These series of patches try to convert parport device(ppdev) to
y2038 safe, and support y2038 safe and unsafe application at the
same time. The first version is here[1].
An y2038 safe application/kernel use 64bit time_t(aka time64_t)
to avoid 32-bit time types broken in the year 2038. Given that
some time relative struct(e.g. timeval in ppdev.c) is mainly the
offset of the real time, the old 32bit time_t in such application
is safe. We need to handle the 32bit time_t and 64bit time_t
application at the same time. My approach here is handle them as
different ioctl command for different size of timeval.
Build successful on arm64, arm and x86_64.
Changes since v1:
1. Fix the warning when build against x86_64.
[1] https://lkml.org/lkml/2015/12/9/32
Bamvor Jian Zhang (2):
ppdev: convert to y2038 safe
ppdev: add support for compat ioctl
drivers/char/ppdev.c | 87 ++++++++++++++++++++++++++++++++++++++++------------
1 file changed, 67 insertions(+), 20 deletions(-)
--
2.1.4
The y2038 issue for ppdev is changes of timeval in the ioctl
(PPSETTIME and PPGETTIME). The size of struct timeval changes from
8bytes to 16bytes due to the changes of time_t. It lead to the
changes of the command of ioctl, e.g. for PPGETTIME, We have:
on 32-bit (old): 0x80087095
on 32-bit (new): 0x80107095
on 64-bit : 0x80107095
This patch define these two ioctl commands to support the 32bit
and 64bit time_t application at the same time. And, introduce
pp_set_timeout to remove some duplicated code.
Signed-off-by: Bamvor Jian Zhang <[email protected]>
Reviewed-by: Arnd Bergmann <arnd at arndb.de>
---
drivers/char/ppdev.c | 75 ++++++++++++++++++++++++++++++++++++++--------------
1 file changed, 55 insertions(+), 20 deletions(-)
diff --git a/drivers/char/ppdev.c b/drivers/char/ppdev.c
index ae0b42b..19a4d6e 100644
--- a/drivers/char/ppdev.c
+++ b/drivers/char/ppdev.c
@@ -98,6 +98,13 @@ struct pp_struct {
#define ROUND_UP(x,y) (((x)+(y)-1)/(y))
static DEFINE_MUTEX(pp_do_mutex);
+
+/* define fixed sized ioctl cmd for y2038 migration */
+#define PPGETTIME32 _IOR(PP_IOCTL, 0x95, s32[2])
+#define PPSETTIME32 _IOW(PP_IOCTL, 0x96, s32[2])
+#define PPGETTIME64 _IOR(PP_IOCTL, 0x95, s64[2])
+#define PPSETTIME64 _IOW(PP_IOCTL, 0x96, s64[2])
+
static inline void pp_enable_irq (struct pp_struct *pp)
{
struct parport *port = pp->pdev->port;
@@ -322,6 +329,22 @@ static enum ieee1284_phase init_phase (int mode)
return IEEE1284_PH_FWD_IDLE;
}
+static int pp_set_timeout(struct pardevice *pdev, long tv_sec, int tv_usec)
+{
+ long to_jiffies;
+
+ if ((tv_sec < 0) || (tv_usec < 0))
+ return -EINVAL;
+
+ to_jiffies = usecs_to_jiffies(tv_usec);
+ to_jiffies += tv_sec * HZ;
+ if (to_jiffies <= 0)
+ return -EINVAL;
+
+ pdev->timeout = to_jiffies;
+ return 0;
+}
+
static int pp_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
{
unsigned int minor = iminor(file_inode(file));
@@ -495,9 +518,10 @@ static int pp_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
unsigned char reg;
unsigned char mask;
int mode;
+ s32 time32[2];
+ s64 time64[2];
+ struct timespec64 ts;
int ret;
- struct timeval par_timeout;
- long to_jiffies;
case PPRSTATUS:
reg = parport_read_status (port);
