lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAK8P3a0z5jE=Z3Ps5bFTCFT7CHZR1JQ8VhdntDJAfsUxSPCcEw@mail.gmail.com>
Date:   Wed, 15 Sep 2021 21:00:32 +0200
From:   Arnd Bergmann <arnd@...nel.org>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        "# 3.4.x" <stable@...r.kernel.org>,
        Lukas Hannen <lukas.hannen@...nsource.tttech-industrial.com>,
        Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [PATCH 5.14 298/334] time: Handle negative seconds correctly in timespec64_to_ns()

On Tue, Sep 14, 2021 at 1:22 AM Greg Kroah-Hartman
<gregkh@...uxfoundation.org> wrote:
>  /*
>   * Limits for settimeofday():
> @@ -124,10 +126,13 @@ static inline bool timespec64_valid_sett
>   */
>  static inline s64 timespec64_to_ns(const struct timespec64 *ts)
>  {
> -       /* Prevent multiplication overflow */
> -       if ((unsigned long long)ts->tv_sec >= KTIME_SEC_MAX)
> +       /* Prevent multiplication overflow / underflow */
> +       if (ts->tv_sec >= KTIME_SEC_MAX)
>                 return KTIME_MAX;
>
> +       if (ts->tv_sec <= KTIME_SEC_MIN)
> +               return KTIME_MIN;
> +

I just saw this get merged for the stable kernels, and had not seen this when
Thomas originally merged it.

I can see how this helps the ptp_clock_adjtime() users, but I just
double-checked
what other callers exist, and I think it introduces a regression in setitimer(),
which does

        nval = timespec64_to_ns(&value->it_value);
        ninterval = timespec64_to_ns(&value->it_interval);

without any further range checking that I could find. Setting timers
with negative intervals sounds like a bad idea, and interpreting negative
it_value as a past time instead of KTIME_SEC_MAX sounds like an
unintended interface change.

I haven't done any proper analysis of the changes, so maybe it's all
good, but I think we need to double-check this, and possibly revert
it from the stable kernels until a final conclusion.

        Arnd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