lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20171110152530.1926955-1-arnd@arndb.de>
Date:   Fri, 10 Nov 2017 16:25:04 +0100
From:   Arnd Bergmann <arnd@...db.de>
To:     Kees Cook <keescook@...omium.org>,
        Thomas Gleixner <tglx@...utronix.de>
Cc:     Arnd Bergmann <arnd@...db.de>, Anton Vorontsov <anton@...msg.org>,
        Colin Cross <ccross@...roid.com>,
        Tony Luck <tony.luck@...el.com>,
        John Stultz <john.stultz@...aro.org>,
        Stephen Boyd <sboyd@...eaurora.org>,
        Ingo Molnar <mingo@...nel.org>, linux-kernel@...r.kernel.org
Subject: [PATCH] [v2] pstore: use ktime_get_real_fast_ns() instead of __getnstimeofday()

I noticed that __getnstimeofday() is a rather odd interface, with
a number of quirks:

- The caller may come from NMI context, but the implementation is not NMI safe,
  one way to get there from NMI is

      NMI handler:
        something bad
          panic()
            kmsg_dump()
              pstore_dump()
                 pstore_record_init()
                   __getnstimeofday()

- The calling conventions are different from any other timekeeping functions,
  to deal with returning an error code during suspended timekeeping.
- The naming doesn't fit into the 'ktime_get_*()' scheme.

This addresses the above issues by using a completely different
method to get the time: ktime_get_real_fast_ns() is NMI safe and
has a reasonable behavior when timekeeping is suspended: it returns
the time at which it got suspended.
We can easily transform the result into a timespec structure. Since
ktime_get_real_fast_ns() was not exported to modules, I also add the
export.

The behavior for the suspended case changes slightly, we now return the
time if we can find it out rather than setting it to zero. As Thomas
Gleixner explained, this is still safe, as we won't attempt to
call into the clocksource driver that might be suspended

I'm not trying to address y2038-safety at this point, but plan to
do that later with a more complex patch.

Cc: Kees Cook <keescook@...omium.org>
Signed-off-by: Arnd Bergmann <arnd@...db.de>
---
v2: improved changelog
---
 fs/pstore/platform.c      | 5 +----
 kernel/time/timekeeping.c | 1 +
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/fs/pstore/platform.c b/fs/pstore/platform.c
index e3c1332dfb4c..423159abd501 100644
--- a/fs/pstore/platform.c
+++ b/fs/pstore/platform.c
@@ -482,10 +482,7 @@ void pstore_record_init(struct pstore_record *record,
 	record->psi = psinfo;
 
 	/* Report zeroed timestamp if called before timekeeping has resumed. */
-	if (__getnstimeofday(&record->time)) {
-		record->time.tv_sec = 0;
-		record->time.tv_nsec = 0;
-	}
+	record->time = ns_to_timespec(ktime_get_real_fast_ns());
 }
 
 /*
diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
index af139aa615ca..8f0d1857b78d 100644
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -536,6 +536,7 @@ u64 ktime_get_coarse_real_fast_ns(void)
 {
 	return __ktime_get_real_fast_ns(&tk_fast_mono, true);
 }
+EXPORT_SYMBOL_GPL(ktime_get_real_fast_ns);
 
 /**
  * halt_fast_timekeeper - Prevent fast timekeeper from accessing clocksource.
-- 
2.9.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