@@ -592,29 +616,40 @@ static int pp_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
atomic_sub (ret, &pp->irqc);
return 0;
- case PPSETTIME:
- if (copy_from_user (&par_timeout, argp, sizeof(struct timeval))) {
+ case PPSETTIME32:
+ if (copy_from_user(time32, argp, sizeof(time32)))
return -EFAULT;
- }
- /* Convert to jiffies, place in pp->pdev->timeout */
- if ((par_timeout.tv_sec < 0) || (par_timeout.tv_usec < 0)) {
- return -EINVAL;
- }
- to_jiffies = ROUND_UP(par_timeout.tv_usec, 1000000/HZ);
- to_jiffies += par_timeout.tv_sec * (long)HZ;
- if (to_jiffies <= 0) {
+
+ return pp_set_timeout(pp->pdev, time32[0], time32[1]);
+
+ case PPSETTIME64:
+ if (copy_from_user(time64, argp, sizeof(time64)))
+ return -EFAULT;
+
+ return pp_set_timeout(pp->pdev, time64[0], time64[1]);
+
+ case PPGETTIME32:
+ jiffies_to_timespec64(pp->pdev->timeout, &ts);
+ time32[0] = ts.tv_sec;
+ time32[1] = ts.tv_nsec / NSEC_PER_USEC;
+ if ((time32[0] < 0) || (time32[1] < 0))
return -EINVAL;
- }
- pp->pdev->timeout = to_jiffies;
+
+ if (copy_to_user(time32, argp, sizeof(time32)))
+ return -EFAULT;
+
return 0;
- case PPGETTIME:
- to_jiffies = pp->pdev->timeout;
- memset(&par_timeout, 0, sizeof(par_timeout));
- par_timeout.tv_sec = to_jiffies / HZ;
- par_timeout.tv_usec = (to_jiffies % (long)HZ) * (1000000/HZ);
- if (copy_to_user (argp, &par_timeout, sizeof(struct timeval)))
+ case PPGETTIME64:
+ jiffies_to_timespec64(pp->pdev->timeout, &ts);
+ time64[0] = ts.tv_sec;
+ time64[1] = ts.tv_nsec / NSEC_PER_USEC;
+ if ((time64[0] < 0) || (time64[1] < 0))
+ return -EINVAL;
+
+ if (copy_to_user(time64, argp, sizeof(time64)))
return -EFAULT;
+
return 0;
default:
--
2.1.4
The arg of ioctl in ppdev is the pointer of integer except the
timeval in PPSETTIME, PPGETTIME. Different size of timeval
is already supported by the previous patches. So, it is safe
to add compat support.
Signed-off-by: Bamvor Jian Zhang <[email protected]>
---
drivers/char/ppdev.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/drivers/char/ppdev.c b/drivers/char/ppdev.c
index 19a4d6e..31bc7b7 100644
--- a/drivers/char/ppdev.c
+++ b/drivers/char/ppdev.c
@@ -69,6 +69,7 @@
#include <linux/ppdev.h>
#include <linux/mutex.h>
#include <linux/uaccess.h>
+#include <linux/compat.h>
#define PP_VERSION "ppdev: user-space parallel port driver"
#define CHRDEV "ppdev"
@@ -670,6 +671,14 @@ static long pp_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
return ret;
}
+#ifdef CONFIG_COMPAT
+static long pp_compat_ioctl(struct file *file, unsigned int cmd,
+ unsigned long arg)
+{
+ return pp_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
+}
+#endif
+
static int pp_open (struct inode * inode, struct file * file)
{
unsigned int minor = iminor(inode);
@@ -779,6 +788,9 @@ static const struct file_operations pp_fops = {
.write = pp_write,
.poll = pp_poll,
.unlocked_ioctl = pp_ioctl,
+#ifdef CONFIG_COMPAT
+ .compat_ioctl = pp_compat_ioctl,
+#endif
.open = pp_open,
.release = pp_release,
};
--
2.1.4
On Thursday 17 December 2015 17:58:52 Bamvor Jian Zhang wrote:
> The arg of ioctl in ppdev is the pointer of integer except the
> timeval in PPSETTIME, PPGETTIME. Different size of timeval
> is already supported by the previous patches. So, it is safe
> to add compat support.
