time: copy tai value (International Atomic Time, in seconds) to output __user struct in get_old_timex32().
| Message ID | 20221121055345.111567-1-jake.macneal@gmail.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp1411994wrr;
Sun, 20 Nov 2022 22:15:35 -0800 (PST)
X-Google-Smtp-Source:
AA0mqf445T2Utrrf8DF21uouQyDz3YEc2iIPSEdAib8pqnbXv/LpIgR5hJxGkAeI+WjdY+mm8M9r
X-Received: by 2002:a17:906:2e96:b0:7ad:8f76:17c7 with SMTP id
o22-20020a1709062e9600b007ad8f7617c7mr3437060eji.315.1669011334942;
Sun, 20 Nov 2022 22:15:34 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1669011334; cv=none;
d=google.com; s=arc-20160816;
b=FBpENNBweOvX2d+4YLOp1CW+hYSbxl//51cFXFGppBGGeKUiOmSg7zKdos6o1qg5sX
NKxcOkZJw11gKHSUuE4vvo2c2MLjBCt5YmHY/HNiIjaz23lxHcHme4qRIqsNWIcULVvO
K4S0z4SNABmIUHwMOAJhU8LoM2zsW22VS5tGSuHqt3p4ySFic4C0jsd6zXA2BJszPyeQ
F4gqX8wFjVkfaS1pyqH7EKgF1zKYdnspTX2bCORbR1Ha4RMx41zD4W/oQmxDcXxfcFg/
xEXR6mst6q86Jri1Mc6j0TVMCMuU3H2StVMwdIat9BJx4nroKbYkYRbSbzHS7F2jy90l
12qQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=bYLHs4Tv0kzA8jWolRuh27E33bdQTTgUZOnHhl5CH3M=;
b=TVKV7g/P4d3FxWiUk9TUMg5RF2yu1KDZjJ3z/dqAP0Xr96G12n2Pv6dJmjtdKgM1Iw
+byoJiv3pv0lJ2EtB0gLd44NF6fbJzgXoE6n2aFSyHKUbUJLIv9GyJEsJpmzFEAj/juj
zGBi2BnEWkjUTY+I6SQCsIH1bFYqmshoHWAbbOC4bqQdhRHHBcnEDcsfKlY70SRnuxRe
91lS1iNzTod6a9gyIl8wOXopMc6Y/IsYqwMNR3640pz0/I2ue5wkD2l1za1XTpUeN1Ff
RNwJt2nCN4047Gllk/rqmqyAyC8UOogrZo5AWy92Mk4co5w/4tXLscARFpKGi5Ux7Gy0
hhXw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@gmail.com header.s=20210112 header.b=hrakBflw;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
cx24-20020a05640222b800b0046979f11f42si2455851edb.466.2022.11.20.22.15.07;
Sun, 20 Nov 2022 22:15:34 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@gmail.com header.s=20210112 header.b=hrakBflw;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S229598AbiKUFyZ (ORCPT <rfc822;peter110.wang@gmail.com>
+ 99 others); Mon, 21 Nov 2022 00:54:25 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48200 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229447AbiKUFyY (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Mon, 21 Nov 2022 00:54:24 -0500
Received: from mail-qt1-x830.google.com (mail-qt1-x830.google.com
[IPv6:2607:f8b0:4864:20::830])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 018F02A942
for <linux-kernel@vger.kernel.org>;
Sun, 20 Nov 2022 21:54:23 -0800 (PST)
Received: by mail-qt1-x830.google.com with SMTP id fz10so6717718qtb.3
for <linux-kernel@vger.kernel.org>;
Sun, 20 Nov 2022 21:54:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=bYLHs4Tv0kzA8jWolRuh27E33bdQTTgUZOnHhl5CH3M=;
