This patch series change the 32-bit time types (timespec/itimerspec) to
the 64-bit types (timespec64/itimerspec64), and add new 64bit accessor
functions, which are required in order to avoid y2038 issues in the
posix_clock subsystem.
In order to avoid spamming people too much, I'm only sending the first
few patches of the patch series, and left the other patches for later.
And if you are interested in the whole patch series, see:
https://git.linaro.org/people/baolin.wang/upstream_0627.git
Thoughts and feedback would be appreciated.
Changes since v1:
- Modify the changelog.
- Delete one patch without y2038 safe.
Baolin Wang (5):
time: Introduce struct itimerspec64
timekeeping: Introduce current_kernel_time64()
security: Introduce security_settime64()
time: Introduce do_sys_settimeofday64()
time: Introduce timespec64_to_jiffies()/jiffies_to_timespec64()
include/linux/jiffies.h | 22 +++++++++++++++++++---
include/linux/lsm_hooks.h | 5 +++--
include/linux/security.h | 20 +++++++++++++++++---
include/linux/time64.h | 35 +++++++++++++++++++++++++++++++++++
include/linux/timekeeping.h | 24 +++++++++++++++++++++---
kernel/time/time.c | 28 +++++++++++++++++-----------
kernel/time/timekeeping.c | 6 +++---
security/commoncap.c | 2 +-
security/security.c | 2 +-
9 files changed, 117 insertions(+), 27 deletions(-)
--
1.7.9.5
The struct itimerspec is not year 2038 safe on 32bit systems due to
the limitation of the struct timespec members. Introduce itimerspec64
which uses struct timespec64 instead and provide conversion functions.
Signed-off-by: Baolin Wang <[email protected]>
---
include/linux/time64.h | 35 +++++++++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
diff --git a/include/linux/time64.h b/include/linux/time64.h
index 77b5df2..367d5af 100644
--- a/include/linux/time64.h
+++ b/include/linux/time64.h
@@ -12,11 +12,18 @@ typedef __s64 time64_t;
*/
#if __BITS_PER_LONG == 64
# define timespec64 timespec
+#define itimerspec64 itimerspec
#else
struct timespec64 {
time64_t tv_sec; /* seconds */
long tv_nsec; /* nanoseconds */
};
+
+struct itimerspec64 {
+ struct timespec64 it_interval;
+ struct timespec64 it_value;
+};
+
#endif
/* Parameters used to convert the timespec values: */
@@ -45,6 +52,16 @@ static inline struct timespec64 timespec_to_timespec64(const struct timespec ts)
return ts;
}
+static inline struct itimerspec itimerspec64_to_itimerspec(struct itimerspec64 *its64)
+{
+ return *its64;
+}
+
+static inline struct itimerspec64 itimerspec_to_itimerspec64(struct itimerspec *its)
+{
+ return *its;
+}
+
# define timespec64_equal timespec_equal
# define timespec64_compare timespec_compare
# define set_normalized_timespec64 set_normalized_timespec
@@ -77,6 +94,24 @@ static inline struct timespec64 timespec_to_timespec64(const struct timespec ts)
return ret;
}
+static inline struct itimerspec itimerspec64_to_itimerspec(struct itimerspec64 *its64)
+{
+ struct itimerspec ret;
+
+ ret.it_interval = timespec64_to_timespec(its64->it_interval);
+ ret.it_value = timespec64_to_timespec(its64->it_value);
+ return ret;
+}
+
+static inline struct itimerspec64 itimerspec_to_itimerspec64(struct itimerspec *its)
+{
+ struct itimerspec64 ret;
+
+ ret.it_interval = timespec_to_timespec64(its->it_interval);
+ ret.it_value = timespec_to_timespec64(its->it_value);
+ return ret;
+}
+
static inline int timespec64_equal(const struct timespec64 *a,
const struct timespec64 *b)
{
--
1.7.9.5
The current_kernel_time() is not year 2038 safe on 32bit systems
since it returns a timespec value. Introduce current_kernel_time64()
which returns a timespec64 value.
