24 Jun, 2018

1 commit

  • This will aid in enabling the compat syscalls on 32-bit architectures later
    on.

    Also move compat_itimerspec and related defines to compat_time.h. The
    compat_time.h file will eventually be deleted.

    Signed-off-by: Deepa Dinamani
    Signed-off-by: Thomas Gleixner
    Cc: arnd@arndb.de
    Cc: viro@zeniv.linux.org.uk
    Cc: linux-fsdevel@vger.kernel.org
    Cc: linux-api@vger.kernel.org
    Cc: y2038@lists.linaro.org
    Link: https://lkml.kernel.org/r/20180617051144.29756-3-deepa.kernel@gmail.com

    Deepa Dinamani
     

05 Jun, 2018

1 commit

  • Pull timers and timekeeping updates from Thomas Gleixner:

    - Core infrastucture work for Y2038 to address the COMPAT interfaces:

    + Add a new Y2038 safe __kernel_timespec and use it in the core
    code

    + Introduce config switches which allow to control the various
    compat mechanisms

    + Use the new config switch in the posix timer code to control the
    32bit compat syscall implementation.

    - Prevent bogus selection of CPU local clocksources which causes an
    endless reselection loop

    - Remove the extra kthread in the clocksource code which has no value
    and just adds another level of indirection

    - The usual bunch of trivial updates, cleanups and fixlets all over the
    place

    - More SPDX conversions

    * 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (24 commits)
    clocksource/drivers/mxs_timer: Switch to SPDX identifier
    clocksource/drivers/timer-imx-tpm: Switch to SPDX identifier
    clocksource/drivers/timer-imx-gpt: Switch to SPDX identifier
    clocksource/drivers/timer-imx-gpt: Remove outdated file path
    clocksource/drivers/arc_timer: Add comments about locking while read GFRC
    clocksource/drivers/mips-gic-timer: Add pr_fmt and reword pr_* messages
    clocksource/drivers/sprd: Fix Kconfig dependency
    clocksource: Move inline keyword to the beginning of function declarations
    timer_list: Remove unused function pointer typedef
    timers: Adjust a kernel-doc comment
    tick: Prefer a lower rating device only if it's CPU local device
    clocksource: Remove kthread
    time: Change nanosleep to safe __kernel_* types
    time: Change types to new y2038 safe __kernel_* types
    time: Fix get_timespec64() for y2038 safe compat interfaces
    time: Add new y2038 safe __kernel_timespec
    posix-timers: Make compat syscalls depend on CONFIG_COMPAT_32BIT_TIME
    time: Introduce CONFIG_COMPAT_32BIT_TIME
    time: Introduce CONFIG_64BIT_TIME in architectures
    compat: Enable compat_get/put_timespec64 always
    ...

    Linus Torvalds
     

11 May, 2018

1 commit

  • Commit 3a4d44b61625 ("ntp: Move adjtimex related compat syscalls to
    native counterparts") removed the memset() in compat_get_timex(). Since
    then, the compat adjtimex syscall can invoke do_adjtimex() with an
    uninitialized ->tai.

    If do_adjtimex() doesn't write to ->tai (e.g. because the arguments are
    invalid), compat_put_timex() then copies the uninitialized ->tai field
    to userspace.

    Fix it by adding the memset() back.

    Fixes: 3a4d44b61625 ("ntp: Move adjtimex related compat syscalls to native counterparts")
    Signed-off-by: Jann Horn
    Acked-by: Kees Cook
    Acked-by: Al Viro
    Signed-off-by: Linus Torvalds

    Jann Horn
     

19 Apr, 2018

1 commit


03 Apr, 2018

2 commits

  • Move compat_sys_move_pages() to mm/migrate.c and make it call a newly
    introduced helper -- kernel_move_pages() -- instead of the syscall.

    This patch is part of a series which removes in-kernel calls to syscalls.
    On this basis, the syscall entry path can be streamlined. For details, see
    http://lkml.kernel.org/r/20180325162527.GA17492@light.dominikbrodowski.net

    Cc: Al Viro
    Cc: linux-mm@kvack.org
    Cc: Andrew Morton
    Signed-off-by: Dominik Brodowski

    Dominik Brodowski
     
  • Move compat_sys_migrate_pages() to mm/mempolicy.c and make it call a newly
    introduced helper -- kernel_migrate_pages() -- instead of the syscall.

