Message ID | 20190108052255.10699-3-deepa.kernel@gmail.com (mailing list archive) |
---|---|
State | Awaiting Upstream |
Headers | show |
Series | net: y2038-safe socket timeout options | expand |
On Tue, Jan 8, 2019 at 6:24 AM Deepa Dinamani <deepa.kernel@gmail.com> wrote: > > SO_RCVTIMEO and SO_SNDTIMEO socket options use struct timeval > as the time format. struct timeval is not y2038 safe. > The subsequent patches in the series add support for new socket > timeout options with _NEW suffix that are y2038 safe. > Rename the existing options with _OLD suffix forms so that the > right option is enabled for userspace applications according > to the architecture and time_t definition of libc. > > Signed-off-by: Deepa Dinamani <deepa.kernel@gmail.com> Looks good overall. A few minor concerns: The description above makes it sound like there is a bug with y2038-safety in this particular interface, which I think is just not what you meant, as the change is only needed for compatiblity with new C libraries that work around the y2038 problem in general by changing their timeval definition. > diff --git a/fs/dlm/lowcomms.c b/fs/dlm/lowcomms.c > index 76976d6e50f9..c98ad9777ad9 100644 > --- a/fs/dlm/lowcomms.c > +++ b/fs/dlm/lowcomms.c > @@ -1089,12 +1089,12 @@ static void sctp_connect_to_sock(struct connection *con) > * since O_NONBLOCK argument in connect() function does not work here, > * then, we should restore the default value of this attribute. > */ > - kernel_setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, (char *)&tv, > + kernel_setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO_OLD, (char *)&tv, > sizeof(tv)); > result = sock->ops->connect(sock, (struct sockaddr *)&daddr, addr_len, > 0); > memset(&tv, 0, sizeof(tv)); > - kernel_setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, (char *)&tv, > + kernel_setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO_OLD, (char *)&tv, > sizeof(tv)); > > if (result == -EINPROGRESS) It took me a bit to realize there that this is safe as well even if we don't use SO_SNDTIMEO_NEW, for the same reason. > --- a/net/compat.c > +++ b/net/compat.c > @@ -378,7 +378,7 @@ static int compat_sock_setsockopt(struct socket *sock, int level, int optname, > return do_set_attach_filter(sock, level, optname, > optval, optlen); > if (!COMPAT_USE_64BIT_TIME && > - (optname == SO_RCVTIMEO || optname == SO_SNDTIMEO)) > + (optname == SO_RCVTIMEO_OLD || optname == SO_SNDTIMEO_OLD)) > return do_set_sock_timeout(sock, level, optname, optval, optlen); > > return sock_setsockopt(sock, level, optname, optval, optlen); > @@ -450,7 +450,7 @@ static int compat_sock_getsockopt(struct socket *sock, int level, int optname, > char __user *optval, int __user *optlen) > { > if (!COMPAT_USE_64BIT_TIME && > - (optname == SO_RCVTIMEO || optname == SO_SNDTIMEO)) > + (optname == SO_RCVTIMEO_OLD || optname == SO_SNDTIMEO_OLD)) > return do_get_sock_timeout(sock, level, optname, optval, optlen); > return sock_getsockopt(sock, level, optname, optval, optlen); > } I looked at the original code and noticed that it's horrible, which of course is not your fault, but I wonder if we should just fix it now to avoid that get_fs()/set_fs() hack, since that code mostly implements what you also have in your patch 3 (which is done more nicely). I'll follow up with a patch to demonstrate what I mean here. Your third patch will then just have to add another code path so we can handle all of old_timespec32 (for existing 32-bit user space), __kernel_old_timespec (for sparc64) and __kernel_sock_timeval (for everything else). Arnd
