From patchwork Wed Jul 15 05:57:39 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "\(Exiting\) Baolin Wang" X-Patchwork-Id: 51116 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-lb0-f199.google.com (mail-lb0-f199.google.com [209.85.217.199]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 20AB722A24 for ; Wed, 15 Jul 2015 05:59:02 +0000 (UTC) Received: by lbbpo10 with SMTP id po10sf7772740lbb.1 for ; Tue, 14 Jul 2015 22:59:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject :date:message-id:in-reply-to:references:sender:precedence:list-id :x-original-sender:x-original-authentication-results:mailing-list :list-post:list-help:list-archive:list-unsubscribe; bh=EeSTEcy+CJsC96o/jdV6QDOEdn7OSqweZkoYlvTOkvQ=; b=U0p3bjU64Zap4FAtWM9THuKfa5tVokc6+o0gPnvP63N275lqCLWOf7hRcRfUsPdpXl iOjidBsUYbNshj6jTVlHDmyiKnutESfrBwuQfhCN77RhlDfEVHtXmTJpdj8MwJ5lDzfZ DibADx8UpSdLpMxj6qImqt0W+RbOEa5nEW1O26MitOMMK7aoLWiIYMxC36x1i4KIHRSA B5zEhK8lwjHTIYdg+iRpWS7sGd3ZyNNey6Ma70mAOlJjNj6dJGJtaujYk3MvX2jxCndj SS/fJzgpKXjZxXaIdDITmU9W7s3wyM/YsH3araXrZmieR5Iq7VJ3hkajnUkpEh834F9A U5OQ== X-Gm-Message-State: ALoCoQnxz5rwd9u/CDQ2rvf0Tg5G3QEBiNzgkZx80m9FMN4Ne1GVuf/5Y+JELm1dPoAJrZrT/nHL X-Received: by 10.112.189.131 with SMTP id gi3mr1292120lbc.6.1436939940997; Tue, 14 Jul 2015 22:59:00 -0700 (PDT) MIME-Version: 1.0 X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.29.7 with SMTP id f7ls134485lah.48.gmail; Tue, 14 Jul 2015 22:59:00 -0700 (PDT) X-Received: by 10.152.6.1 with SMTP id w1mr2261224law.91.1436939940742; Tue, 14 Jul 2015 22:59:00 -0700 (PDT) Received: from mail-la0-f43.google.com (mail-la0-f43.google.com. [209.85.215.43]) by mx.google.com with ESMTPS id g1si3029264lab.70.2015.07.14.22.59.00 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 Jul 2015 22:59:00 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.43 as permitted sender) client-ip=209.85.215.43; Received: by lagw2 with SMTP id w2so18209568lag.3 for ; Tue, 14 Jul 2015 22:59:00 -0700 (PDT) X-Received: by 10.112.166.106 with SMTP id zf10mr2365738lbb.36.1436939940595; Tue, 14 Jul 2015 22:59:00 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.108.230 with SMTP id hn6csp2844603lbb; Tue, 14 Jul 2015 22:58:59 -0700 (PDT) X-Received: by 10.66.161.135 with SMTP id xs7mr4733065pab.154.1436939938757; Tue, 14 Jul 2015 22:58:58 -0700 (PDT) Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id rt15si5578499pab.240.2015.07.14.22.58.57; Tue, 14 Jul 2015 22:58:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752038AbbGOF64 (ORCPT + 26 others); Wed, 15 Jul 2015 01:58:56 -0400 Received: from mail-pd0-f182.google.com ([209.85.192.182]:36281 "EHLO mail-pd0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750772AbbGOF6y (ORCPT ); Wed, 15 Jul 2015 01:58:54 -0400 Received: by pdjr16 with SMTP id r16so18825642pdj.3 for ; Tue, 14 Jul 2015 22:58:54 -0700 (PDT) X-Received: by 10.68.87.5 with SMTP id t5mr4479771pbz.137.1436939934228; Tue, 14 Jul 2015 22:58:54 -0700 (PDT) Received: from baolinwangubtpc.spreadtrum.com ([175.111.195.49]) by smtp.gmail.com with ESMTPSA id ff10sm3273267pab.13.2015.07.14.22.58.49 (version=TLSv1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 14 Jul 2015 22:58:53 -0700 (PDT) From: Baolin Wang To: serge.hallyn@canonical.com Cc: arnd@arndb.de, tglx@linutronix.de, john.stultz@linaro.org, linux-kernel@vger.kernel.org, james.l.morris@oracle.com, serge@hallyn.com, paul@paul-moore.com, john.johansen@canonical.com, sds@tycho.nsa.gov, casey@schaufler-ca.com, penguin-kernel@I-love.SAKURA.ne.jp, neilb@suse.de, edumazet@google.com, jlayton@primarydata.com, linux-security-module@vger.kernel.org, baolin.wang@linaro.org, y2038@lists.linaro.org Subject: [PATCH 3/6] security: Introduce security_settime64() Date: Wed, 15 Jul 2015 13:57:39 +0800 Message-Id: X-Mailer: git-send-email 1.7.9.5 In-Reply-To: References: Sender: linux-kernel-owner@vger.kernel.org Precedence: list List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: baolin.wang@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.43 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , security_settime() returns a timespec, which is not