    This patch is part of a series which removes in-kernel calls to syscalls.
    On this basis, the syscall entry path can be streamlined. For details, see
    http://lkml.kernel.org/r/20180325162527.GA17492@light.dominikbrodowski.net

    Cc: Al Viro
    Cc: linux-mm@kvack.org
    Cc: Andrew Morton
    Signed-off-by: Dominik Brodowski

    Dominik Brodowski
     

03 Mar, 2018

1 commit

  • Since commit afcc90f8621e ("usercopy: WARN() on slab cache usercopy
    region violations"), MIPS systems booting with a compat root filesystem
    emit a warning when copying compat siginfo to userspace:

    WARNING: CPU: 0 PID: 953 at mm/usercopy.c:81 usercopy_warn+0x98/0xe8
    Bad or missing usercopy whitelist? Kernel memory exposure attempt
    detected from SLAB object 'task_struct' (offset 1432, size 16)!
    Modules linked in:
    CPU: 0 PID: 953 Comm: S01logging Not tainted 4.16.0-rc2 #10
    Stack : ffffffff808c0000 0000000000000000 0000000000000001 65ac85163f3bdc4a
    65ac85163f3bdc4a 0000000000000000 90000000ff667ab8 ffffffff808c0000
    00000000000003f8 ffffffff808d0000 00000000000000d1 0000000000000000
    000000000000003c 0000000000000000 ffffffff808c8ca8 ffffffff808d0000
    ffffffff808d0000 ffffffff80810000 fffffc0000000000 ffffffff80785c30
    0000000000000009 0000000000000051 90000000ff667eb0 90000000ff667db0
    000000007fe0d938 0000000000000018 ffffffff80449958 0000000020052798
    ffffffff808c0000 90000000ff664000 90000000ff667ab0 00000000100c0000
    ffffffff80698810 0000000000000000 0000000000000000 0000000000000000
    0000000000000000 0000000000000000 ffffffff8010d02c 65ac85163f3bdc4a
    ...
    Call Trace:
    [] show_stack+0x9c/0x130
    [] dump_stack+0x90/0xd0
    [] __warn+0x100/0x118
    [] warn_slowpath_fmt+0x4c/0x70
    [] usercopy_warn+0x98/0xe8
    [] __check_object_size+0xfc/0x250
    [] put_compat_sigset+0x30/0x88
    [] setup_rt_frame_n32+0xc4/0x160
    [] do_signal+0x19c/0x230
    [] do_notify_resume+0x60/0x78
    [] work_notifysig+0x10/0x18
    ---[ end trace 88fffbf69147f48a ]---

    Commit 5905429ad856 ("fork: Provide usercopy whitelisting for
    task_struct") noted that:

    "While the blocked and saved_sigmask fields of task_struct are copied to
    userspace (via sigmask_to_save() and setup_rt_frame()), it is always
    copied with a static length (i.e. sizeof(sigset_t))."

    However, this is not true in the case of compat signals, whose sigset
    is copied by put_compat_sigset and receives size as an argument.

    At most call sites, put_compat_sigset is copying a sigset from the
    current task_struct. This triggers a warning when
    CONFIG_HARDENED_USERCOPY is active. However, by marking this function as
    static inline, the warning can be avoided because in all of these cases
    the size is constant at compile time, which is allowed. The only site
    where this is not the case is handling the rt_sigpending syscall, but
    there the copy is being made from a stack local variable so does not
    trigger the warning.

    Move put_compat_sigset to compat.h, and mark it static inline. This
    fixes the WARN on MIPS.

    Fixes: afcc90f8621e ("usercopy: WARN() on slab cache usercopy region violations")
    Signed-off-by: Matt Redfearn
    Acked-by: Kees Cook
    Cc: "Dmitry V . Levin"
    Cc: Al Viro
    Cc: kernel-hardening@lists.openwall.com
    Cc: linux-mips@linux-mips.org
    Patchwork: https://patchwork.linux-mips.org/patch/18639/
    Signed-off-by: James Hogan

    Matt Redfearn
     

07 Feb, 2018

1 commit

  • CPUmasks are never big enough to warrant 64-bit code.