On Tue, Jan 8, 2019 at 12:04 PM Arnd Bergmann <arnd@arndb.de> wrote: > > On Tue, Jan 8, 2019 at 6:24 AM Deepa Dinamani <deepa.kernel@gmail.com> wrote: > > > > SO_RCVTIMEO and SO_SNDTIMEO socket options use struct timeval > > as the time format. struct timeval is not y2038 safe. > > The subsequent patches in the series add support for new socket > > timeout options with _NEW suffix that are y2038 safe. > > Rename the existing options with _OLD suffix forms so that the > > right option is enabled for userspace applications according > > to the architecture and time_t definition of libc. > > > > Signed-off-by: Deepa Dinamani <deepa.kernel@gmail.com> > > Looks good overall. A few minor concerns: > > The description above makes it sound like there is a bug with y2038-safety > in this particular interface, which I think is just not what you meant, > as the change is only needed for compatiblity with new C libraries > that work around the y2038 problem in general by changing their > timeval definition. Right, there is y2038 safety issue, just the libc part that needs to be handled. I will fix the commit text. > > diff --git a/fs/dlm/lowcomms.c b/fs/dlm/lowcomms.c > > index 76976d6e50f9..c98ad9777ad9 100644 > > --- a/fs/dlm/lowcomms.c > > +++ b/fs/dlm/lowcomms.c > > @@ -1089,12 +1089,12 @@ static void sctp_connect_to_sock(struct connection *con) > > * since O_NONBLOCK argument in connect() function does not work here, > > * then, we should restore the default value of this attribute. > > */ > > - kernel_setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, (char *)&tv, > > + kernel_setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO_OLD, (char *)&tv, > > sizeof(tv)); > > result = sock->ops->connect(sock, (struct sockaddr *)&daddr, addr_len, > > 0); > > memset(&tv, 0, sizeof(tv)); > > - kernel_setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, (char *)&tv, > > + kernel_setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO_OLD, (char *)&tv, > > sizeof(tv)); > > > > if (result == -EINPROGRESS) > > It took me a bit to realize there that this is safe as well even if > we don't use SO_SNDTIMEO_NEW, for the same reason. Correct. > > --- a/net/compat.c > > +++ b/net/compat.c > > @@ -378,7 +378,7 @@ static int compat_sock_setsockopt(struct socket *sock, int level, int optname, > > return do_set_attach_filter(sock, level, optname, > > optval, optlen); > > if (!COMPAT_USE_64BIT_TIME && > > - (optname == SO_RCVTIMEO || optname == SO_SNDTIMEO)) > > + (optname == SO_RCVTIMEO_OLD || optname == SO_SNDTIMEO_OLD)) > > return do_set_sock_timeout(sock, level, optname, optval, optlen); > > > > return sock_setsockopt(sock, level, optname, optval, optlen); > > @@ -450,7 +450,7 @@ static int compat_sock_getsockopt(struct socket *sock, int level, int optname, > > char __user *optval, int __user *optlen) > > { > > if (!COMPAT_USE_64BIT_TIME && > > - (optname == SO_RCVTIMEO || optname == SO_SNDTIMEO)) > > + (optname == SO_RCVTIMEO_OLD || optname == SO_SNDTIMEO_OLD)) > > return do_get_sock_timeout(sock, level, optname, optval, optlen); > > return sock_getsockopt(sock, level, optname, optval, optlen); > > } > > I looked at the original code and noticed that it's horrible, which of course > is not your fault, but I wonder if we should just fix it now to avoid that > get_fs()/set_fs() hack, since that code mostly implements what you > also have in your patch 3 (which is done more nicely). I did think of getting rid of set_fs()/ get_fs() here. But, I wasn't sure as the maintainers seemed to prefer to leave to the old code as is in the other series for timestamps. > I'll follow up with a patch to demonstrate what I mean here. Your third > patch will then just have to add another code path so we can handle > all of old_timespec32 (for existing 32-bit user space), __kernel_old_timespec > (for sparc64) and __kernel_sock_timeval (for everything else). Cool, I will rebase on top of your patch. Thanks, Deepa
diff --git a/arch/alpha/include/uapi/asm/socket.h b/arch/alpha/include/uapi/asm/socket.h index da08412bd49f..ea3ba981d8a0 100644 --- a/arch/alpha/include/uapi/asm/socket.h +++ b/arch/alpha/include/uapi/asm/socket.h @@ -31,8 +31,8 @@ #define SO_RCVBUFFORCE 0x100b #define SO_RCVLOWAT 0x1010 #define SO_SNDLOWAT 0x1011 -#define SO_RCVTIMEO 0x1012 -#define SO_SNDTIMEO 0x1013 +#define SO_RCVTIMEO_OLD 0x1012 +#define SO_SNDTIMEO_OLD 0x1013 #define SO_ACCEPTCONN 0x1014 #define SO_PROTOCOL 0x1028 #define SO_DOMAIN 0x1029 @@ -120,6 +120,9 @@ #if !defined(__KERNEL__) +#define SO_RCVTIMEO SO_RCVTIMEO_OLD +#define SO_SNDTIMEO SO_SNDTIMEO_OLD + #if __BITS_PER_LONG == 64 #define SO_TIMESTAMP SO_TIMESTAMP_OLD #define SO_TIMESTAMPNS SO_TIMESTAMPNS_OLD diff --git a/arch/mips/include/uapi/asm/socket.h b/arch/mips/include/uapi/asm/socket.h index 1e48f67f1052..4dde20d64690 100644 --- a/arch/mips/include/uapi/asm/socket.h +++ b/arch/mips/include/uapi/asm/socket.h @@ -39,8 +39,8 @@ #define SO_RCVBUF 0x1002 /* Receive buffer. */ #define SO_SNDLOWAT 0x1003 /* send low-water mark */ #define SO_RCVLOWAT 0x1004 /* receive low-water mark */ -#define SO_SNDTIMEO 0x1005 /* send timeout */ -#define SO_RCVTIMEO 0x1006 /* receive timeout */ +#define SO_SNDTIMEO_OLD 0x1005 /* send timeout */ +#define SO_RCVTIMEO_OLD 0x1006 /* receive timeout */ #define SO_ACCEPTCONN 0x1009 #define SO_PROTOCOL 0x1028 /* protocol type */ #define SO_DOMAIN 0x1029 /* domain/socket family */ @@ -130,6 +130,8 @@ #if !defined(__KERNEL__) +#define SO_RCVTIMEO SO_RCVTIMEO_OLD +#define SO_SNDTIMEO SO_SNDTIMEO_OLD #if __BITS_PER_LONG == 64 #define SO_TIMESTAMP SO_TIMESTAMP_OLD #define SO_TIMESTAMPNS SO_TIMESTAMPNS_OLD diff --git a/arch/parisc/include/uapi/asm/socket.h b/arch/parisc/include/uapi/asm/socket.h index e8d6cf20f9a4..546937fa0d8b 100644 --- a/arch/parisc/include/uapi/asm/socket.h +++ b/arch/parisc/include/uapi/asm/socket.h @@ -22,8 +22,8 @@ #define SO_RCVBUFFORCE 0x100b #define SO_SNDLOWAT 0x1003 #define SO_RCVLOWAT 0x1004 -#define SO_SNDTIMEO 0x1005 -#define SO_RCVTIMEO 0x1006 +#define SO_SNDTIMEO_OLD 0x1005 +#define SO_RCVTIMEO_OLD 0x1006 #define SO_ERROR 0x1007 #define SO_TYPE 0x1008 #define SO_PROTOCOL 0x1028 @@ -111,6 +111,8 @@ #if !defined(__KERNEL__) +#define SO_RCVTIMEO SO_RCVTIMEO_OLD +#define SO_SNDTIMEO SO_SNDTIMEO_OLD #if __BITS_PER_LONG == 64 #define SO_TIMESTAMP SO_TIMESTAMP_OLD #define SO_TIMESTAMPNS SO_TIMESTAMPNS_OLD diff --git a/arch/powerpc/include/uapi/asm/socket.h b/arch/powerpc/include/uapi/asm/socket.h index 94de465e0920..12aa0c43e775 100644 --- a/arch/powerpc/include/uapi/asm/socket.h +++ b/arch/powerpc/include/uapi/asm/socket.h @@ -11,8 +11,8 @@ #define SO_RCVLOWAT 16 #define SO_SNDLOWAT 17 -#define SO_RCVTIMEO 18 -#define SO_SNDTIMEO 19 +#define SO_RCVTIMEO_OLD 18 +#define SO_SNDTIMEO_OLD 19 #define SO_PASSCRED 20 #define SO_PEERCRED 21 diff --git a/arch/sparc/include/uapi/asm/socket.h b/arch/sparc/include/uapi/asm/socket.h index fc65bf6b6440..bdc396211627 100644 --- a/arch/sparc/include/uapi/asm/socket.h +++ b/arch/sparc/include/uapi/asm/socket.h @@ -21,8 +21,8 @@ #define SO_BSDCOMPAT 0x0400 #define SO_RCVLOWAT 0x0800 #define SO_SNDLOWAT 0x1000 -#define SO_RCVTIMEO 0x2000 -#define SO_SNDTIMEO 0x4000 +#define SO_RCVTIMEO_OLD 0x2000 +#define SO_SNDTIMEO_OLD 0x4000 #define SO_ACCEPTCONN 0x8000 #define SO_SNDBUF 0x1001 @@ -112,6 +112,8 @@ #if !defined(__KERNEL__) +#define SO_RCVTIMEO SO_RCVTIMEO_OLD +#define SO_SNDTIMEO SO_SNDTIMEO_OLD #if __BITS_PER_LONG == 64 #define SO_TIMESTAMP SO_TIMESTAMP_OLD #define SO_TIMESTAMPNS SO_TIMESTAMPNS_OLD diff --git a/fs/dlm/lowcomms.c b/fs/dlm/lowcomms.c index 76976d6e50f9..c98ad9777ad9 100644 --- a/fs/dlm/lowcomms.c +++ b/fs/dlm/lowcomms.c @@ -1089,12 +1089,12 @@ static void sctp_connect_to_sock(struct connection *con) * since O_NONBLOCK argument in connect() function does not work here, * then, we should restore the default value of this attribute. */ - kernel_setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, (char *)&tv, + kernel_setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO_OLD, (char *)&tv, sizeof(tv)); result = sock->ops->connect(sock, (struct sockaddr *)&daddr, addr_len, 0); memset(&tv, 0, sizeof(tv)); - kernel_setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, (char *)&tv, + kernel_setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO_OLD, (char *)&tv, sizeof(tv)); if (result == -EINPROGRESS) diff --git a/include/net/sock.h b/include/net/sock.h index 6679f3c120b0..98965a9a2bf4 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -292,8 +292,8 @@ struct sock_common { * @sk_peer_pid: &struct pid for this socket's peer * @sk_peer_cred: %SO_PEERCRED setting * @sk_rcvlowat: %SO_RCVLOWAT setting - * @sk_rcvtimeo: %SO_RCVTIMEO setting - * @sk_sndtimeo: %SO_SNDTIMEO setting + * @sk_rcvtimeo: %SO_RCVTIMEO_OLD setting + * @sk_sndtimeo: %SO_SNDTIMEO_OLD setting * @sk_txhash: computed flow hash for use on transmit * @sk_filter: socket filtering instructions * @sk_timer: sock cleanup timer diff --git a/include/uapi/asm-generic/socket.h b/include/uapi/asm-generic/socket.h index 94e618a4a43f..9e370586fb19 100644 --- a/include/uapi/asm-generic/socket.h +++ b/include/uapi/asm-generic/socket.h @@ -30,8 +30,8 @@ #define SO_PEERCRED 17 #define SO_RCVLOWAT 18 #define SO_SNDLOWAT 19 -#define SO_RCVTIMEO 20 -#define SO_SNDTIMEO 21 +#define SO_RCVTIMEO_OLD 20 +#define SO_SNDTIMEO_OLD 21 #endif /* Security levels - as per NRL IPv6 - don't actually do anything */ @@ -114,6 +114,8 @@ #if !defined(__KERNEL__) +#define SO_RCVTIMEO