git: c0584b324e9a - stable/13 - linux(4): Zero out high order bits of nanoseconds in the compat mode.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 17 Jun 2022 19:40:03 UTC
The branch stable/13 has been updated by dchagin: URL: https://cgit.FreeBSD.org/src/commit/?id=c0584b324e9ae06f7c7906c92dd2431805e01b5c commit c0584b324e9ae06f7c7906c92dd2431805e01b5c Author: Dmitry Chagin <dchagin@FreeBSD.org> AuthorDate: 2022-05-08 12:38:19 +0000 Commit: Dmitry Chagin <dchagin@FreeBSD.org> CommitDate: 2022-06-17 19:34:58 +0000 linux(4): Zero out high order bits of nanoseconds in the compat mode. Assuming the kernel would use random data, the 64-bit Linux kernel ignores upper 32 bits of tv_nsec of struct timespec64 for 32-bit binaries. MFC after: 2 weeks (cherry picked from commit 1579b320f1a4d555250b82fa74a391d963e7ae13) --- sys/compat/linux/linux_misc.c | 3 +++ sys/compat/linux/linux_time.c | 8 +++++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/sys/compat/linux/linux_misc.c b/sys/compat/linux/linux_misc.c index 61de64b50489..d43289786611 100644 --- a/sys/compat/linux/linux_misc.c +++ b/sys/compat/linux/linux_misc.c @@ -910,6 +910,9 @@ static int linux_utimensat_lts64_to_ts(struct l_timespec64 *l_times, struct timespec *times) { + /* Zero out the padding in compat mode. */ + l_times->tv_nsec &= 0xFFFFFFFFUL; + if (l_times->tv_nsec != LINUX_UTIME_OMIT && l_times->tv_nsec != LINUX_UTIME_NOW && (l_times->tv_nsec < 0 || l_times->tv_nsec > 999999999)) diff --git a/sys/compat/linux/linux_time.c b/sys/compat/linux/linux_time.c index e97a1145d31b..d4f502eee7c6 100644 --- a/sys/compat/linux/linux_time.c +++ b/sys/compat/linux/linux_time.c @@ -177,10 +177,12 @@ int linux_to_native_timespec64(struct timespec *ntp, struct l_timespec64 *ltp64) { - if (!timespecvalid_interval(ltp64)) - return (EINVAL); + /* Zero out the padding in compat mode. */ + ntp->tv_nsec = ltp64->tv_nsec & 0xFFFFFFFFUL; ntp->tv_sec = ltp64->tv_sec; - ntp->tv_nsec = ltp64->tv_nsec; + + if (!timespecvalid_interval(ntp)) + return (EINVAL); return (0); }