Signed-off-by: Baolin Wang <[email protected]>
---
include/linux/timekeeping.h | 9 ++++++++-
kernel/time/timekeeping.c | 6 +++---
2 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/include/linux/timekeeping.h b/include/linux/timekeeping.h
index 3aa72e6..657ea03 100644
--- a/include/linux/timekeeping.h
+++ b/include/linux/timekeeping.h
@@ -18,10 +18,17 @@ extern int do_sys_settimeofday(const struct timespec *tv,
* Kernel time accessors
*/
unsigned long get_seconds(void);
-struct timespec current_kernel_time(void);
+struct timespec64 current_kernel_time64(void);
/* does not take xtime_lock */
struct timespec __current_kernel_time(void);
+static inline struct timespec current_kernel_time(void)
+{
+ struct timespec64 now = current_kernel_time64();
+
+ return timespec64_to_timespec(now);
+}
+
/*
* timespec based interfaces
*/
diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
index bca3667..2d58742 100644
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -1874,7 +1874,7 @@ struct timespec __current_kernel_time(void)
return timespec64_to_timespec(tk_xtime(tk));
}
-struct timespec current_kernel_time(void)
+struct timespec64 current_kernel_time64(void)
{
struct timekeeper *tk = &tk_core.timekeeper;
struct timespec64 now;
@@ -1886,9 +1886,9 @@ struct timespec current_kernel_time(void)
now = tk_xtime(tk);
} while (read_seqcount_retry(&tk_core.seq, seq));
- return timespec64_to_timespec(now);
+ return now;
}
-EXPORT_SYMBOL(current_kernel_time);
+EXPORT_SYMBOL(current_kernel_time64);
struct timespec64 get_monotonic_coarse64(void)
{
--
1.7.9.5
security_settime() uses a timespec, which is not year 2038 safe
on 32bit systems. Thus this patch introduces the security_settime64()
function with timespec64 type. We also convert the cap_settime() helper
function to use the 64bit types.
Move the security_settime() to the head file as a inline function for
removing that inline helper when following up patches are fixed the
call sites.
None of the existing hooks is using the timespec argument and therefor
the patch is not doing any functional changes.
Signed-off-by: Baolin Wang <[email protected]>
---
include/linux/lsm_hooks.h | 5 +++--
include/linux/security.h | 20 +++++++++++++++++---
security/commoncap.c | 2 +-
security/security.c | 2 +-
4 files changed, 22 insertions(+), 7 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 9429f05..d791f35 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1191,7 +1191,8 @@
* Return 0 if permission is granted.
* @settime:
* Check permission to change the system time.
- * struct timespec and timezone are defined in include/linux/time.h
+ * struct timespec64 is defined in include/linux/time64.h and timezone
+ * is defined in include/linux/time.h
* @ts contains new time
* @tz contains new timezone
* Return 0 if permission is granted.
