lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190723094809.GE4832@uranus.lan>
Date:   Tue, 23 Jul 2019 12:48:09 +0300
From:   Cyrill Gorcunov <gorcunov@...il.com>
To:     Yang Xu <xuyang2018.jy@...fujitsu.com>
Cc:     akpm@...ux-foundation.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] sys_prctl(): simplify arg2 judgment when calling
 PR_SET_TIMERSLACK

On Tue, Jul 23, 2019 at 04:11:09PM +0800, Yang Xu wrote:
> > 2) according to man page passing negative value should be acceptable,
> >     though it never worked as expected. I've been grepping "git log"
> >     for this file and the former API is coming from
> > 
> > commit 6976675d94042fbd446231d1bd8b7de71a980ada
> > Author: Arjan van de Ven<arjan@...ux.intel.com>
> > Date:   Mon Sep 1 15:52:40 2008 -0700
> > 
> >      hrtimer: create a "timer_slack" field in the task struct
> > 
> > which is 11 years old by now. Nobody complained so far even when man
> > page is saying pretty obviously
> > 
> >         PR_SET_TIMERSLACK (since Linux 2.6.28)
> >                Each thread has two associated timer slack values:  a  "default"
> >                value, and a "current" value.  This operation sets the "current"
> >                timer slack value for the calling  thread.   If  the  nanosecond
> >                value  supplied in arg2 is greater than zero, then the "current"
> >                value is set to this value.  If arg2 is less than  or  equal  to
> >                zero,  the  "current"  timer  slack  is  reset  to  the thread's
> >                "default" timer slack value.
> > 
> > So i think to match the man page (and assuming that accepting negative value
> > has been supposed) we should rather do
> > 
> > 	if ((long)arg2<  0)
> Looks correct. But if we set a ULONG_MAX(PR_GET_TIMERSLACK also limits ULONG_MAX)
> value(about 4s) on 32bit machine, this code will think this value is a negative value and use default value.
> 
> I guess man page was written as "less than or equal to zero" because of this confusing code(arg2<=0, but arg2
> is an unsinged long value).
> I think we can change this man page and also add bounds value description.

OK, seems reasonable. I think we should use comparision with zero
and simply update a man page.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