b=hrakBflwl6mnCesxOJqgLI1x1zXR8GYUlRuzuY4HEi/974Eo5XCR4UAkr/66pD/31O
OpKeHtleGC2X4PtnRKfUg45AzOmEZV6rrmle0NvVFfKJ4dHc/QtefVkLBicrcKYTlwXc
ZGCzuVaHC9u8jBepT3EcudxWkBz8IBuJni72ChR/XqvcqThGL0tuTV4OxrqnD0ZJ/J7U
YvcHFENT+2eNcI/DBjJzAfV98IG4FkS4sx8sXx5sbehTfrXxnoH61AjBKk5gY1Tns+I8
ygq7mS3Mt6nDHYxJzum849SPjAreBRgL//c9BoNzkFa3ObFbK6x1q7t//Kr5/ff54w7V
N6Qw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=bYLHs4Tv0kzA8jWolRuh27E33bdQTTgUZOnHhl5CH3M=;
b=GBqgoqe7qmD4StOHNLkg0FLmI4hcrWy6cjGvQfDiuTF/oUoaT3Et5tmcf83+7Qpi9/
F1JyQd5AxRBsJX7jDj3KGn4NJOA23UDpa93HA8xgJ0fKCQsqivWhxFXJtJcTVEon153+
0jpGFPr7VzsfKx270Usq1luqIIPkdC05EeZeoyIRxPOi5TFtNuft8q7XHSg2Q2nlpxlZ
cVORcsWwxCAgi7r5cKJkiTWwMJulTXwBf+Q5CT+gUyEVFpsRN01yVbWm5szNa5/D/etx
mBpjXO3y2mpuQBDqp38PAgSSX9uApXxRONtgzgFC8MN6N4jAQGObe+jULU2cHpEs/0jw
0sRQ==
X-Gm-Message-State: ANoB5plb5DrQTZ52L9ZWIjYBNITkLMQ0stamUVkr5IL5Iee3ZlOA/7rD
cSgyqOM6RhIzdlHt67hlir/Vco8vTVfVC1ts9aA=
X-Received: by 2002:a05:622a:1a19:b0:3a5:c55a:72c4 with SMTP id
f25-20020a05622a1a1900b003a5c55a72c4mr16225709qtb.223.1669010061801;
Sun, 20 Nov 2022 21:54:21 -0800 (PST)
Received: from localhost.localdomain
(bras-base-mtrlpq4362w-grc-30-76-66-139-34.dsl.bell.ca. [76.66.139.34])
by smtp.googlemail.com with ESMTPSA id
cc16-20020a05622a411000b003a606428a59sm6232862qtb.91.2022.11.20.21.54.21
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sun, 20 Nov 2022 21:54:21 -0800 (PST)
From: Jacob Macneal <jake.macneal@gmail.com>
To: linux-kernel@vger.kernel.org
Cc: jake.macneal@gmail.com, John Stultz <jstultz@google.com>,
Thomas Gleixner <tglx@linutronix.de>,
Stephen Boyd <sboyd@kernel.org>
Subject: [PATCH] time: copy tai value (International Atomic Time,
in seconds) to output __user struct in get_old_timex32().
Date: Mon, 21 Nov 2022 00:53:45 -0500
Message-Id: <20221121055345.111567-1-jake.macneal@gmail.com>
X-Mailer: git-send-email 2.32.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,
RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1750085229633522004?=
X-GMAIL-MSGID: =?utf-8?q?1750085229633522004?=
|
| Series |
time: copy tai value (International Atomic Time, in seconds) to output __user struct in get_old_timex32().
|
|
Commit Message
Jacob Macneal
Nov. 21, 2022, 5:53 a.m. UTC
Previously, this value was not copied into the output struct. This is
despite all other fields of the corresponding __kernel_timex struct being
copied to the old_timex32 __user struct in this function.
Additionally, the matching function put_old_timex32() expects a tai value
to be supplied, and copies it appropriately. It would appear to be a
mistake that this value was never copied over in get_old_timex32().