>
> Signed-off-by: Bamvor Jian Zhang <[email protected]>
>
Reviewed-by: Arnd Bergmann <[email protected]>
(I think I replied with the reviewed-by tag before to this patch)
On Fri, Dec 18, 2015 at 12:12:05AM +0100, Arnd Bergmann wrote:
> On Thursday 17 December 2015 17:58:52 Bamvor Jian Zhang wrote:
> > The arg of ioctl in ppdev is the pointer of integer except the
> > timeval in PPSETTIME, PPGETTIME. Different size of timeval
> > is already supported by the previous patches. So, it is safe
> > to add compat support.
> >
> > Signed-off-by: Bamvor Jian Zhang <[email protected]>
> >
>
> Reviewed-by: Arnd Bergmann <[email protected]>
>
> (I think I replied with the reviewed-by tag before to this patch)
I was testing this series today. And it is breaking my userspace code. I
am attaching my userspace code for you to check. Its very simple
userspace code:
1: open
2: ioctl to claim
3: ioctl - PPGETTIME
4: ioctl - PPSETTIME
5: ioctl - PPGETTIME
6: ioctl - release
7: close
Without this series it works as expected.
With this series applied, the userspace code prints the error message:
PPNEGOT: Bad address
I traced it with strace and:
ioctl(3, PPGETTIME, 0xbfe91508) = -1 EFAULT (Bad address)
regards
sudip
Hi, Sudip
On 12/30/2015 07:16 PM, Sudip Mukherjee wrote:
> On Fri, Dec 18, 2015 at 12:12:05AM +0100, Arnd Bergmann wrote:
>> On Thursday 17 December 2015 17:58:52 Bamvor Jian Zhang wrote:
>>> The arg of ioctl in ppdev is the pointer of integer except the
>>> timeval in PPSETTIME, PPGETTIME. Different size of timeval
>>> is already supported by the previous patches. So, it is safe
>>> to add compat support.
>>>
>>> Signed-off-by: Bamvor Jian Zhang <[email protected]>
>>>
>>
>> Reviewed-by: Arnd Bergmann <[email protected]>
>>
>> (I think I replied with the reviewed-by tag before to this patch)
>
> I was testing this series today. And it is breaking my userspace code. I
> am attaching my userspace code for you to check. Its very simple
> userspace code:
> 1: open
> 2: ioctl to claim
> 3: ioctl - PPGETTIME
> 4: ioctl - PPSETTIME
> 5: ioctl - PPGETTIME
> 6: ioctl - release
> 7: close
>
> Without this series it works as expected.
>
> With this series applied, the userspace code prints the error message:
> PPNEGOT: Bad address
>
> I traced it with strace and:
> ioctl(3, PPGETTIME, 0xbfe91508) = -1 EFAULT (Bad address)
Thanks for your testing. It seems that I misuse the parameters. Could
you please apply the following patch and try it again?
There is no parport in my computer, Thanks.
diff --git a/drivers/char/ppdev.c b/drivers/char/ppdev.c
index 31bc7b7..9e98d01 100644
--- a/drivers/char/ppdev.c
+++ b/drivers/char/ppdev.c
@@ -636,7 +636,7 @@ static int pp_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
if ((time32[0] < 0) || (time32[1] < 0))
return -EINVAL;
- if (copy_to_user(time32, argp, sizeof(time32)))
+ if (copy_to_user(argp, time32, sizeof(time32)))
return -EFAULT;
return 0;
@@ -648,7 +648,7 @@ static int pp_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
if ((time64[0] < 0) || (time64[1] < 0))
return -EINVAL;
- if (copy_to_user(time64, argp, sizeof(time64)))
+ if (copy_to_user(argp, time64, sizeof(time64)))
return -EFAULT;
return 0;
Regards
Bamvor
>
> regards
> sudip
>
On Wed, Dec 30, 2015 at 09:24:21PM +0800, Bamvor Jian Zhang wrote:
> Hi, Sudip
>
> On 12/30/2015 07:16 PM, Sudip Mukherjee wrote:
> > On Fri, Dec 18, 2015 at 12:12:05AM +0100, Arnd Bergmann wrote:
> >> On Thursday 17 December 2015 17:58:52 Bamvor Jian Zhang wrote:
> >>> The arg of ioctl in ppdev is the pointer of integer except the
> >>> timeval in PPSETTIME, PPGETTIME. Different size of timeval
> >>> is already supported by the previous patches. So, it is safe
> >>> to add compat support.
