lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1250238987.16632.34.camel@fnki-nb00130>
Date:	Fri, 14 Aug 2009 10:36:27 +0200
From:	Jens Rosenboom <jens@...one.net>
To:	Jan Wagner <jwagner@...p.hut.fi>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: 32-bit sys/times.h incorrect return value (fwd)

On Thu, 2009-08-13 at 18:32 +0300, Jan Wagner wrote: 
> Hi,
> 
> we see times() return a really large positive value like 0x66693CF1 i.e. 
> signed int32 +1718172913 just a few minutes after booting.
> 
> Note that clock_gettime(CLOCK_MONOTONIC) works correctly and returns the 
> uptime. While times() +1718172913/100Hz time is in no relation to uptime.
> 
> Checking 'man 2 times': "Since Linux 2.6, this point is (2^32/HZ) - 300 (i.e., 
> about 429 million) seconds before system boot time. [...] the returned value 
> may overflow the range of clock_t [...]"
> 
> Hence in theory on a 32-bit platform where clock_t is signed 32-bit, at first 
> times() should return negative values.
> 
> Then 300 seconds later they should become positive. Correct?
> 
> This should also happen via glibc times() call. There the times()
>    ./sysdeps/unix/sysv/linux/times.c
> simply does
>    clock_t ret = INTERNAL_SYSCALL (times, err, 1, buf);
> with no extra "+- some constant".
> 
> In the kernel all jiffies and times syscall related handling is 64-bit:
> 
> ---------
> amn@...tics:/home/etu/Desktop/linux-2.6.30.3/include$ fgrep INITIAL_JIFFIES
> linux/jiffies.h:#define INITIAL_JIFFIES ((unsigned long)(unsigned int) 
> (-300*HZ))
> 
> kernel/sys.c:   return (long) jiffies_64_to_clock_t(get_jiffies_64());
> 
> kernel/time.c:u64 get_jiffies_64(void)
> kernel/time.c:          ret = jiffies_64;
> ---------
> 
> On 32-bit platforms and signed int32 clock_t it should take at least
> 
> octave:1>  2^31/(24*60*60 * 100)
> ans =  248.55
> octave:2>  (2^31/100 - 300)/(24*60*60)
> ans =  248.55
> 
> days until the positive times() return value wraps back to smallest negative 
> signed 32-bit int.
> 
> However, two bugs(?) :
> 
> 1) times() return value after 1080 'uptime' seconds is 0x66693CF1, why?
> 
> Expected value would be (1080-300)*100Hz = 78000 = 0x000130B0 !
> 
> 2) the times() wraps to negative only after 50 days uptime. Following the 
> intention of INITIAL_JIFFIES, how is this 50-day warp supposed to reveal 
> wrapping bugs right at 300 seconds after boot?
> 
> 2) on 64-bit platforms, clock_t is 64-bit. There times() does not wrap after 50 
> days, however it still starts at 0x000000006669**** !?

1718172913 * 2.5 is pretty close to 2^32, so I assume that you have
CONFIG_HZ=250. With CONFIG_HZ=300 I am getting something like 1431542881
instead which is close to 2^32/3. I'm not sure though where the wrong
initial value comes from, maybe the INITIAL_JIFFIES definition uses the
wrong HZ value.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