lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ZxeLMu1Hy2VCqzJ6@duo.ucw.cz>
Date: Tue, 22 Oct 2024 13:23:30 +0200
From: Pavel Machek <pavel@....cz>
To: Thomas Gleixner <tglx@...utronix.de>, Greg KH <greg@...ah.com>
Cc: Jakub Kicinski <kuba@...nel.org>, Jinjie Ruan <ruanjinjie@...wei.com>,
	bryan.whitehead@...rochip.com, davem@...emloft.net,
	edumazet@...gle.com, pabeni@...hat.com, anna-maria@...utronix.de,
	frederic@...nel.org, richardcochran@...il.com, johnstul@...ibm.com,
	UNGLinuxDriver@...rochip.com, jstultz@...gle.com,
	netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v5 RESEND 1/2] posix-clock: Fix missing timespec64 check
 in pc_clock_settime()

Hi!

> >> > I'm guessing we can push this into 6.12-rc and the other patch into
> >> > net-next. I'll toss it into net on Monday unless someone objects.  
> >> 
> >> Can you folks please at least wait until the maintainers of the code in
> >> question had a look ?
> >
> > You are literally quoting the text where I say I will wait 3 more days.
> > Unfortunately "until the maintainers respond" leads to waiting forever
> > 50% of the time, and even when we cap at 3 working days we have 300
> > patches in the queue (292 right now, and I already spent 2 hours
> > reviewing today). Hope you understand.
> 
> I understand very well, but _I_ spent the time to review the earlier
> variants of these patches and to debate with the submitter up to rev
> 5.
> 
> Now you go and apply a patch to a subsystem you do not even maintain just
> because I did not have the bandwidth to look at it within the time
> limit you defined? Seriously?
> 
> This problem is there for years, so a few days +/- are absolutely not
> relevant.
> 
> > Sorry if we applied too early, please review, I'll revert if it's no
> > good.

It is no good :-( and it is now in stable.

It needs to goto out in the error case, to permit cleanups.

Best regards,
								Pavel

+++ b/kernel/time/posix-clock.c
@@ -312,6 +312,9 @@ static int pc_clock_settime(clockid_t id, const struct timespec64 *ts)
                goto out;
        }
 
+       if (!timespec64_valid_strict(ts))
+               return -EINVAL;
+
        if (cd.clk->ops.clock_settime)
                err = cd.clk->ops.clock_settime(cd.clk, ts);
        else




-- 
People of Russia, stop Putin before his war on Ukraine escalates.

Download attachment "signature.asc" of type "application/pgp-signature" (196 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