Signed-off-by: Jacob Macneal <jake.macneal@gmail.com>
---
kernel/time/time.c | 1 +
1 file changed, 1 insertion(+)
Comments
On Sun, Nov 20, 2022 at 9:54 PM Jacob Macneal <jake.macneal@gmail.com> wrote: > > Previously, this value was not copied into the output struct. This is > despite all other fields of the corresponding __kernel_timex struct being > copied to the old_timex32 __user struct in this function. > > Additionally, the matching function put_old_timex32() expects a tai value > to be supplied, and copies it appropriately. It would appear to be a > mistake that this value was never copied over in get_old_timex32(). > > Signed-off-by: Jacob Macneal <jake.macneal@gmail.com> > --- > kernel/time/time.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/kernel/time/time.c b/kernel/time/time.c > index 526257b3727c..7da9951b033a 100644 > --- a/kernel/time/time.c > +++ b/kernel/time/time.c > @@ -311,6 +311,7 @@ int get_old_timex32(struct __kernel_timex *txc, const struct old_timex32 __user > txc->calcnt = tx32.calcnt; > txc->errcnt = tx32.errcnt; > txc->stbcnt = tx32.stbcnt; > + txc->tai = tx32.tai; > This does seem like something that was overlooked. Arnd: There isn't something more subtle I'm missing here, right? Otherwise: Acked-by: John Stultz <jstultz@google.com> thanks -john
On Wed, Nov 23, 2022, at 19:54, John Stultz wrote: > On Sun, Nov 20, 2022 at 9:54 PM Jacob Macneal <jake.macneal@gmail.com> wrote: >> >> Previously, this value was not copied into the output struct. This is >> despite all other fields of the corresponding __kernel_timex struct being >> copied to the old_timex32 __user struct in this function. >> >> Additionally, the matching function put_old_timex32() expects a tai value >> to be supplied, and copies it appropriately. It would appear to be a >> mistake that this value was never copied over in get_old_timex32(). >> >> Signed-off-by: Jacob Macneal <jake.macneal@gmail.com> >> --- >> kernel/time/time.c | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/kernel/time/time.c b/kernel/time/time.c >> index 526257b3727c..7da9951b033a 100644 >> --- a/kernel/time/time.c >> +++ b/kernel/time/time.c >> @@ -311,6 +311,7 @@ int get_old_timex32(struct __kernel_timex *txc, const struct old_timex32 __user >> txc->calcnt = tx32.calcnt; >> txc->errcnt = tx32.errcnt; >> txc->stbcnt = tx32.stbcnt; >> + txc->tai = tx32.tai; >> > > This does seem like something that was overlooked. > > Arnd: There isn't something more subtle I'm missing here, right? I agree. Looking at the git history, it seems that the tai field was added a long time ago in 153b5d054ac2 ("ntp: support for TAI"). The commit correctly did the conversion for copying the data out of the kernel and did not copy the value in because it wasn't needed at the time. I don't see any user of the tai field that gets copied into the kernel, so the bug appears harmless, but Jacob's fix is nevertheless correct, as we should not use any uninitialized data in a structure that comes from userspace. > Otherwise: > Acked-by: John Stultz <jstultz@google.com> > Reviewed-by: Arnd Bergmann <arnd@arndb.de>
On Wed, Nov 23, 2022 at 11:53 AM Arnd Bergmann <arnd@arndb.de> wrote: > On Wed, Nov 23, 2022, at 19:54, John Stultz wrote: > > On Sun, Nov 20, 2022 at 9:54 PM Jacob Macneal <jake.macneal@gmail.com> wrote: > >> --- a/kernel/time/time.c > >> +++ b/kernel/time/time.c > >> @@ -311,6 +311,7 @@ int get_old_timex32(struct __kernel_timex *txc, const struct old_timex32 __user > >> txc->calcnt = tx32.calcnt; > >> txc->errcnt = tx32.errcnt; > >> txc->stbcnt = tx32.stbcnt; > >> + txc->tai = tx32.tai; > >> > > > > This does seem like something that was overlooked. > > > > Arnd: There isn't something more subtle I'm missing here, right? > > I agree. Looking at the git history, it seems that the tai field > was added a long time ago in 153b5d054ac2 ("ntp: support for TAI"). > The commit correctly did the conversion for copying the data out > of the kernel and did not copy the value in because it wasn't > needed at the time. > > I don't see any user of the tai field that gets copied into > the kernel, so the bug appears harmless, but Jacob's fix is Oh, right. There is a quirk of the adjtimex ADJ_TAI interface (added in 153b5d054ac2) where it for some reason used the constant field instead of the newly added tai field. So we never should be using the tai field value from userspace (only writing it out), which might have been the reason it was not copied over. > nevertheless correct, as we should not use any uninitialized > data in a structure that comes from userspace. Agreed. thanks -john
