From patchwork Fri Apr 22 19:03:26 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Stultz X-Patchwork-Id: 66495 Delivered-To: patches@linaro.org Received: by 10.140.93.198 with SMTP id d64csp885885qge; Fri, 22 Apr 2016 12:03:34 -0700 (PDT) X-Received: by 10.66.118.7 with SMTP id ki7mr30715237pab.152.1461351812855; Fri, 22 Apr 2016 12:03:32 -0700 (PDT) Return-Path: Received: from mail-pa0-x22a.google.com (mail-pa0-x22a.google.com. [2607:f8b0:400e:c03::22a]) by mx.google.com with ESMTPS id fa5si9043642pab.125.2016.04.22.12.03.32 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 22 Apr 2016 12:03:32 -0700 (PDT) Received-SPF: pass (google.com: domain of john.stultz@linaro.org designates 2607:f8b0:400e:c03::22a as permitted sender) client-ip=2607:f8b0:400e:c03::22a; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org; spf=pass (google.com: domain of john.stultz@linaro.org designates 2607:f8b0:400e:c03::22a as permitted sender) smtp.mailfrom=john.stultz@linaro.org; dmarc=pass (p=NONE dis=NONE) header.from=linaro.org Received: by mail-pa0-x22a.google.com with SMTP id er2so42196346pad.3 for ; Fri, 22 Apr 2016 12:03:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=jzaxJ47Hg5pkaiMe8UZ8fweWi7fg7cSd+5i5lyOZHl8=; b=GFrJvuU3CH4E+5L1DTpfCZMWZ9daBvwzw6ibJ5iVjDK8a4SUtv7xq/VCSW190XexWI GTPSZPc0h6x1dUCRVJeBGfg33/IS8k5qZLeawJqFQ1YXyZ/aTaXGa0EE8h+h0Kgng1Tf UFhhQfw7rUuq8Psp1AYC570doP0a8JHdnfNDo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=jzaxJ47Hg5pkaiMe8UZ8fweWi7fg7cSd+5i5lyOZHl8=; b=RhZmiB65FO56NETxYkqsTSHT8JYONWkcGscWyRM9GYuVnipUuwj5GfzM3hPB2yhNzp RNKoOb6xn6bwYTi3ZGOdVddbhjh7re9qyDNg+rUoMavV5bkBL+9rezzo0ZbnCgxecGrV iY8o2+4OcU60vKRw9pTj5sa3pM0gkiuon/CGQXpHC2SW518z4FG+4GhgT7RLxB+9HU7o +HIGZZ9K11RsINKldaJhE3hjIP31Q8b2b/ixWpLawb8XAG1t2kJJhlmZNM5kcrmI8CF9 Q8YBaE0ViTrujQcZuJqb9V3MWZkQa3Fo0yDv4/xULH8fyb8Slgd9jwDFz2hl7V4kmZhq eBDg== X-Gm-Message-State: AOPr4FW5TzpPyfuDbJfCngMBo/i36ipwgpNLdiNNrFYvS55YhHpdf3D+lPEfRgqaff8GdUE8O0E= X-Received: by 10.66.140.105 with SMTP id rf9mr30645671pab.117.1461351812583; Fri, 22 Apr 2016 12:03:32 -0700 (PDT) Return-Path: Received: from localhost.localdomain (c-73-67-244-238.hsd1.or.comcast.net. [73.67.244.238]) by smtp.gmail.com with ESMTPSA id ba9sm11243564pab.24.2016.04.22.12.03.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 22 Apr 2016 12:03:31 -0700 (PDT) From: John Stultz To: lkml Cc: Baolin Wang , Serge Hallyn , James Morris , "Serge E. Hallyn" , Paul Moore , Stephen Smalley , Kees Cook , Prarit Bhargava , Richard Cochran , Thomas Gleixner , Ingo Molnar , John Stultz Subject: [PATCH 2/3] security: Introduce security_settime64() Date: Fri, 22 Apr 2016 12:03:26 -0700 Message-Id: <1461351807-12495-3-git-send-email-john.stultz@linaro.org> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1461351807-12495-1-git-send-email-john.stultz@linaro.org> References: <1461351807-12495-1-git-send-email-john.stultz@linaro.org> From: Baolin Wang security_settime() uses a timespec, which is not year 2038 safe on 32bit systems. Thus this patch introduces the security_settime64() function with timespec64 type. We also convert the cap_settime() helper function to use the 64bit types. This patch then moves security_settime() to the header file as an inline helper function so that existing users can be iteratively converted. None of the existing hooks is using the timespec argument and therefor the patch is not making any functional changes. Cc: Serge Hallyn , Cc: James Morris , Cc: "Serge E. Hallyn" , Cc: Paul Moore Cc: Stephen Smalley Cc: Kees Cook Cc: Prarit Bhargava Cc: Richard Cochran Cc: Thomas Gleixner Cc: Ingo Molnar Reviewed-by: James Morris Signed-off-by: Baolin Wang [jstultz: Reworded commit message] Signed-off-by: John Stultz --- include/linux/lsm_hooks.h | 5 +++-- include/linux/security.h | 20 +++++++++++++++++--- security/commoncap.c | 2 +- security/security.c | 2 +- 4 files changed, 22 insertions(+), 7 deletions(-) -- 1.9.1 diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index cdee11c..41ab466 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1190,7 +1190,8 @@ * Return 0 if permission is granted. * @settime: * Check permission to change the system time. - * struct timespec and timezone are defined in include/linux/time.h + * struct timespec64 is defined in include/linux/time64.h and timezone + * is defined in include/linux/time.h * @ts contains new time * @tz contains new timezone * Return 0 if permission is granted. @@ -1327,7 +1328,7 @@ union security_list_options { int (*quotactl)(int cmds, int type, int id, struct super_block *sb); int (*quota_on)(struct dentry *dentry); int (*syslog)(int type); - int (*settime)(const struct timespec *ts, const struct timezone *tz); + int (*settime)(const struct timespec64 *ts, const struct timezone *tz); int (*vm_enough_memory)(struct mm_struct *mm, long pages); int (*bprm_set_creds)(struct linux_binprm *bprm); diff --git a/include/linux/security.h b/include/linux/security.h index 157f0cb..35ac8d9 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -71,7 +71,7 @@ struct timezone; /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, int audit); -extern int cap_settime(const struct timespec *ts, const struct timezone *tz); +extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz); extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode); extern int cap_ptrace_traceme(struct task_struct *parent); extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); @@ -208,7 +208,13 @@ int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns, int security_quotactl(int cmds, int type, int id, struct super_block *sb); int security_quota_on(struct dentry *dentry); int security_syslog(int type); -int security_settime(const struct timespec *ts, const struct timezone *tz); +int security_settime64(const struct timespec64 *ts, const struct timezone *tz); +static inline int security_settime(const struct timespec *ts, const struct timezone *tz) +{ + struct timespec64 ts64 = timespec_to_timespec64(*ts); + + return security_settime64(&ts64, tz); +} int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); int security_bprm_set_creds(struct linux_binprm *bprm); int security_bprm_check(struct linux_binprm *bprm); @@ -462,10 +468,18 @@ static inline int security_syslog(int type) return 0; } +static inline int security_settime64(const struct timespec64 *ts, + const struct timezone *tz) +{ + return cap_settime(ts, tz); +} + static inline int security_settime(const struct timespec *ts, const struct timezone *tz) { - return cap_settime(ts, tz); + struct timespec64 ts64 = timespec_to_timespec64(*ts); + + return cap_settime(&ts64, tz); } static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) diff --git a/security/commoncap.c b/security/commoncap.c index 48071ed..2074bf6 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -111,7 +111,7 @@ int cap_capable(const struct cred *cred, struct user_namespace *targ_ns, * Determine whether the current process may set the system clock and timezone * information, returning 0 if permission granted, -ve if denied. */ -int cap_settime(const struct timespec *ts, const struct timezone *tz) +int cap_settime(const struct timespec64 *ts, const struct timezone *tz) { if (!capable(CAP_SYS_TIME)) return -EPERM; diff --git a/security/security.c b/security/security.c index 3644b03..8c44a64 100644 --- a/security/security.c +++ b/security/security.c @@ -208,7 +208,7 @@ int security_syslog(int type) return call_int_hook(syslog, 0, type); } -int security_settime(const struct timespec *ts, const struct timezone *tz) +int security_settime64(const struct timespec64 *ts, const struct timezone *tz) { return call_int_hook(settime, 0, ts, tz); }