput.c | 3 +++
 include/uapi/linux/input.h  | 1 +
 3 files changed, 7 insertions(+)

diff --git a/drivers/input/evdev.c b/drivers/input/evdev.c
index d7dd6fcf2db0..24a90793caf0 100644
--- a/drivers/input/evdev.c
+++ b/drivers/input/evdev.c
@@ -228,6 +228,9 @@ static void __pass_event(struct evdev_client *client,
 						event->input_event_sec;
 		client->buffer[client->tail].input_event_usec =
 						event->input_event_usec;
+#ifdef CONFIG_SPARC64
+		client->buffer[client->tail].__pad = 0;
+#endif
 		client->buffer[client->tail].type = EV_SYN;
 		client->buffer[client->tail].code = SYN_DROPPED;
 		client->buffer[client->tail].value = 0;
diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
index 84051f20b18a..1d8c09e9fd47 100644
--- a/drivers/input/misc/uinput.c
+++ b/drivers/input/misc/uinput.c
@@ -80,6 +80,9 @@ static int uinput_dev_event(struct input_dev *dev,
 	ktime_get_ts64(&ts);
 	udev->buff[udev->head].input_event_sec = ts.tv_sec;
 	udev->buff[udev->head].input_event_usec = ts.tv_nsec / NSEC_PER_USEC;
+#ifdef CONFIG_SPARC64
+	udev->buff[udev->head].__pad = 0;
+#endif
 	udev->head = (udev->head + 1) % UINPUT_BUFFER_SIZE;
 
 	wake_up_interruptible(&udev->waitq);
diff --git a/include/uapi/linux/input.h b/include/uapi/linux/input.h
index f056b2a00d5c..9a61c28ed3ae 100644
--- a/include/uapi/linux/input.h
+++ b/include/uapi/linux/input.h
@@ -34,6 +34,7 @@ struct input_event {
 	__kernel_ulong_t __sec;
 #if defined(__sparc__) && defined(__arch64__)
 	unsigned int __usec;
+	unsigned int __pad;
 #else
 	__kernel_ulong_t __usec;
 #endif
-- 
2.20.0


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH 1/8] y2038: timex: remove incorrect time_t truncation
  2019-11-08 20:34 ` [PATCH 1/8] y2038: timex: remove incorrect time_t truncation Arnd Bergmann
@ 2019-11-10 20:44   ` Deepa Dinamani
  2019-11-12  7:16   ` [tip: timers/urgent] ntp/y2038: Remove " tip-bot2 for Arnd Bergmann
  1 sibling, 0 replies; 8+ messages in thread
From: Deepa Dinamani @ 2019-11-10 20:44 UTC (permalink / raw)
  To: Arnd Bergmann
  Cc: y2038 Mailman List, John Stultz, Thomas Gleixner,
	Linux Kernel Mailing List, # 3.4.x, alpha,
	Linux Network Devel Mailing List, Stephen Boyd

Thanks for fixing the bug.

Acked-by: Deepa Dinamani <deepa.kernel@gmail.com>

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH 8/8] Input: input_event: fix struct padding on sparc64
  2019-11-08 20:34 ` [PATCH 8/8] Input: input_event: fix struct padding on sparc64 Arnd Bergmann
@ 2019-11-11 18:28   ` Dmitry Torokhov
  2019-11-11 19:18     ` Arnd Bergmann
  0 siblings, 1 reply; 8+ messages in thread
From: Dmitry Torokhov @ 2019-11-11 18:28 UTC (permalink / raw)
  To: Arnd Bergmann
  Cc: y2038, linux-kernel, sparclinux, David S. Miller, stable,
	Deepa Dinamani, Thomas Gleixner, linux-input

Hi Arnd,

On Fri, Nov 08, 2019 at 09:34:31PM +0100, Arnd Bergmann wrote:
> Going through all uses of timeval, I noticed that we screwed up
> input_event in the previous attempts to fix it:
> 
> The time fields now match between kernel and user space, but
> all following fields are in the wrong place.
> 
> Add the required padding that is implied by the glibc timeval
> definition to fix the layout, and add explicit initialization
> to avoid leaking kernel stack data.
> 
> Cc: sparclinux@vger.kernel.org
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: stable@vger.kernel.org
> Fixes: 141e5dcaa735 ("Input: input_event - fix the CONFIG_SPARC64 mixup")
> Fixes: 2e746942ebac ("Input: input_event - provide override for sparc64")
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> ---
>  drivers/input/evdev.c       | 3 +++
>  drivers/input/misc/uinput.c | 3 +++
>  include/uapi/linux/input.h  | 1 +
>  3 files changed, 7 insertions(+)
> 
> diff --git a/drivers/input/evdev.c b/drivers/input/evdev.c
> index d7dd6fcf2db0..24a90793caf0 100644
> --- a/drivers/input/evdev.c
> +++ b/drivers/input/evdev.c
> @@ -228,6 +228,9 @@ static void __pass_event(struct evdev_client *client,
>  						event->input_event_sec;
>  		client->buffer[client->tail].input_event_usec =
>  						event->input_event_usec;
> +#ifdef CONFIG_SPARC64
> +		client->buffer[client->tail].__pad = 0;
> +#endif
>  		client->buffer[client->tail].type = EV_SYN;
>  		client->buffer[client->tail].code = SYN_DROPPED;
>  		client->buffer[client->tail].value = 0;

I do not like ifdefs here, do you think we could write:

		client->buffer[client->tail] = (struct input_event) {
			.input_event_sec = event->input_event_sec,
			.input_event_usec = event->input_event_usec,
			.type = EV_SYN,
			.code = SYN_DROPPED,
		};

to ensure all padded fields are initialized? This is not hot path as we
do not expect queue to overfill too often.