    Space savings:

    add/remove: 0/0 grow/shrink: 1/4 up/down: 3/-17 (-14)
    Function old new delta
    sched_init_numa 1530 1533 +3
    compat_sys_sched_setaffinity 160 159 -1
    sys_sched_getaffinity 197 195 -2
    sys_sched_setaffinity 183 176 -7
    compat_sys_sched_getaffinity 179 172 -7

    Link: http://lkml.kernel.org/r/20171204165531.GA8221@avx2
    Signed-off-by: Alexey Dobriyan
    Cc: Ingo Molnar
    Cc: Peter Zijlstra
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Alexey Dobriyan
     

20 Sep, 2017

4 commits


16 Jul, 2017

1 commit


07 Jul, 2017

1 commit

  • Pull misc compat stuff updates from Al Viro:
    "This part is basically untangling various compat stuff. Compat
    syscalls moved to their native counterparts, getting rid of quite a
    bit of double-copying and/or set_fs() uses. A lot of field-by-field
    copyin/copyout killed off.

    - kernel/compat.c is much closer to containing just the
    copyin/copyout of compat structs. Not all compat syscalls are gone
    from it yet, but it's getting there.

    - ipc/compat_mq.c killed off completely.

    - block/compat_ioctl.c cleaned up; floppy compat ioctls moved to
    drivers/block/floppy.c where they belong. Yes, there are several
    drivers that implement some of the same ioctls. Some are m68k and
    one is 32bit-only pmac. drivers/block/floppy.c is the only one in
    that bunch that can be built on biarch"

    * 'misc.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
    mqueue: move compat syscalls to native ones
    usbdevfs: get rid of field-by-field copyin
    compat_hdio_ioctl: get rid of set_fs()
    take floppy compat ioctls to sodding floppy.c
    ipmi: get rid of field-by-field __get_user()
    ipmi: get COMPAT_IPMICTL_RECEIVE_MSG in sync with the native one
    rt_sigtimedwait(): move compat to native
    select: switch compat_{get,put}_fd_set() to compat_{get,put}_bitmap()
    put_compat_rusage(): switch to copy_to_user()
    sigpending(): move compat to native
    getrlimit()/setrlimit(): move compat to native
    times(2): move compat to native
    compat_{get,put}_bitmap(): use unsafe_{get,put}_user()
    fb_get_fscreeninfo(): don't bother with do_fb_ioctl()
    do_sigaltstack(): lift copying to/from userland into callers
    take compat_sys_old_getrlimit() to native syscall
    trim __ARCH_WANT_SYS_OLD_GETRLIMIT

    Linus Torvalds
     

06 Jul, 2017

2 commits

  • Pull timer-related user access updates from Al Viro:
    "Continuation of timers-related stuff (there had been more, but my
    parts of that series are already merged via timers/core). This is more
    of y2038 work by Deepa Dinamani, partially disrupted by the
    unification of native and compat timers-related syscalls"

    * 'timers-compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
    posix_clocks: Use get_itimerspec64() and put_itimerspec64()
    timerfd: Use get_itimerspec64() and put_itimerspec64()
    nanosleep: Use get_timespec64() and put_timespec64()
    posix-timers: Use get_timespec64() and put_timespec64()
    posix-stubs: Conditionally include COMPAT_SYS_NI defines
    time: introduce {get,put}_itimerspec64
    time: add get_timespec64 and put_timespec64

    Linus Torvalds
     
  • Pull wait syscall updates from Al Viro:
    "Consolidating sys_wait* and compat counterparts.