> >>>
> >>> Signed-off-by: Bamvor Jian Zhang <[email protected]>
> >>>
> >>
> >> Reviewed-by: Arnd Bergmann <[email protected]>
> >>
> >> (I think I replied with the reviewed-by tag before to this patch)
> >
> > I was testing this series today. And it is breaking my userspace code. I
> > am attaching my userspace code for you to check. Its very simple
> > userspace code:
> > 1: open
> > 2: ioctl to claim
> > 3: ioctl - PPGETTIME
> > 4: ioctl - PPSETTIME
> > 5: ioctl - PPGETTIME
> > 6: ioctl - release
> > 7: close
> >
> > Without this series it works as expected.
> >
> > With this series applied, the userspace code prints the error message:
> > PPNEGOT: Bad address
> >
> > I traced it with strace and:
> > ioctl(3, PPGETTIME, 0xbfe91508) = -1 EFAULT (Bad address)
> Thanks for your testing. It seems that I misuse the parameters. Could
> you please apply the following patch and try it again?
> There is no parport in my computer, Thanks.
>
> diff --git a/drivers/char/ppdev.c b/drivers/char/ppdev.c
> index 31bc7b7..9e98d01 100644
> --- a/drivers/char/ppdev.c
> +++ b/drivers/char/ppdev.c
> @@ -636,7 +636,7 @@ static int pp_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
> if ((time32[0] < 0) || (time32[1] < 0))
> return -EINVAL;
>
> - if (copy_to_user(time32, argp, sizeof(time32)))
> + if (copy_to_user(argp, time32, sizeof(time32)))
> return -EFAULT;
>
> return 0;
> @@ -648,7 +648,7 @@ static int pp_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
> if ((time64[0] < 0) || (time64[1] < 0))
> return -EINVAL;
>
> - if (copy_to_user(time64, argp, sizeof(time64)))
> + if (copy_to_user(argp, time64, sizeof(time64)))
> return -EFAULT;
>
> return 0;
It works. Tomorrow I will test it on a 64 bit system also.
regards
sudip
On Wednesday 30 December 2015 21:24:21 Bamvor Jian Zhang wrote:
> diff --git a/drivers/char/ppdev.c b/drivers/char/ppdev.c
> index 31bc7b7..9e98d01 100644
> --- a/drivers/char/ppdev.c
> +++ b/drivers/char/ppdev.c
> @@ -636,7 +636,7 @@ static int pp_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
> if ((time32[0] < 0) || (time32[1] < 0))
> return -EINVAL;
>
> - if (copy_to_user(time32, argp, sizeof(time32)))
> + if (copy_to_user(argp, time32, sizeof(time32)))
> return -EFAULT;
>
> return 0;
> @@ -648,7 +648,7 @@ static int pp_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
> if ((time64[0] < 0) || (time64[1] < 0))
> return -EINVAL;
>
> - if (copy_to_user(time64, argp, sizeof(time64)))
> + if (copy_to_user(argp, time64, sizeof(time64)))
> return -EFAULT;
>
> return 0;
This is something that would be caught by running 'make C=1' with 'sparse'
on your patch. Can you try that to see if you introduce any other warnings?
I'm guessing it's fine, but it would be nice to confirm. I also send a lot
of patches without running sparse and checkpatch first, but it's generally
a good idea.
Arnd
Hi, Arnd
On 12/30/2015 09:51 PM, Arnd Bergmann wrote:
> On Wednesday 30 December 2015 21:24:21 Bamvor Jian Zhang wrote:
>> diff --git a/drivers/char/ppdev.c b/drivers/char/ppdev.c
>> index 31bc7b7..9e98d01 100644
>> --- a/drivers/char/ppdev.c
>> +++ b/drivers/char/ppdev.c
>> @@ -636,7 +636,7 @@ static int pp_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
>> if ((time32[0] < 0) || (time32[1] < 0))
>> return -EINVAL;
>>
>> - if (copy_to_user(time32, argp, sizeof(time32)))
>> + if (copy_to_user(argp, time32, sizeof(time32)))
>> return -EFAULT;
>>
>> return 0;
>> @@ -648,7 +648,7 @@ static int pp_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
>> if ((time64[0] < 0) || (time64[1] < 0))
>> return -EINVAL;
>>
>> - if (copy_to_user(time64, argp, sizeof(time64)))
>> + if (copy_to_user(argp, time64, sizeof(time64)))
>> return -EFAULT;
>>
>> return 0;
>
> This is something that would be caught by running 'make C=1' with 'sparse'
> on your patch. Can you try that to see if you introduce any other warnings?
