lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAFqZXNu4Tk4H3b_FS8=EA5QMi10kEgT22uD=61aDryHp-fXnig@mail.gmail.com>
Date:   Thu, 14 Nov 2019 09:51:52 +0100
From:   Ondrej Mosnacek <omosnace@...hat.com>
To:     Arnd Bergmann <arnd@...db.de>
Cc:     y2038 Mailman List <y2038@...ts.linaro.org>,
        John Stultz <john.stultz@...aro.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Paul Moore <paul@...l-moore.com>,
        Stephen Smalley <sds@...ho.nsa.gov>,
        Eric Paris <eparis@...isplace.org>,
        Linux kernel mailing list <linux-kernel@...r.kernel.org>,
        Stephen Boyd <sboyd@...nel.org>,
        Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
        Ingo Molnar <mingo@...nel.org>,
        Anna-Maria Gleixner <anna-maria@...utronix.de>,
        Al Viro <viro@...iv.linux.org.uk>,
        SElinux list <selinux@...r.kernel.org>
Subject: Re: [PATCH 20/23] y2038: move itimer reset into itimer.c

On Mon, Nov 11, 2019 at 11:58 AM Arnd Bergmann <arnd@...db.de> wrote:
>
> On Sun, Nov 10, 2019 at 12:07 AM Ondrej Mosnacek <omosnace@...hat.com> wrote:
> >
> > On Sat, Nov 9, 2019 at 10:03 PM Arnd Bergmann <arnd@...db.de> wrote:
> > >
> > > On Sat, Nov 9, 2019 at 2:43 PM Ondrej Mosnacek <omosnace@...hat.com> wrote:
> > >
> > > > > -struct itimerval;
> > > > > -extern int do_setitimer(int which, struct itimerval *value,
> > > > > -                       struct itimerval *ovalue);
> > > > > -extern int do_getitimer(int which, struct itimerval *value);
> > > > > +#ifdef CONFIG_POSIX_TIMERS
> > > > > +extern void clear_itimer(void);
> > > > > +#else
> > > > > +static inline void clear_itimer(void) {}
> > > > > +#endif
> > > > >
> > >
> > > > > @@ -249,6 +249,17 @@ int do_setitimer(int which, struct itimerval *value, struct itimerval *ovalue)
> > > > >         return 0;
> > > > >  }
> > > > >
> > > > > +#ifdef CONFIG_SECURITY_SELINUX
> > > >
> > > > Did you mean "#ifdef CONFIG_POSIX_TIMERS" here to match the header?
> > >
> > > No, this part is intentional, CONFIG_POSIX_TIMERS already controls
> > > whether itimer.c is
> > > compiled in the first place, but this function is only needed when called from
> > > the selinux driver.
> >
> > All right, but you declare the function in time.h even if
> > CONFIG_SECURITY_SELINUX is not enabled... it is kind of awkward when
> > it can happen that the function is declared but not defined anywhere
> > (even if it shouldn't be used by new users). Maybe you could at least
> > put the header declaration/definition inside #ifdef
> > CONFIG_SECURITY_SELINUX as well so it is clear that this function is
> > intended for SELinux only?
>
> I don't see that as a problem, we rarely put declarations inside of an #ifdef.
> The main effect that would have is forcing any file that includes linux/time.h
> to be rebuilt when selinux is turned on or off in the .config.

OK, but with this patch if someone tries to use the function
elsewhere, the build will succeed if SELinux is enabled in the config,
but fail if it isn't.  Is that intended?  I would suggest at least
clearly documenting it above the declaration that the function isn't
supposed to be used by new users and doing so will cause build to fail
under CONFIG_SECURITY_SELINUX=n.

--
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