lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1261430174.5293.43.camel@localhost.localdomain>
Date:	Mon, 21 Dec 2009 13:16:14 -0800
From:	john stultz <johnstul@...ibm.com>
To:	Petr Titěra <petr@...era.eu>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: Wrong atime on recent kernels

On Mon, 2009-12-21 at 00:31 +0100, Petr Titěra wrote: 
> Petr Titěra napsal(a):
> > john stultz napsal(a):
> >> Let me know if you find anything that helps narrow this down.
> >>
> >
> > I know its far fetched, but is there something what is preventing 
> > xtime.tv_nsec to be exactly 999999999 near the end of update_wall_time 
> > in kernel/time/timekeeping.c?
> >
> Just to follow up. I'm asking because I see a lot of files with access 
> and/or modify times near the top of thousanth of second (see 
> `/etc/sysconfig/prelink' in my example) and I thing that addition of 1 
> to xtime.tv_nsec ath the end of update_wall_time can 'owerflow' to whole 
> second.


Oof! Yikes.

Yea, the sub-nanosecond rounding fix we added quite awhile back indeed
opens a hole where xtime.tv_nsec could be exactly 1sec. Good eye!

Of course, most of the timekeeping accessors handle this properly by
normalizing the timespec before returning, so its likely just users of
current_kernel_time() and direct accessors of xtime that might be bitten
here. 

And this probably was obscured before because the xtime_cache() was
normalized. Did you verify that reverting that patch I pointed you to
resolves the issue? If not, please do, so we can get this fixed up.

Now I'm a little baffled why you see it all the time on your boxes. For
this to trigger, you have to have an interrupt in the last ns of a
second, and then the window for these odd filesystem stamps is only open
for 1-10ms.

Sigh. Once we get the last of the non GENERIC_TIME arches converted to
arch_gettimeoffset, we can kill all of those rounding hacks and just
manage the sub-nanosecond portion sanely. I'm looking forward to that
day!


So again, Bravo on catching this!

thanks
-john

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