On Wed, Nov 13, 2019 at 10:53 PM Thomas Gleixner tglx@linutronix.de wrote:
On Fri, 8 Nov 2019, Arnd Bergmann wrote:
-SYSCALL_DEFINE2(settimeofday, struct timeval __user *, tv, +SYSCALL_DEFINE2(settimeofday, struct __kernel_old_timeval __user *, tv, struct timezone __user *, tz) { struct timespec64 new_ts;
struct timeval user_tv; struct timezone new_tz; if (tv) {if (copy_from_user(&user_tv, tv, sizeof(*tv)))
if (get_user(new_ts.tv_sec, &tv->tv_sec) ||get_user(new_ts.tv_nsec, &tv->tv_usec)) return -EFAULT;How is that supposed to be correct on a 32bit kernel?
I don't see the problem you are referring to. This should behave the same way on a 32-bit kernel and on a 64-bit kernel, sign-extending the tv_sec field, and copying the user tv_usec field into the kernel tv_nsec, to be multiplied by 1000 a few lines later.
Am I missing something?
if (!timeval_valid(&user_tv))
if (tv->tv_usec > USEC_PER_SEC) return -EINVAL;That's incomplete:
static inline bool timeval_valid(const struct timeval *tv) { /* Dates before 1970 are bogus */ if (tv->tv_sec < 0) return false;
/* Can't have more microseconds then a second */ if (tv->tv_usec < 0 || tv->tv_usec >= USEC_PER_SEC) return false; return true;}
My idea was to not duplicate the range check that is done in do_sys_settimeofday64() and again in do_settimeofday64:
if (!timespec64_valid_settod(ts)) return -EINVAL;
The only check we should need in addition to this is to ensure that passing an invalid tv_usec number doesn't become an unexpectedly valid tv_nsec after the multiplication.
I agree the patch looks like I'm missing a check here, but the code after the patch appears clear enough to me.
Arnd