On Wed, Nov 23 2022 at 20:53, Arnd Bergmann wrote: > On Wed, Nov 23, 2022, at 19:54, John Stultz wrote: >>> --- a/kernel/time/time.c >>> +++ b/kernel/time/time.c >>> @@ -311,6 +311,7 @@ int get_old_timex32(struct __kernel_timex *txc, const struct old_timex32 __user >>> txc->calcnt = tx32.calcnt; >>> txc->errcnt = tx32.errcnt; >>> txc->stbcnt = tx32.stbcnt; >>> + txc->tai = tx32.tai; >>> >> >> This does seem like something that was overlooked. >> >> Arnd: There isn't something more subtle I'm missing here, right? > > I agree. Looking at the git history, it seems that the tai field > was added a long time ago in 153b5d054ac2 ("ntp: support for TAI"). > The commit correctly did the conversion for copying the data out > of the kernel and did not copy the value in because it wasn't > needed at the time. > > I don't see any user of the tai field that gets copied into > the kernel, so the bug appears harmless, but Jacob's fix is > nevertheless correct, as we should not use any uninitialized > data in a structure that comes from userspace. There is no uninitialized data. txc is zeroed at the beginning of that function. I agree that it's inconsistent vs. the regular adjtimex(), but as there is no usage of the txc->tai value coming from user space it's pretty much cosmetic. Thanks, tglx
Jacob! On Mon, Nov 21 2022 at 00:53, Jacob Macneal wrote: > Previously, this value was not copied into the output struct. Previously has no meaning here. > This is despite all other fields of the corresponding __kernel_timex > struct being copied to the old_timex32 __user struct in this function. This is completely backwards. get_old_timex32() copies from the user supplied old_timex32 struct to the __kernel_timex struct, no? > Additionally, the matching function put_old_timex32() expects a tai > value to be supplied, and copies it appropriately. It would appear to > be a mistake that this value was never copied over in > get_old_timex32(). Sure, but the important point is that txc->tai is never used as input from userspace. It's only ever used as output to userspace, which explains why this never caused any functional issue. I'm not against this change per se, but the justification for it really boils down to: Make it consistent with the regular syscall Thanks, tglx
Jake, On Thu, Dec 01 2022 at 10:00, Jake Macneal wrote: >>> This is despite all other fields of the corresponding __kernel_timex >>> struct being copied to the old_timex32 __user struct in this function. > >> This is completely backwards. get_old_timex32() copies from the user >> supplied old_timex32 struct to the __kernel_timex struct, no? > > You're totally right, I managed to mix up the order right off the bat. > >> I'm not against this change per se, but the justification for it really >> boils down to: > >> Make it consistent with the regular syscall > > I agree, that's a better summary. There isn't any effect in the kernel > now due to get_old_timex32() ignoring the tai value from userspace. So > this patch would be purely aesthetic, although one might argue that > copying the userspace tai value into txc is also less likely to lead > to a bug in the future, were any of the functions do_adjtimex(), > __do_adjtimex(), or process_adjtimex_modes() to be changed in a way so > that the userspace tai value became used (I realize this is unlikely). Right. Unlikely or not, consistency is always a good thing. > I apologize for any confusion I caused. No problem. Been there, done that :) Thanks, tglx
diff --git a/kernel/time/time.c b/kernel/time/time.c index 526257b3727c..7da9951b033a 100644 --- a/kernel/time/time.c +++ b/kernel/time/time.c @@ -311,6 +311,7 @@ int get_old_timex32(struct __kernel_timex *txc, const struct old_timex32 __user txc->calcnt = tx32.calcnt; txc->errcnt = tx32.errcnt; txc->stbcnt = tx32.stbcnt; + txc->tai = tx32.tai; return 0; }