lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170626041334.GZ10672@ZenIV.linux.org.uk>
Date:   Mon, 26 Jun 2017 05:13:34 +0100
From:   Al Viro <viro@...IV.linux.org.uk>
To:     Deepa Dinamani <deepa.kernel@...il.com>
Cc:     tglx@...utronix.de, linux-kernel@...r.kernel.org,
        john.stultz@...aro.org, nicolas.pitre@...aro.org, arnd@...db.de,
        y2038@...ts.linaro.org, linux-fsdevel@...r.kernel.org,
        netdev@...r.kernel.org
Subject: Re: [PATCH v3 0/7] Isolate time_t data types for clock/timer syscalls

On Mon, Jun 26, 2017 at 03:35:25AM +0100, Al Viro wrote:
> On Sat, Jun 24, 2017 at 11:45:01AM -0700, Deepa Dinamani wrote:
> > The series aims at isolating data conversions of time_t based structures:
> > struct timespec and struct itimerspec at user space boundaries.
> > This helps to later change the underlying types to handle y2038 changes
> > to these.
> 
> Nice...  A few questions:
> 
> * what about setitimer(2)?  Right now that's the only remaining user of
> get_compat_itimerval(); similar for getitimer(2) and put_compat_itimerval().
> 
> * you have two callers of get_compat_itimerspec64(); one is followed by
> itimerspec64_valid(), another - by its open-coded analogue.  The same
> goes for get_itimerspec64(); wouldn't it be better to have both check
> the validity immediately and simply fail with -EINVAL?  Matter of taste,
> but...
> 
> * should __sys_recvmmsg() switch to timespec64?

While we are at it - do we need any locking for accesses of ->sk_stamp?
	* ax25, ipx, netrom, qrtr: sock_get_timestamp() done under lock_sock().
	* bluetooth: without (and case next door in the same switch is
grabbing/dropping lock_sock, so it's not held by caller either)
	* ipv4, ipv6, packet, can: without
	* irda: without, checks for NULL sock->sk for some reason (other
cases do not, so if we ever get there with NULL ->sk, we are fucked).
Incidentally, TIOCINQ in there looks fishy - what's to prevent us from
losing CPU just as skb_peek() returns, with skb getting freed by the
time we regain it and go looking at skb->len?  Don't we need at least
to hold ->lock on queue we are peeking into?
	* rose: without, and TIOCINQ there looks similar to irda one
	* x25: without, with the same odd check for NULL sock->sk
	* atm: without, apparently.  Same unprotected skb_peek() on
TIOCINQ...
	* atalk: ditto.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