lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 18 Jun 2018 17:47:37 +0200
From:   Ard Biesheuvel <ard.biesheuvel@...aro.org>
To:     Arnd Bergmann <arnd@...db.de>
Cc:     y2038@...ts.linaro.org, Tyler Baicar <tbaicar@...eaurora.org>,
        Will Deacon <will.deacon@....com>,
        Ingo Molnar <mingo@...nel.org>, Borislav Petkov <bp@...e.de>,
        Yazen Ghannam <yazen.ghannam@....com>,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        gengdongjiu <gengdongjiu@...wei.com>,
        linux-efi <linux-efi@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] efi: cper: avoid using get_seconds()

On 18 June 2018 at 16:17, Arnd Bergmann <arnd@...db.de> wrote:
> get_seconds() is deprecated because of the 32-bit time overflow
> in y2038/y2106 on 32-bit architectures. The way it is used in
> cper_next_record_id() causes an overflow in 2106 when unsigned UTC
> seconds overflow, even on 64-bit architectures.
>
> This starts using ktime_get_real_seconds() to give us more than 32 bits
> of timestamp on all architectures, and then changes the algorithm to use
> 39 bits for the timestamp after the y2038 wrap date, plus an always-1
> bit at the top. This gives us another 127 epochs of 136 years, with
> strictly monotonically increasing sequence numbers across boots.
>
> This is almost certainly overkill, but seems better than just extending
> the deadline from 2038 to 2106.
>
> Signed-off-by: Arnd Bergmann <arnd@...db.de>
> ---
>  drivers/firmware/efi/cper.c | 17 +++++++++++++++--
>  1 file changed, 15 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/firmware/efi/cper.c b/drivers/firmware/efi/cper.c
> index 3bf0dca378a6..b73fc4cab083 100644
> --- a/drivers/firmware/efi/cper.c
> +++ b/drivers/firmware/efi/cper.c
> @@ -48,8 +48,21 @@ u64 cper_next_record_id(void)
>  {
>         static atomic64_t seq;
>
> -       if (!atomic64_read(&seq))
> -               atomic64_set(&seq, ((u64)get_seconds()) << 32);
> +       if (!atomic64_read(&seq)) {
> +               time64_t time = ktime_get_real_seconds();
> +
> +               /*
> +                * This code is unlikely to still be needed in year 2106,
> +                * but just in case, let's use a few more bits for timestamps
> +                * after y2038 to be sure they keep increasing monotonically
> +                * for the next few hundred years...
> +                */
> +               if (time < 0x80000000)
> +                       atomic64_set(&seq, (ktime_get_real_seconds()) << 32);
> +               else
> +                       atomic64_set(&seq, 0x8000000000000000ull |
> +                                          ktime_get_real_seconds() << 24);
> +       }

Given that these values are never decoded and interpreted as
timestamps, can't we simply switch to the second flavour immediately?

>
>         return atomic64_inc_return(&seq);
>  }
> --
> 2.9.0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