OK. I do not do it before, there is no extra warning after apply the above
patch.
> I'm guessing it's fine, but it would be nice to confirm. I also send a lot
> of patches without running sparse and checkpatch first, but it's generally
> a good idea.
Got you. I only do the checkpatch in past. I will do sparse and checkpatch
in future.
Regards
Bamvor
>
> Arnd
> _______________________________________________
> Y2038 mailing list
> [email protected]
> https://lists.linaro.org/mailman/listinfo/y2038
>
On Wed, Dec 30, 2015 at 10:20:58PM +0800, Bamvor Jian Zhang wrote:
> Hi, Arnd
>
> On 12/30/2015 09:51 PM, Arnd Bergmann wrote:
> > On Wednesday 30 December 2015 21:24:21 Bamvor Jian Zhang wrote:
> >> diff --git a/drivers/char/ppdev.c b/drivers/char/ppdev.c
> >> index 31bc7b7..9e98d01 100644
> >> --- a/drivers/char/ppdev.c
> >> +++ b/drivers/char/ppdev.c
> >> @@ -636,7 +636,7 @@ static int pp_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
> >> if ((time32[0] < 0) || (time32[1] < 0))
> >> return -EINVAL;
> >>
> >> - if (copy_to_user(time32, argp, sizeof(time32)))
> >> + if (copy_to_user(argp, time32, sizeof(time32)))
> >> return -EFAULT;
> >>
> >> return 0;
> >> @@ -648,7 +648,7 @@ static int pp_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
> >> if ((time64[0] < 0) || (time64[1] < 0))
> >> return -EINVAL;
> >>
> >> - if (copy_to_user(time64, argp, sizeof(time64)))
> >> + if (copy_to_user(argp, time64, sizeof(time64)))
> >> return -EFAULT;
> >>
> >> return 0;
> >
> > This is something that would be caught by running 'make C=1' with 'sparse'
> > on your patch. Can you try that to see if you introduce any other warnings?
> OK. I do not do it before, there is no extra warning after apply the above
> patch.
> > I'm guessing it's fine, but it would be nice to confirm. I also send a lot
> > of patches without running sparse and checkpatch first, but it's generally
> > a good idea.
> Got you. I only do the checkpatch in past. I will do sparse and checkpatch
> in future.
Usually sparse will be part of the tests that are done by 0day.
Anyway, it worked perfectly in 64bit systems also. Can you please send
your patch v3 with this change..
regards
sudip
On Thursday 31 December 2015 15:13:08 Sudip Mukherjee wrote:
> On Wed, Dec 30, 2015 at 10:20:58PM +0800, Bamvor Jian Zhang wrote:
> > On 12/30/2015 09:51 PM, Arnd Bergmann wrote:
> > > On Wednesday 30 December 2015 21:24:21 Bamvor Jian Zhang wrote:
> > >> diff --git a/drivers/char/ppdev.c b/drivers/char/ppdev.c
> > > This is something that would be caught by running 'make C=1' with 'sparse'
> > > on your patch. Can you try that to see if you introduce any other warnings?
> > OK. I do not do it before, there is no extra warning after apply the above
> > patch.
> > > I'm guessing it's fine, but it would be nice to confirm. I also send a lot
> > > of patches without running sparse and checkpatch first, but it's generally
> > > a good idea.
> > Got you. I only do the checkpatch in past. I will do sparse and checkpatch
> > in future.
>
> Usually sparse will be part of the tests that are done by 0day.
> Anyway, it worked perfectly in 64bit systems also. Can you please send
> your patch v3 with this change..
>
Ah, cool, thanks so much for testing.
Did you happen to check with both 32-bit and 64-bit user space on a
64-bit kernel? This is one of the things that was not working originally
but should work now.
Arnd