lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <D1CE4D1E-9A42-4FAE-90A9-615C38B979C0@goldelico.com>
Date:   Thu, 28 Nov 2019 13:33:17 +0100
From:   "H. Nikolaus Schaller" <hns@...delico.com>
To:     Vincenzo Frascino <vincenzo.frascino@....com>
Cc:     Ralf Baechle <ralf@...ux-mips.org>,
        Paul Burton <paul.burton@...s.com>, linux-mips@...r.kernel.org,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        MIPS Creator CI20 Development 
        <mips-creator-ci20-dev@...glegroups.com>,
        Discussions about the Letux Kernel 
        <letux-kernel@...nphoenux.org>
Subject: Re: MIPS: bug: gettimeofday syscall broken on CI20 board

Hi Vincenzo,

> Am 28.11.2019 um 13:21 schrieb Vincenzo Frascino <vincenzo.frascino@....com>:
> 
> On 28/11/2019 12:11, H. Nikolaus Schaller wrote:
>> 
>>> Am 28.11.2019 um 12:51 schrieb Vincenzo Frascino <vincenzo.frascino@....com>:
>>> 
>>> Hi Nikolaus,
>>> 
>>> On 27/11/2019 13:53, H. Nikolaus Schaller wrote:
>>> [...]
>>> 
>>>>> vdso_data and mips_vdso_data before are not part of the ABI hence they are not
>>>>> bind by a contract with the userspace.
>>>>> 
>>>>> This means that they can change at any point and if a userspace software relies
>>>>> on a specific layout of these data structures is doing something wrong.
>>>> 
>>>> Maybe the libs are clever enough to find that out dynamically but I have no
>>>> idea about how gettimeofday() and user-space VDSO is implemented to handle such
>>>> changes.
>>>> 
>>> As I said userspace applications and libraries should not rely on the layout of
>>> vdso_data because this is not part of the ABI.
>>> 
>>> The only thing that userspace requires is to "know" that gettimeofday() exists,
>>> than it is gettimeofday() that internally accesses the data structure.
>> 
>> Well, with user-space I include the lib that provides the gettimeofday() syscall
>> and reads out the memory region where the VDSO data structure is provided by the
>> kernel. And that part comes from Debian. Somehow it does differently with 4.19
>> than 5.4. So I summarise all non-kernel code with the term "user-space".
>> 
> 
> The the lib that provides the gettimeofday() changes accordingly with vdso_data.
> 5.4 and 4.19 have 2 different vdso libraries as well.

Yes, that is what I have assumed what happens. How do these libs go into an existing
and working root-file-system with Debian Stretch?

Is it part of the linux kernel tree so that some make option can build it and we can
install it like kernel modules (sorry for these beginners questions. I never did care
about VDSO before I ran into this problem)?

Is there a mechanism that Debian Stretch knows about the newer library
and can automatically find out which one to install.

This is what I mean with breaking user-space ABI.

Or must the user know about that and do a manual install of the vdso libs from external
sources?

If that is the case there should be at least a CONFIG option to provide the
older vdso_data or the option to completely disable VDSO for gettimeofday()
so that the library falls back to a traditional syscall.

BR and thanks,
Nikolaus



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