Thanks.

-- 
Dmitry

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH 8/8] Input: input_event: fix struct padding on sparc64
  2019-11-11 18:28   ` Dmitry Torokhov
@ 2019-11-11 19:18     ` Arnd Bergmann
  0 siblings, 0 replies; 8+ messages in thread
From: Arnd Bergmann @ 2019-11-11 19:18 UTC (permalink / raw)
  To: Dmitry Torokhov
  Cc: y2038 Mailman List, linux-kernel, sparclinux, David S. Miller,
	# 3.4.x, Deepa Dinamani, Thomas Gleixner,
	open list:HID CORE LAYER

On Mon, Nov 11, 2019 at 7:28 PM Dmitry Torokhov
<dmitry.torokhov@gmail.com> wrote:

> I do not like ifdefs here, do you think we could write:
>
>                 client->buffer[client->tail] = (struct input_event) {
>                         .input_event_sec = event->input_event_sec,
>                         .input_event_usec = event->input_event_usec,
>                         .type = EV_SYN,
>                         .code = SYN_DROPPED,
>                 };
>
> to ensure all padded fields are initialized? This is not hot path as we
> do not expect queue to overfill too often.

Good idea, changed both instances now. Thanks for taking a look!

      Arnd

^ permalink raw reply	[flat|nested] 8+ messages in thread

* [tip: timers/urgent] ntp/y2038: Remove incorrect time_t truncation
  2019-11-08 20:34 ` [PATCH 1/8] y2038: timex: remove incorrect time_t truncation Arnd Bergmann
  2019-11-10 20:44   ` Deepa Dinamani
@ 2019-11-12  7:16   ` " tip-bot2 for Arnd Bergmann
  1 sibling, 0 replies; 8+ messages in thread
From: tip-bot2 for Arnd Bergmann @ 2019-11-12  7:16 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: Arnd Bergmann, Thomas Gleixner, stable, Ingo Molnar,
	Borislav Petkov, linux-kernel

The following commit has been merged into the timers/urgent branch of tip:

Commit-ID:     2f5841349df281ecf8f81cc82d869b8476f0db0b
Gitweb:        https://git.kernel.org/tip/2f5841349df281ecf8f81cc82d869b8476f0db0b
Author:        Arnd Bergmann <arnd@arndb.de>
AuthorDate:    Fri, 08 Nov 2019 21:34:24 +01:00
Committer:     Thomas Gleixner <tglx@linutronix.de>
CommitterDate: Tue, 12 Nov 2019 08:13:44 +01:00

ntp/y2038: Remove incorrect time_t truncation

A cast to 'time_t' was accidentally left in place during the
conversion of __do_adjtimex() to 64-bit timestamps, so the
resulting value is incorrectly truncated.

Remove the cast so the 64-bit time gets propagated correctly.

Fixes: ead25417f82e ("timex: use __kernel_timex internally")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20191108203435.112759-2-arnd@arndb.de

---
 kernel/time/ntp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c
index 65eb796..069ca78 100644
--- a/kernel/time/ntp.c
+++ b/kernel/time/ntp.c
@@ -771,7 +771,7 @@ int __do_adjtimex(struct __kernel_timex *txc, const struct timespec64 *ts,
 	/* fill PPS status fields */
 	pps_fill_timex(txc);
 
-	txc->time.tv_sec = (time_t)ts->tv_sec;
+	txc->time.tv_sec = ts->tv_sec;
 	txc->time.tv_usec = ts->tv_nsec;
 	if (!(time_status & STA_NANO))
 		txc->time.tv_usec = ts->tv_nsec / NSEC_PER_USEC;

^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, back to index

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <20191108203435.112759-1-arnd@arndb.de>
2019-11-08 20:34 ` [PATCH 1/8] y2038: timex: remove incorrect time_t truncation Arnd Bergmann
2019-11-10 20:44   ` Deepa Dinamani
2019-11-12  7:16   ` [tip: timers/urgent] ntp/y2038: Remove " tip-bot2 for Arnd Bergmann
2019-11-08 20:34 ` [PATCH 6/8] lp: fix sparc64 LPSETTIMEOUT ioctl Arnd Bergmann
2019-11-08 20:34 ` [PATCH 7/8] ppdev: fix PPGETTIME/PPSETTIME ioctls Arnd Bergmann
2019-11-08 20:34 ` [PATCH 8/8] Input: input_event: fix struct padding on sparc64 Arnd Bergmann
2019-11-11 18:28   ` Dmitry Torokhov
2019-11-11 19:18     ` Arnd Bergmann

Stable Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/stable/0 stable/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 stable stable/ https://lore.kernel.org/stable \
		stable@vger.kernel.org
	public-inbox-index stable

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.stable


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git