@@ -1324,7 +1325,7 @@ union security_list_options {
int (*quotactl)(int cmds, int type, int id, struct super_block *sb);
int (*quota_on)(struct dentry *dentry);
int (*syslog)(int type);
- int (*settime)(const struct timespec *ts, const struct timezone *tz);
+ int (*settime)(const struct timespec64 *ts, const struct timezone *tz);
int (*vm_enough_memory)(struct mm_struct *mm, long pages);
int (*bprm_set_creds)(struct linux_binprm *bprm);
diff --git a/include/linux/security.h b/include/linux/security.h
index 79d85dd..105fc27 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -69,7 +69,7 @@ struct timezone;
/* These functions are in security/commoncap.c */
extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
int cap, int audit);
-extern int cap_settime(const struct timespec *ts, const struct timezone *tz);
+extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz);
extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
extern int cap_ptrace_traceme(struct task_struct *parent);
extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
@@ -206,7 +206,13 @@ int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
int security_quotactl(int cmds, int type, int id, struct super_block *sb);
int security_quota_on(struct dentry *dentry);
int security_syslog(int type);
-int security_settime(const struct timespec *ts, const struct timezone *tz);
+int security_settime64(const struct timespec64 *ts, const struct timezone *tz);
+static inline int security_settime(const struct timespec *ts, const struct timezone *tz)
+{
+ struct timespec64 ts64 = timespec_to_timespec64(*ts);
+
+ return security_settime64(&ts64, tz);
+}
int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
int security_bprm_set_creds(struct linux_binprm *bprm);
int security_bprm_check(struct linux_binprm *bprm);
@@ -457,10 +463,18 @@ static inline int security_syslog(int type)
return 0;
}
+static inline int security_settime64(const struct timespec64 *ts,
+ const struct timezone *tz)
+{
+ return cap_settime(ts, tz);
+}
+
static inline int security_settime(const struct timespec *ts,
const struct timezone *tz)
{
- return cap_settime(ts, tz);
+ struct timespec64 ts64 = timespec_to_timespec64(*ts);
+
+ return cap_settime(&ts64, tz);
}
static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
diff --git a/security/commoncap.c b/security/commoncap.c
index d103f5a4..17b1f79 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -111,7 +111,7 @@ int cap_capable(const struct cred *cred, struct user_namespace *targ_ns,
* Determine whether the current process may set the system clock and timezone
* information, returning 0 if permission granted, -ve if denied.
*/
-int cap_settime(const struct timespec *ts, const struct timezone *tz)
+int cap_settime(const struct timespec64 *ts, const struct timezone *tz)
{
if (!capable(CAP_SYS_TIME))
return -EPERM;
diff --git a/security/security.c b/security/security.c
index 595fffa..8d0dbd6 100644
--- a/security/security.c
+++ b/security/security.c
@@ -213,7 +213,7 @@ int security_syslog(int type)
return call_int_hook(syslog, 0, type);
}
-int security_settime(const struct timespec *ts, const struct timezone *tz)
+int security_settime64(const struct timespec64 *ts, const struct timezone *tz)
{
return call_int_hook(settime, 0, ts, tz);
}
--
1.7.9.5
The do_sys_settimeofday() function uses a timespec, which is not year
2038 safe on 32bit systems.
Thus this patch introduces do_sys_settimeofday64(), which allows us to
transition users of do_sys_settimeofday() to using 64bit time types.
Signed-off-by: Baolin Wang <[email protected]>
---
include/linux/timekeeping.h | 15 +++++++++++++--
kernel/time/time.c | 8 ++++----
2 files changed, 17 insertions(+), 6 deletions(-)
diff --git a/include/linux/timekeeping.h b/include/linux/timekeeping.h
index 657ea03..dc60400 100644
--- a/include/linux/timekeeping.h
+++ b/include/linux/timekeeping.h
@@ -11,8 +11,19 @@ extern int timekeeping_suspended;
*/
extern void do_gettimeofday(struct timeval *tv);
extern int do_settimeofday64(const struct timespec64 *ts);
-extern int do_sys_settimeofday(const struct timespec *tv,
- const struct timezone *tz);
+extern int do_sys_settimeofday64(const struct timespec64 *tv,
+ const struct timezone *tz);
+static inline int do_sys_settimeofday(const struct timespec *tv,
+ const struct timezone *tz)
+{
+ struct timespec64 ts64;
+
+ if (!tv)
+ return -EINVAL;
+
+ ts64 = timespec_to_timespec64(*tv);
+ return do_sys_settimeofday64(&ts64, tz);
+}
/*
* Kernel time accessors
diff --git a/kernel/time/time.c b/kernel/time/time.c
index 85d5bb1..5d00da4 100644
--- a/kernel/time/time.c
+++ b/kernel/time/time.c
@@ -160,15 +160,15 @@ static inline void warp_clock(void)
* various programs will get confused when the clock gets warped.
