lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <alpine.DEB.2.20.1706122358240.2152@nanos>
Date:   Tue, 13 Jun 2017 00:01:17 +0200 (CEST)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     Andrei Vagin <avagin@...tuozzo.com>
cc:     tip-bot for Thomas Gleixner <tipbot@...or.com>,
        linux-tip-commits@...r.kernel.org, hpa@...or.com,
        linux-kernel@...r.kernel.org, gorcunov@...nvz.org,
        john.stultz@...aro.org, mingo@...nel.org, peterz@...radead.org
Subject: Re: [tip:timers/core] posix-timers: Zero out oldval itimerspec

On Mon, 12 Jun 2017, Andrei Vagin wrote:
> > diff --git a/kernel/time/posix-timers.c b/kernel/time/posix-timers.c
> > index b53a0b5..88517dc 100644
> > --- a/kernel/time/posix-timers.c
> > +++ b/kernel/time/posix-timers.c
> > @@ -828,6 +828,8 @@ SYSCALL_DEFINE4(timer_settime, timer_t, timer_id, int, flags,
> >  	if (!timespec64_valid(&new_spec64.it_interval) ||
> >  	    !timespec64_valid(&new_spec64.it_value))
> >  		return -EINVAL;
> > +	if (rtn)
> > +		memset(rtn, 0, sizeof(*rtn));
> 
> Maybe we need to call memset after "retry:"?

That would be counter productive.

> common_timer_get() is called at the begining of common_timer_set(), then
> common_timer_set() can return TIMER_RETRY. common_timer_get() will be
> called again and some fields of rtn which have been touched first time
> will not be touched.
> 
> At the end, rtn will contain data from two executions of
> common_timer_get().

No. See the full code sequence:

retry:
        timr = lock_timer(timer_id, &flag);
        if (!timr)
                return -EINVAL;

        kc = clockid_to_kclock(timr->it_clock);
	if (WARN_ON_ONCE(!kc || !kc->timer_set))
                error = -EINVAL;
        else
                error = kc->timer_set(timr, flags, &new_spec64, rtn);

        unlock_timer(timr, flag);
        if (error == TIMER_RETRY) {
                rtn = NULL;     // We already got the old time...
                goto retry;
        }

If you clear it after retry, you'll get all zeros in the retry case. Not
what you really want.

Thanks,

	tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