lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4B30EAA8.5070004@century.cz>
Date:	Tue, 22 Dec 2009 16:50:00 +0100
From:	Petr Titěra <P.Titera@...tury.cz>
To:	john stultz <johnstul@...ibm.com>
CC:	linux-kernel@...r.kernel.org
Subject: Re: Wrong atime on recent kernels

john stultz napsal(a):
> On Mon, 2009-12-21 at 00:31 +0100, Petr Titěra wrote: 
>   
>> Petr Titěra napsal(a):
>>     
>>> john stultz napsal(a):
>>>       
>>>> Let me know if you find anything that helps narrow this down.
>>>>
>>>>         
>>> I know its far fetched, but is there something what is preventing 
>>> xtime.tv_nsec to be exactly 999999999 near the end of update_wall_time 
>>> in kernel/time/timekeeping.c?
>>>
>>>       
>> Just to follow up. I'm asking because I see a lot of files with access 
>> and/or modify times near the top of thousanth of second (see 
>> `/etc/sysconfig/prelink' in my example) and I thing that addition of 1 
>> to xtime.tv_nsec ath the end of update_wall_time can 'owerflow' to whole 
>> second.
>>     
>
>
> Oof! Yikes.
>
> Yea, the sub-nanosecond rounding fix we added quite awhile back indeed
> opens a hole where xtime.tv_nsec could be exactly 1sec. Good eye!
>
> Of course, most of the timekeeping accessors handle this properly by
> normalizing the timespec before returning, so its likely just users of
> current_kernel_time() and direct accessors of xtime that might be bitten
> here. 
>
> And this probably was obscured before because the xtime_cache() was
> normalized. Did you verify that reverting that patch I pointed you to
> resolves the issue? If not, please do, so we can get this fixed up.
>
>   
I can confirm that I was not able to see any of those error after I've 
reverted that patch. But I was not able to repliace this at will. 
Considering that first files with this kind of error started to appear 
just about the time your patch went in I would propose that your 
explanation is plausible.

> Now I'm a little baffled why you see it all the time on your boxes. For
> this to trigger, you have to have an interrupt in the last ns of a
> second, and then the window for these odd filesystem stamps is only open
> for 1-10ms.
>
>   
I think my computer for some unknow reason had better chance of it. This 
is snip from filtered and sorted stats of files on my disk:

Access: 2009-12-16 21:51:55.659999999 +0100
Access: 2009-12-16 21:51:55.632000000 +0100
Access: 2009-12-16 21:51:55.552000004 +0100
Access: 2009-12-16 21:51:55.512000003 +0100
Access: 2009-12-16 21:51:55.436000005 +0100
Access: 2009-12-16 21:51:55.432000009 +0100
Access: 2009-12-16 21:51:55.363999951 +0100
Access: 2009-12-16 21:51:55.295999930 +0100
Access: 2009-12-16 21:51:55.287999689 +0100
Access: 2009-12-16 21:51:54.703999875 +0100
Access: 2009-12-16 21:51:54.683999001 +0100
Access: 2009-12-16 21:48:32.844000001 +0100
Access: 2009-12-16 21:48:31.375999999 +0100
Access: 2009-12-16 21:48:31.344000000 +0100
Access: 2009-12-16 21:48:31.047999999 +0100
Access: 2009-12-16 21:48:31.028000002 +0100
Access: 2009-12-16 21:48:31.015999998 +0100
Access: 2009-12-16 21:48:31.015999998 +0100

You see that in my case nanosecond times are sometimes oscilating 
withing edge of full milisecond. The sub millisecond part of time is 
mostly farr off of it.

Petr

> Sigh. Once we get the last of the non GENERIC_TIME arches converted to
> arch_gettimeoffset, we can kill all of those rounding hacks and just
> manage the sub-nanosecond portion sanely. I'm looking forward to that
> day!
>
>
> So again, Bravo on catching this!
>
> thanks
> -john
>
>
>
> __________ Informace od ESET Smart Security, verze databaze 4709 (20091222) __________
>
> Tuto zpravu proveril ESET Smart Security.
>
> http://www.eset.cz
>
>
>   



__________ Informace od ESET Smart Security, verze databaze 4709 (20091222) __________

Tuto zpravu proveril ESET Smart Security.

http://www.eset.cz


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