*/
-int do_sys_settimeofday(const struct timespec *tv, const struct timezone *tz)
+int do_sys_settimeofday64(const struct timespec64 *tv, const struct timezone *tz)
{
static int firsttime = 1;
int error = 0;
- if (tv && !timespec_valid(tv))
+ if (tv && !timespec64_valid(tv))
return -EINVAL;
- error = security_settime(tv, tz);
+ error = security_settime64(tv, tz);
if (error)
return error;
@@ -186,7 +186,7 @@ int do_sys_settimeofday(const struct timespec *tv, const struct timezone *tz)
}
}
if (tv)
- return do_settimeofday(tv);
+ return do_settimeofday64(tv);
return 0;
}
--
1.7.9.5
The conversion between struct timespec and jiffies is not year 2038
safe on 32bit systems. Introduce timespec64_to_jiffies() and
jiffies_to_timespec64() functions which use struct timespec64 to
make it ready for 2038 issue.
Signed-off-by: Baolin Wang <[email protected]>
---
include/linux/jiffies.h | 22 +++++++++++++++++++---
kernel/time/time.c | 20 +++++++++++++-------
2 files changed, 32 insertions(+), 10 deletions(-)
diff --git a/include/linux/jiffies.h b/include/linux/jiffies.h
index 535fd3b..bf96d9f 100644
--- a/include/linux/jiffies.h
+++ b/include/linux/jiffies.h
@@ -416,9 +416,25 @@ static inline unsigned long usecs_to_jiffies(const unsigned int u)
}
}
-extern unsigned long timespec_to_jiffies(const struct timespec *value);
-extern void jiffies_to_timespec(const unsigned long jiffies,
- struct timespec *value);
+extern unsigned long timespec64_to_jiffies(const struct timespec64 *value);
+extern void jiffies_to_timespec64(const unsigned long jiffies,
+ struct timespec64 *value);
+static inline unsigned long timespec_to_jiffies(const struct timespec *value)
+{
+ struct timespec64 ts = timespec_to_timespec64(*value);
+
+ return timespec64_to_jiffies(&ts);
+}
+
+static inline void jiffies_to_timespec(const unsigned long jiffies,
+ struct timespec *value)
+{
+ struct timespec64 ts;
+
+ jiffies_to_timespec64(jiffies, &ts);
+ *value = timespec64_to_timespec(ts);
+}
+
extern unsigned long timeval_to_jiffies(const struct timeval *value);
extern void jiffies_to_timeval(const unsigned long jiffies,
struct timeval *value);
diff --git a/kernel/time/time.c b/kernel/time/time.c
index 5d00da4..6692f5a 100644
--- a/kernel/time/time.c
+++ b/kernel/time/time.c
@@ -546,7 +546,7 @@ EXPORT_SYMBOL(__usecs_to_jiffies);
* value to a scaled second value.
