| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 08 Oct 2013 12:08:33 +0200
From: Marc Kleine-Budde <mkl@...gutronix.de>
To: Uwe Kleine-König
<u.kleine-koenig@...gutronix.de>
CC: Thomas Gleixner <tglx@...utronix.de>,
Russell King - ARM Linux <linux@....linux.org.uk>,
nicolas.ferre@...el.com, linux-kernel@...r.kernel.org,
Marc Pignat <marc.pignat@...s.ch>,
Ludovic Desroches <ludovic.desroches@...el.com>,
john.stultz@...aro.org, kernel@...gutronix.de,
Ronald Wahl <ronald.wahl@...itan.com>,
LAK <linux-arm-kernel@...ts.infradead.org>
Subject: Re: [PATCH v2] clockevents: Sanitize ticks to nsec conversion
On 09/24/2013 09:50 PM, Uwe Kleine-König wrote:
> From: Thomas Gleixner <tglx@...utronix.de>
>
> Marc Kleine-Budde pointed out, that commit 77cc982 "clocksource: use
> clockevents_config_and_register() where possible" caused a regression
> for some of the converted subarchs.
>
> The reason is, that the clockevents core code converts the minimal
> hardware tick delta to a nanosecond value for core internal
> usage. This conversion is affected by integer math rounding loss, so
> the backwards conversion to hardware ticks will likely result in a
> value which is less than the configured hardware limitation. The
> affected subarchs used their own workaround (SIGH!) which got lost in
> the conversion.
>
> The solution for the issue at hand is simple: adding evt->mult - 1 to
> the shifted value before the integer divison in the core conversion
> function takes care of it. But this only works for the case where for
> the scaled math mult/shift pair "mult <= 1 << shift" is true. For the
> case where "mult > 1 << shift" we can apply the rounding add only for
> the minimum delta value to make sure that the backward conversion is
> not less than the given hardware limit. For the upper bound we need to
> omit the rounding add, because the backwards conversion is always
> larger than the original latch value. That would violate the upper
> bound of the hardware device.
>
> Though looking closer at the details of that function reveals another
> bogosity: The upper bounds check is broken as well. Checking for a
> resulting "clc" value greater than KTIME_MAX after the conversion is
> pointless. The conversion does:
>
> u64 clc = (latch << evt->shift) / evt->mult;
>
> So there is no sanity check for (latch << evt->shift) exceeding the
> 64bit boundary. The latch argument is "unsigned long", so on a 64bit
> arch the handed in argument could easily lead to an unnoticed shift
> overflow. With the above rounding fix applied the calculation before
> the divison is:
>
> u64 clc = (latch << evt->shift) + evt->mult - 1;
>
> So we need to make sure, that neither the shift nor the rounding add
> is overflowing the u64 boundary.
>
> Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
> Cc: Russell King - ARM Linux <linux@....linux.org.uk>
> Cc: Marc Kleine-Budde <mkl@...gutronix.de>
> Cc: nicolas.ferre@...el.com
> Cc: Marc Pignat <marc.pignat@...s.ch>
> Cc: john.stultz@...aro.org
> Cc: kernel@...gutronix.de
> Cc: Ronald Wahl <ronald.wahl@...itan.com>
> Cc: LAK <linux-arm-kernel@...ts.infradead.org>
> Cc: Ludovic Desroches <ludovic.desroches@...el.com>
> [ukl: move assignment to rnd after eventually changing mult, fix build
> issue and correct comment with the right math]
> Signed-off-by: Uwe Kleine-König <u.kleine-koenig@...gutronix.de>
What's the status of this patch?
Marc
--
Pengutronix e.K. | Marc Kleine-Budde |
Industrial Linux Solutions | Phone: +49-231-2826-924 |
Vertretung West/Dortmund | Fax: +49-5121-206917-5555 |
Amtsgericht Hildesheim, HRA 2686 | http://www.pengutronix.de |
Download attachment "signature.asc" of type "application/pgp-signature" (260 bytes)
Powered by blists - more mailing lists