SO_RCVTIMEO_OLD +#define SO_SNDTIMEO SO_SNDTIMEO_OLD #if __BITS_PER_LONG == 64 || (defined(__x86_64__) && defined(__ILP32__)) /* on 64-bit and x32, avoid the ?: operator */ #define SO_TIMESTAMP SO_TIMESTAMP_OLD diff --git a/net/compat.c b/net/compat.c index cbc15f65033c..19e047f70f64 100644 --- a/net/compat.c +++ b/net/compat.c @@ -378,7 +378,7 @@ static int compat_sock_setsockopt(struct socket *sock, int level, int optname, return do_set_attach_filter(sock, level, optname, optval, optlen); if (!COMPAT_USE_64BIT_TIME && - (optname == SO_RCVTIMEO || optname == SO_SNDTIMEO)) + (optname == SO_RCVTIMEO_OLD || optname == SO_SNDTIMEO_OLD)) return do_set_sock_timeout(sock, level, optname, optval, optlen); return sock_setsockopt(sock, level, optname, optval, optlen); @@ -450,7 +450,7 @@ static int compat_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) { if (!COMPAT_USE_64BIT_TIME && - (optname == SO_RCVTIMEO || optname == SO_SNDTIMEO)) + (optname == SO_RCVTIMEO_OLD || optname == SO_SNDTIMEO_OLD)) return do_get_sock_timeout(sock, level, optname, optval, optlen); return sock_getsockopt(sock, level, optname, optval, optlen); } diff --git a/net/core/sock.c b/net/core/sock.c index af0fb33624e2..42914ca3186c 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -889,11 +889,11 @@ int sock_setsockopt(struct socket *sock, int level, int optname, sk->sk_rcvlowat = val ? : 1; break; - case SO_RCVTIMEO: + case SO_RCVTIMEO_OLD: ret = sock_set_timeout(&sk->sk_rcvtimeo, optval, optlen); break; - case SO_SNDTIMEO: + case SO_SNDTIMEO_OLD: ret = sock_set_timeout(&sk->sk_sndtimeo, optval, optlen); break; @@ -1222,7 +1222,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, v.val = sk->sk_tsflags; break; - case SO_RCVTIMEO: + case SO_RCVTIMEO_OLD: lv = sizeof(struct __kernel_old_timeval); if (sk->sk_rcvtimeo == MAX_SCHEDULE_TIMEOUT) { v.tm.tv_sec = 0; @@ -1233,7 +1233,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, } break; - case SO_SNDTIMEO: + case SO_SNDTIMEO_OLD: lv = sizeof(struct __kernel_old_timeval); if (sk->sk_sndtimeo == MAX_SCHEDULE_TIMEOUT) { v.tm.tv_sec = 0;
SO_RCVTIMEO and SO_SNDTIMEO socket options use struct timeval as the time format. struct timeval is not y2038 safe. The subsequent patches in the series add support for new socket timeout options with _NEW suffix that are y2038 safe. Rename the existing options with _OLD suffix forms so that the right option is enabled for userspace applications according to the architecture and time_t definition of libc. Signed-off-by: Deepa Dinamani <deepa.kernel@gmail.com> Cc: ccaulfie@redhat.com Cc: deller@gmx.de Cc: paulus@samba.org Cc: ralf@linux-mips.org Cc: rth@twiddle.net Cc: cluster-devel@redhat.com Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-mips@vger.kernel.org Cc: linux-parisc@vger.kernel.org Cc: sparclinux@vger.kernel.org --- arch/alpha/include/uapi/asm/socket.h | 7 +++++-- arch/mips/include/uapi/asm/socket.h | 6 ++++-- arch/parisc/include/uapi/asm/socket.h | 6 ++++-- arch/powerpc/include/uapi/asm/socket.h | 4 ++-- arch/sparc/include/uapi/asm/socket.h | 6 ++++-- fs/dlm/lowcomms.c | 4 ++-- include/net/sock.h | 4 ++-- include/uapi/asm-generic/socket.h | 6 ++++-- net/compat.c | 4 ++-- net/core/sock.c | 8 ++++---- 10 files changed, 33 insertions(+), 22 deletions(-)