| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Nov 2019 13:33:17 +0100
From: "H. Nikolaus Schaller" <hns@...delico.com>
To: Vincenzo Frascino <vincenzo.frascino@....com>
Cc: Ralf Baechle <ralf@...ux-mips.org>,
Paul Burton <paul.burton@...s.com>, linux-mips@...r.kernel.org,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
MIPS Creator CI20 Development
<mips-creator-ci20-dev@...glegroups.com>,
Discussions about the Letux Kernel
<letux-kernel@...nphoenux.org>
Subject: Re: MIPS: bug: gettimeofday syscall broken on CI20 board
Hi Vincenzo,
> Am 28.11.2019 um 13:21 schrieb Vincenzo Frascino <vincenzo.frascino@....com>:
>
> On 28/11/2019 12:11, H. Nikolaus Schaller wrote:
>>
>>> Am 28.11.2019 um 12:51 schrieb Vincenzo Frascino <vincenzo.frascino@....com>:
>>>
>>> Hi Nikolaus,
>>>
>>> On 27/11/2019 13:53, H. Nikolaus Schaller wrote:
>>> [...]
>>>
>>>>> vdso_data and mips_vdso_data before are not part of the ABI hence they are not
>>>>> bind by a contract with the userspace.
>>>>>
>>>>> This means that they can change at any point and if a userspace software relies
>>>>> on a specific layout of these data structures is doing something wrong.
>>>>
>>>> Maybe the libs are clever enough to find that out dynamically but I have no
>>>> idea about how gettimeofday() and user-space VDSO is implemented to handle such
>>>> changes.
>>>>
>>> As I said userspace applications and libraries should not rely on the layout of
>>> vdso_data because this is not part of the ABI.
>>>
>>> The only thing that userspace requires is to "know" that gettimeofday() exists,
>>> than it is gettimeofday() that internally accesses the data structure.
>>
>> Well, with user-space I include the lib that provides the gettimeofday() syscall
>> and reads out the memory region where the VDSO data structure is provided by the
>> kernel. And that part comes from Debian. Somehow it does differently with 4.19
>> than 5.4. So I summarise all non-kernel code with the term "user-space".
>>
>
> The the lib that provides the gettimeofday() changes accordingly with vdso_data.
> 5.4 and 4.19 have 2 different vdso libraries as well.
Yes, that is what I have assumed what happens. How do these libs go into an existing
and working root-file-system with Debian Stretch?
Is it part of the linux kernel tree so that some make option can build it and we can
install it like kernel modules (sorry for these beginners questions. I never did care
about VDSO before I ran into this problem)?
Is there a mechanism that Debian Stretch knows about the newer library
and can automatically find out which one to install.
This is what I mean with breaking user-space ABI.
Or must the user know about that and do a manual install of the vdso libs from external
sources?
If that is the case there should be at least a CONFIG option to provide the
older vdso_data or the option to completely disable VDSO for gettimeofday()
so that the library falls back to a traditional syscall.
BR and thanks,
Nikolaus
Powered by blists - more mailing lists