year 2038 safe on 32bit systems. Thus this patch introduces the security_settime64() function with timespec64 type. We also convert the cap_settime() helper function to use the 64bit types. Signed-off-by: Baolin Wang --- include/linux/lsm_hooks.h | 5 +++-- include/linux/security.h | 20 +++++++++++++++++--- security/commoncap.c | 2 +- security/security.c | 2 +- 4 files changed, 22 insertions(+), 7 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 9429f05..d791f35 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1191,7 +1191,8 @@ * Return 0 if permission is granted. * @settime: * Check permission to change the system time. - * struct timespec and timezone are defined in include/linux/time.h + * struct timespec64 is defined in include/linux/time64.h and timezone + * is defined in include/linux/time.h * @ts contains new time * @tz contains new timezone * Return 0 if permission is granted. @@ -1324,7 +1325,7 @@ union security_list_options { int (*quotactl)(int cmds, int type, int id, struct super_block *sb); int (*quota_on)(struct dentry *dentry); int (*syslog)(int type); - int (*settime)(const struct timespec *ts, const struct timezone *tz); + int (*settime)(const struct timespec64 *ts, const struct timezone *tz); int (*vm_enough_memory)(struct mm_struct *mm, long pages); int (*bprm_set_creds)(struct linux_binprm *bprm); diff --git a/include/linux/security.h b/include/linux/security.h index 79d85dd..105fc27 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -69,7 +69,7 @@ struct timezone; /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, int audit); -extern int cap_settime(const struct timespec *ts, const struct timezone *tz); +extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz); extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode); extern int cap_ptrace_traceme(struct task_struct *parent); extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); @@ -206,7 +206,13 @@ int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns, int security_quotactl(int cmds, int type, int id, struct super_block *sb); int security_quota_on(struct dentry *dentry); int security_syslog(int type); -int security_settime(const struct timespec *ts, const struct timezone *tz); +int security_settime64(const struct timespec64 *ts, const struct timezone *tz); +static inline int security_settime(const struct timespec *ts, const struct timezone *tz) +{ + struct timespec64 ts64 = timespec_to_timespec64(*ts); + + return security_settime64(&ts64, tz); +} int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); int security_bprm_set_creds(struct linux_binprm *bprm); int security_bprm_check(struct linux_binprm *bprm); @@ -457,10 +463,18 @@ static inline int security_syslog(int type) return 0; } +static inline int security_settime64(const struct timespec64 *ts, + const struct timezone *tz) +{ + return cap_settime(ts, tz); +} + static inline int security_settime(const struct timespec *ts, const struct timezone *tz) { - return cap_settime(ts, tz); + struct timespec64 ts64 = timespec_to_timespec64(*ts); + + return cap_settime(&ts64, tz); } static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) diff --git a/security/commoncap.c b/security/commoncap.c index d103f5a4..17b1f79 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -111,7 +111,7 @@ int cap_capable(const struct cred *cred, struct user_namespace *targ_ns, * Determine whether the current process may set the system clock and timezone * information, returning 0 if permission granted, -ve if denied. */ -int cap_settime(const struct timespec *ts, const struct timezone *tz) +int cap_settime(const struct timespec64 *ts, const struct timezone *tz) { if (!capable(CAP_SYS_TIME)) return -EPERM; diff --git a/security/security.c b/security/security.c index 595fffa..8d0dbd6 100644 --- a/security/security.c +++ b/security/security.c @@ -213,7 +213,7 @@ int security_syslog(int type) return call_int_hook(syslog, 0, type); } -int security_settime(const struct timespec *ts, const struct timezone *tz) +int security_settime64(const struct timespec64 *ts, const struct timezone *tz) { return call_int_hook(settime, 0, ts, tz); }