    Gets rid of set_fs()/double-copy mess, simplifies the whole thing
    (lifting the copyouts to the syscalls means less headache in the part
    that does actual work - fewer failure exits, to start with), gets rid
    of the overhead of field-by-field __put_user()"

    * 'work.sys_wait' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
    osf_wait4: switch to kernel_wait4()
    waitid(): switch copyout of siginfo to unsafe_put_user()
    wait_task_zombie: consolidate info logics
    kill wait_noreap_copyout()
    lift getrusage() from wait_noreap_copyout()
    waitid(2): leave copyout of siginfo to syscall itself
    kernel_wait4()/kernel_waitid(): delay copying status to userland
    wait4(2)/waitid(2): separate copying rusage to userland
    move compat wait4 and waitid next to native variants

    Linus Torvalds
     

26 Jun, 2017

2 commits

  • As we change the user space type for the timerfd and posix timer
    functions to newer data types, we need some form of conversion
    helpers to avoid duplicating that logic.

    Suggested-by: Arnd Bergmann
    Signed-off-by: Deepa Dinamani
    Signed-off-by: Al Viro

    Deepa Dinamani
     
  • Add helper functions to convert between struct timespec64 and
    struct timespec at userspace boundaries.

    This is a preparatory patch to use timespec64 as the basic type
    internally in the kernel as timespec is not y2038 safe on 32 bit systems.
    The patch helps the cause by containing all data conversions at the
    userspace boundaries within these functions.

    Suggested-by: Arnd Bergmann
    Signed-off-by: Deepa Dinamani
    Signed-off-by: Al Viro

    Deepa Dinamani
     

14 Jun, 2017

10 commits


10 Jun, 2017

6 commits


28 May, 2017

1 commit


22 May, 2017

1 commit


15 Apr, 2017

2 commits

  • struct timespec is not y2038 safe on 32 bit machines. Replace uses of
    struct timespec with struct timespec64 in the kernel.

    The syscall interfaces themselves will be changed in a separate series.

    Note that the restart_block parameter for nanosleep has also been left
    unchanged and will be part of syscall series noted above.

    Signed-off-by: Deepa Dinamani
    Cc: y2038@lists.linaro.org
    Cc: john.stultz@linaro.org
    Cc: arnd@arndb.de
    Link: http://lkml.kernel.org/r/1490555058-4603-8-git-send-email-deepa.kernel@gmail.com
    Signed-off-by: Thomas Gleixner

    Deepa Dinamani
     
  • struct timespec is not y2038 safe on 32 bit machines and needs to be
    replaced with struct timespec64.

    do_sys_timeofday() is just a wrapper function. Replace all calls to this
    function with direct calls to do_sys_timeofday64() instead and delete
    do_sys_timeofday().

    Signed-off-by: Deepa Dinamani
    Cc: y2038@lists.linaro.org
    Cc: john.stultz@linaro.org
    Cc: arnd@arndb.de
    Cc: linux-alpha@vger.kernel.org
    Link: http://lkml.kernel.org/r/1490555058-4603-2-git-send-email-deepa.kernel@gmail.com
    Signed-off-by: Thomas Gleixner

    Deepa Dinamani
     

25 Dec, 2016

1 commit


16 Nov, 2016

1 commit

  • Some embedded systems have no use for them. This removes about
    25KB from the kernel binary size when configured out.

    Corresponding syscalls are routed to a stub logging the attempt to
    use those syscalls which should be enough of a clue if they were
    disabled without proper consideration. They are: timer_create,
    timer_gettime: timer_getoverrun, timer_settime, timer_delete,
    clock_adjtime, setitimer, getitimer, alarm.

    The clock_settime, clock_gettime, clock_getres and clock_nanosleep
    syscalls are replaced by simple wrappers compatible with CLOCK_REALTIME,
    CLOCK_MONOTONIC and CLOCK_BOOTTIME only which should cover the vast
    majority of use cases with very little code.

    Signed-off-by: Nicolas Pitre
    Acked-by: Richard Cochran
    Acked-by: Thomas Gleixner
    Acked-by: John Stultz
    Reviewed-by: Josh Triplett
    Cc: Paul Bolle
    Cc: linux-kbuild@vger.kernel.org
    Cc: netdev@vger.kernel.org
    Cc: Michal Marek
    Cc: Edward Cree
    Link: http://lkml.kernel.org/r/1478841010-28605-7-git-send-email-nicolas.pitre@linaro.org
    Signed-off-by: Thomas Gleixner

    Nicolas Pitre