lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 21 Jan 2020 11:21:56 +0100
From:   Lucas Stach <l.stach@...gutronix.de>
To:     Arnd Bergmann <arnd@...db.de>
Cc:     Guido Günther <agx@...xcpu.org>,
        Philipp Zabel <p.zabel@...gutronix.de>,
        y2038 Mailman List <y2038@...ts.linaro.org>,
        The etnaviv authors <etnaviv@...ts.freedesktop.org>,
        dri-devel <dri-devel@...ts.freedesktop.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        David Airlie <airlied@...ux.ie>,
        Christian Gmeiner <christian.gmeiner@...il.com>,
        Daniel Vetter <daniel@...ll.ch>,
        Russell King <linux+etnaviv@...linux.org.uk>,
        Emil Velikov <emil.velikov@...labora.com>,
        Sam Ravnborg <sam@...nborg.org>
Subject: Re: [PATCH v2 13/24] drm/etnaviv: reject timeouts with tv_nsec >=
 NSEC_PER_SEC

On Mo, 2020-01-20 at 19:47 +0100, Arnd Bergmann wrote:
> On Mon, Jan 20, 2020 at 6:48 PM Lucas Stach <l.stach@...gutronix.de> wrote:
> > On Fr, 2020-01-17 at 16:47 +0100, Guido Günther wrote:
> > > This breaks rendering here on arm64/gc7000 due to
> > > 
> > > ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_PREP or DRM_IOCTL_MSM_GEM_CPU_PREP, 0xfffff7888680) = -1 EINVAL (Invalid argument)
> > > ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_FINI or DRM_IOCTL_QXL_CLIENTCAP, 0xfffff78885e0) = 0
> > > ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_PREP or DRM_IOCTL_MSM_GEM_CPU_PREP, 0xfffff7888680) = -1 EINVAL (Invalid argument)
> > > ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_FINI or DRM_IOCTL_QXL_CLIENTCAP, 0xfffff78885e0) = 0
> > > ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_PREP or DRM_IOCTL_MSM_GEM_CPU_PREP, 0xfffff7888680) = -1 EINVAL (Invalid argument)
> > > ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_FINI or DRM_IOCTL_QXL_CLIENTCAP, 0xfffff78885e0) = 0
> > > 
> > > This is due to
> > > 
> > >     get_abs_timeout(&req.timeout, 5000000000);
> > > 
> > > in etna_bo_cpu_prep which can exceed NSEC_PER_SEC.
> > > 
> > > Should i send a patch to revert that change since it breaks existing userspace?
> > 
> > No need to revert. This patch has not been applied to the etnaviv tree
> > yet, I guess it's just in one of Arnds branches feeding into -next.
> > 
> > That part of userspace is pretty dumb, as it misses to renormalize
> > tv_nsec when it overflows the second boundary. So if what I see is
> > correct it should be enough to allow 2 * NSEC_PER_SEC, which should
> > both reject broken large timeout and keep existing userspace working.
> 
> Ah, so it's never more than 2 billion nanoseconds in known user space?
> I can definitely change my patch (actually add one on top) to allow that
> and handle it as before, or alternatively accept any 64-bit nanosecond value
> as arm64 already did, but make it less inefficient to handle.

So the broken userspace code looks like this:

static inline void get_abs_timeout(struct drm_etnaviv_timespec *tv, uint64_t ns)
{
        struct timespec t;
        uint32_t s = ns / 1000000000;
        clock_gettime(CLOCK_MONOTONIC, &t);
        tv->tv_sec = t.tv_sec + s;
        tv->tv_nsec = t.tv_nsec + ns - (s * 1000000000);
}

Which means it _tries_ to do the right thing by putting the billion
part into the tv_sec member and only the remaining ns part is added to
tv_nsec, but then it fails to propagate a tv_nsec overflow over
NSEC_PER_SEC into tv_sec.

Which means the tv_nsec should never be more than 2 * NSEC_PER_SEC in
known userspace. I would prefer if we could make the interface as
strict as possible (i.e. no arbitrary large numbers in tv_nsec), while
keeping this specific corner case working.

Regards,
Lucas

Powered by blists - more mailing lists