*/
static unsigned long
-__timespec_to_jiffies(unsigned long sec, long nsec)
+__timespec64_to_jiffies(u64 sec, long nsec)
{
nsec = nsec + TICK_NSEC - 1;
@@ -554,22 +554,28 @@ __timespec_to_jiffies(unsigned long sec, long nsec)
sec = MAX_SEC_IN_JIFFIES;
nsec = 0;
}
- return (((u64)sec * SEC_CONVERSION) +
+ return ((sec * SEC_CONVERSION) +
(((u64)nsec * NSEC_CONVERSION) >>
(NSEC_JIFFIE_SC - SEC_JIFFIE_SC))) >> SEC_JIFFIE_SC;
}
+static unsigned long
+__timespec_to_jiffies(unsigned long sec, long nsec)
+{
+ return __timespec64_to_jiffies((u64)sec, nsec);
+}
+
unsigned long
-timespec_to_jiffies(const struct timespec *value)
+timespec64_to_jiffies(const struct timespec64 *value)
{
- return __timespec_to_jiffies(value->tv_sec, value->tv_nsec);
+ return __timespec64_to_jiffies(value->tv_sec, value->tv_nsec);
}
-EXPORT_SYMBOL(timespec_to_jiffies);
+EXPORT_SYMBOL(timespec64_to_jiffies);
void
-jiffies_to_timespec(const unsigned long jiffies, struct timespec *value)
+jiffies_to_timespec64(const unsigned long jiffies, struct timespec64 *value)
{
/*
* Convert jiffies to nanoseconds and separate with
@@ -580,7 +586,7 @@ jiffies_to_timespec(const unsigned long jiffies, struct timespec *value)
NSEC_PER_SEC, &rem);
value->tv_nsec = rem;
}
-EXPORT_SYMBOL(jiffies_to_timespec);
+EXPORT_SYMBOL(jiffies_to_timespec64);
/*
* We could use a similar algorithm to timespec_to_jiffies (with a
--
1.7.9.5
On Wed, 29 Jul 2015, Baolin Wang wrote:
> security_settime() uses a timespec, which is not year 2038 safe
> on 32bit systems. Thus this patch introduces the security_settime64()
> function with timespec64 type. We also convert the cap_settime() helper
> function to use the 64bit types.
>
> Move the security_settime() to the head file as a inline function for
> removing that inline helper when following up patches are fixed the
> call sites.
>
> None of the existing hooks is using the timespec argument and therefor
> the patch is not doing any functional changes.
>
> Signed-off-by: Baolin Wang <[email protected]>
Reviewed-by: James Morris <[email protected]>
On Friday 08 April 2016 14:02:11 Baolin Wang wrote:
> security_settime() uses a timespec, which is not year 2038 safe
> on 32bit systems. Thus this patch introduces the security_settime64()
> function with timespec64 type. We also convert the cap_settime() helper
> function to use the 64bit types.
>
> Move the security_settime() to the head file as a inline function for
> removing that inline helper when following up patches are fixed the
> call sites.
>
> None of the existing hooks is using the timespec argument and therefor
> the patch is not doing any functional changes.
>
> Signed-off-by: Baolin Wang <[email protected]>
I seem to have only received patches 3 and 4, both on my personal
address and on lkml. Any idea what happened?
Unless you did not mean to send these patches at all, could you resend
the entire series and put me and the y2038 list on cc to all of the
patches?
Arnd
On Mon, Apr 18, 2016 at 06:01:33PM +0200, Arnd Bergmann wrote:
> I seem to have only received patches 3 and 4, both on my personal
> address and on lkml. Any idea what happened?
> Unless you did not mean to send these patches at all, could you resend
> the entire series and put me and the y2038 list on cc to all of the
> patches?
If other patches have already been accepted then just send this as a
single two patch series - the numbering only matters to keep thingsin
order within a given posting.
On Thu, Apr 7, 2016 at 11:02 PM, Baolin Wang <[email protected]> wrote:
> security_settime() uses a timespec, which is not year 2038 safe
> on 32bit systems. Thus this patch introduces the security_settime64()
> function with timespec64 type. We also convert the cap_settime() helper
> function to use the 64bit types.
>
> Move the security_settime() to the head file as a inline function for
> removing that inline helper when following up patches are fixed the
> call sites.
>
> None of the existing hooks is using the timespec argument and therefor
> the patch is not doing any functional changes.
>
> Signed-off-by: Baolin Wang <[email protected]>
Hey Baolin,
If you get an ack, like you did from James, please include it in the
commit message of following submissions
Serge, Kees: Any objection to this patch going in via the
tip/timers/core tree with the dependent settimeofday64 call?
Otherwise I'll queue this up for testing.
thanks
-john
.
On Mon, Apr 18, 2016 at 9:54 AM, John Stultz <[email protected]> wrote:
> On Thu, Apr 7, 2016 at 11:02 PM, Baolin Wang <[email protected]> wrote:
>> security_settime() uses a timespec, which is not year 2038 safe
>> on 32bit systems. Thus this patch introduces the security_settime64()
>> function with timespec64 type. We also convert the cap_settime() helper
>> function to use the 64bit types.
>>
>> Move the security_settime() to the head file as a inline function for
>> removing that inline helper when following up patches are fixed the
>> call sites.
>>
>> None of the existing hooks is using the timespec argument and therefor
>> the patch is not doing any functional changes.
>>
>> Signed-off-by: Baolin Wang <[email protected]>
>
> Hey Baolin,
> If you get an ack, like you did from James, please include it in the
> commit message of following submissions
>
> Serge, Kees: Any objection to this patch going in via the
> tip/timers/core tree with the dependent settimeofday64 call?
No problem from me: makes sense to keep it all together in one tree.
-Kees
>
> Otherwise I'll queue this up for testing.
>
> thanks
> -john
>
>
> .
--
Kees Cook
Chrome OS & Brillo Security
On 19 April 2016 at 00:31, Mark Brown <[email protected]> wrote:
> On Mon, Apr 18, 2016 at 06:01:33PM +0200, Arnd Bergmann wrote:
>
>> I seem to have only received patches 3 and 4, both on my personal
>> address and on lkml. Any idea what happened?
>
>> Unless you did not mean to send these patches at all, could you resend
>> the entire series and put me and the y2038 list on cc to all of the
>> patches?
>
> If other patches have already been accepted then just send this as a
> single two patch series - the numbering only matters to keep thingsin
> order within a given posting.
That's right. Patch 1, 2 and 5 had been applied by John, but these two
didn't. So I resend them. Thanks.
--
Baolin.wang
Best Regards
On 19 April 2016 at 00:54, John Stultz <[email protected]> wrote:
> On Thu, Apr 7, 2016 at 11:02 PM, Baolin Wang <[email protected]> wrote:
>> security_settime() uses a timespec, which is not year 2038 safe
>> on 32bit systems. Thus this patch introduces the security_settime64()
>> function with timespec64 type. We also convert the cap_settime() helper
>> function to use the 64bit types.
>>
>> Move the security_settime() to the head file as a inline function for
>> removing that inline helper when following up patches are fixed the
>> call sites.
>>
>> None of the existing hooks is using the timespec argument and therefor
>> the patch is not doing any functional changes.
>>
>> Signed-off-by: Baolin Wang <[email protected]>
>
> Hey Baolin,
> If you get an ack, like you did from James, please include it in the
> commit message of following submissions
Ah, sorry, I forgot that. Do I need to resend it with James ack? Thanks.
>
> Serge, Kees: Any objection to this patch going in via the
> tip/timers/core tree with the dependent settimeofday64 call?
>
> Otherwise I'll queue this up for testing.
>
> thanks
> -john
>
>
> .
--
Baolin.wang
Best Regards
Quoting Kees Cook ([email protected]):
> On Mon, Apr 18, 2016 at 9:54 AM, John Stultz <[email protected]> wrote:
> > On Thu, Apr 7, 2016 at 11:02 PM, Baolin Wang <[email protected]> wrote:
> >> security_settime() uses a timespec, which is not year 2038 safe
> >> on 32bit systems. Thus this patch introduces the security_settime64()
> >> function with timespec64 type. We also convert the cap_settime() helper
> >> function to use the 64bit types.
> >>
> >> Move the security_settime() to the head file as a inline function for
> >> removing that inline helper when following up patches are fixed the
> >> call sites.
> >>
> >> None of the existing hooks is using the timespec argument and therefor
> >> the patch is not doing any functional changes.
> >>
> >> Signed-off-by: Baolin Wang <[email protected]>
> >
> > Hey Baolin,
> > If you get an ack, like you did from James, please include it in the
> > commit message of following submissions
> >
> > Serge, Kees: Any objection to this patch going in via the
> > tip/timers/core tree with the dependent settimeofday64 call?
>
> No problem from me: makes sense to keep it all together in one tree.
Sorry for the delayed response - sounds good to me.