From patchwork Tue Oct 25 15:59:50 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andy Whitcroft X-Patchwork-Id: 121727 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from chlorine.canonical.com (chlorine.canonical.com [91.189.94.204]) by ozlabs.org (Postfix) with ESMTP id C052B1007D9 for ; Wed, 26 Oct 2011 03:00:16 +1100 (EST) Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com) by chlorine.canonical.com with esmtp (Exim 4.71) (envelope-from ) id 1RIjQ0-0006TA-Pu; Tue, 25 Oct 2011 16:00:00 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by chlorine.canonical.com with esmtp (Exim 4.71) (envelope-from ) id 1RIjPt-0006PR-Ds for kernel-team@lists.ubuntu.com; Tue, 25 Oct 2011 15:59:53 +0000 Received: from 212-139-208-147.dynamic.dsl.as9105.com ([212.139.208.147] helo=localhost.localdomain) by youngberry.canonical.com with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1RIjPt-0003n2-4W; Tue, 25 Oct 2011 15:59:53 +0000 From: Andy Whitcroft To: kernel-team@lists.ubuntu.com Subject: [hardy CVE 2/2] remove div_long_long_rem Date: Tue, 25 Oct 2011 16:59:50 +0100 Message-Id: <1319558390-29769-3-git-send-email-apw@canonical.com> X-Mailer: git-send-email 1.7.5.4 In-Reply-To: <1319558390-29769-1-git-send-email-apw@canonical.com> References: <1319558390-29769-1-git-send-email-apw@canonical.com> Cc: Andy Whitcroft X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.13 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: kernel-team-bounces@lists.ubuntu.com Errors-To: kernel-team-bounces@lists.ubuntu.com From: Roman Zippel x86 is the only arch right now, which provides an optimized for div_long_long_rem and it has the downside that one has to be very careful that the divide doesn't overflow. The API is a little akward, as the arguments for the unsigned divide are signed. The signed version also doesn't handle a negative divisor and produces worse code on 64bit archs. There is little incentive to keep this API alive, so this converts the few users to the new API. Signed-off-by: Roman Zippel Cc: Ralf Baechle Cc: Ingo Molnar Cc: Thomas Gleixner Cc: john stultz Cc: Christoph Lameter Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds (backported from commit f8bd2258e2d520dff28c855658bd24bdafb5102d) CVE-2011-3209 BugLink: http://bugs.launchpad.net/bugs/880890 Signed-off-by: Andy Whitcroft --- arch/mips/kernel/binfmt_elfn32.c | 5 ++- arch/mips/kernel/binfmt_elfo32.c | 5 ++- drivers/char/mmtimer.c | 24 ++++++++---------- include/asm-x86/div64.h | 19 -------------- include/linux/calc64.h | 49 -------------------------------------- include/linux/jiffies.h | 2 +- kernel/posix-cpu-timers.c | 11 ++++---- kernel/time.c | 25 +++++++++++------- kernel/time/ntp.c | 6 +--- mm/slub.c | 9 +++---- 10 files changed, 44 insertions(+), 111 deletions(-) delete mode 100644 include/linux/calc64.h diff --git a/arch/mips/kernel/binfmt_elfn32.c b/arch/mips/kernel/binfmt_elfn32.c index 9b34238..5d76064 100644 --- a/arch/mips/kernel/binfmt_elfn32.c +++ b/arch/mips/kernel/binfmt_elfn32.c @@ -54,6 +54,7 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG]; #include #include #include +#include #define elf_prstatus elf_prstatus32 struct elf_prstatus32 @@ -102,8 +103,8 @@ jiffies_to_compat_timeval(unsigned long jiffies, struct compat_timeval *value) * one divide. */ u64 nsec = (u64)jiffies * TICK_NSEC; - long rem; - value->tv_sec = div_long_long_rem(nsec, NSEC_PER_SEC, &rem); + u32 rem; + value->tv_sec = div_u64_rem(nsec, NSEC_PER_SEC, &rem); value->tv_usec = rem / NSEC_PER_USEC; } diff --git a/arch/mips/kernel/binfmt_elfo32.c b/arch/mips/kernel/binfmt_elfo32.c index da41eac..2b0e4e3 100644 --- a/arch/mips/kernel/binfmt_elfo32.c +++ b/arch/mips/kernel/binfmt_elfo32.c @@ -56,6 +56,7 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG]; #include #include #include +#include #define elf_prstatus elf_prstatus32 struct elf_prstatus32 @@ -104,8 +105,8 @@ jiffies_to_compat_timeval(unsigned long jiffies, struct compat_timeval *value) * one divide. */ u64 nsec = (u64)jiffies * TICK_NSEC; - long rem; - value->tv_sec = div_long_long_rem(nsec, NSEC_PER_SEC, &rem); + u32 rem; + value->tv_sec = div_u64_rem(nsec, NSEC_PER_SEC, &rem); value->tv_usec = rem / NSEC_PER_USEC; } diff --git a/drivers/char/mmtimer.c b/drivers/char/mmtimer.c index e60a74c..25a392d 100644 --- a/drivers/char/mmtimer.c +++ b/drivers/char/mmtimer.c @@ -30,6 +30,8 @@ #include #include #include +#include +#include #include #include @@ -366,8 +368,8 @@ static int sgi_clock_get(clockid_t clockid, struct timespec *tp) nsec = rtc_time() * sgi_clock_period + sgi_clock_offset.tv_nsec; - tp->tv_sec = div_long_long_rem(nsec, NSEC_PER_SEC, &tp->tv_nsec) - + sgi_clock_offset.tv_sec; + *tp = ns_to_timespec(nsec); + tp->tv_sec += sgi_clock_offset.tv_sec; return 0; }; @@ -375,11 +377,11 @@ static int sgi_clock_set(clockid_t clockid, struct timespec *tp) { u64 nsec; - u64 rem; + u32 rem; nsec = rtc_time() * sgi_clock_period; - sgi_clock_offset.tv_sec = tp->tv_sec - div_long_long_rem(nsec, NSEC_PER_SEC, &rem); + sgi_clock_offset.tv_sec = tp->tv_sec - div_u64_rem(nsec, NSEC_PER_SEC, &rem); if (rem <= tp->tv_nsec) sgi_clock_offset.tv_nsec = tp->tv_sec - rem; @@ -532,9 +534,6 @@ static int sgi_timer_del(struct k_itimer *timr) return 0; } -#define timespec_to_ns(x) ((x).tv_nsec + (x).tv_sec * NSEC_PER_SEC) -#define ns_to_timespec(ts, nsec) (ts).tv_sec = div_long_long_rem(nsec, NSEC_PER_SEC, &(ts).tv_nsec) - /* Assumption: it_lock is already held with irq's disabled */ static void sgi_timer_get(struct k_itimer *timr, struct itimerspec *cur_setting) { @@ -547,9 +546,8 @@ static void sgi_timer_get(struct k_itimer *timr, struct itimerspec *cur_setting) return; } - ns_to_timespec(cur_setting->it_interval, timr->it.mmtimer.incr * sgi_clock_period); - ns_to_timespec(cur_setting->it_value, (timr->it.mmtimer.expires - rtc_time())* sgi_clock_period); - return; + cur_setting->it_interval = ns_to_timespec(timr->it.mmtimer.incr * sgi_clock_period); + cur_setting->it_value = ns_to_timespec((timr->it.mmtimer.expires - rtc_time()) * sgi_clock_period); } @@ -568,8 +566,8 @@ static int sgi_timer_set(struct k_itimer *timr, int flags, sgi_timer_get(timr, old_setting); sgi_timer_del(timr); - when = timespec_to_ns(new_setting->it_value); - period = timespec_to_ns(new_setting->it_interval); + when = timespec_to_ns(&new_setting->it_value); + period = timespec_to_ns(&new_setting->it_interval); if (when == 0) /* Clear timer */ @@ -580,7 +578,7 @@ static int sgi_timer_set(struct k_itimer *timr, int flags, unsigned long now; getnstimeofday(&n); - now = timespec_to_ns(n); + now = timespec_to_ns(&n); if (when > now) when -= now; else diff --git a/include/asm-x86/div64.h b/include/asm-x86/div64.h index 370bc55..50498bb 100644 --- a/include/asm-x86/div64.h +++ b/include/asm-x86/div64.h @@ -31,25 +31,6 @@ __mod; \ }) -/* - * (long)X = ((long long)divs) / (long)div - * (long)rem = ((long long)divs) % (long)div - * - * Warning, this will do an exception if X overflows. - */ -#define div_long_long_rem(a,b,c) div_ll_X_l_rem(a,b,c) - -static inline long -div_ll_X_l_rem(long long divs, long div, long *rem) -{ - long dum2; - __asm__("divl %2":"=a"(dum2), "=d"(*rem) - : "rm"(div), "A"(divs)); - - return dum2; - -} - static inline u64 div_u64_rem(u64 dividend, u32 divisor, u32 *remainder) { union { diff --git a/include/linux/calc64.h b/include/linux/calc64.h deleted file mode 100644 index ebf4b8f..0000000 --- a/include/linux/calc64.h +++ /dev/null @@ -1,49 +0,0 @@ -#ifndef _LINUX_CALC64_H -#define _LINUX_CALC64_H - -#include -#include - -/* - * This is a generic macro which is used when the architecture - * specific div64.h does not provide a optimized one. - * - * The 64bit dividend is divided by the divisor (data type long), the - * result is returned and the remainder stored in the variable - * referenced by remainder (data type long *). In contrast to the - * do_div macro the dividend is kept intact. - */ -#ifndef div_long_long_rem -#define div_long_long_rem(dividend, divisor, remainder) \ - do_div_llr((dividend), divisor, remainder) - -static inline unsigned long do_div_llr(const long long dividend, - const long divisor, long *remainder) -{ - u64 result = dividend; - - *(remainder) = do_div(result, divisor); - return (unsigned long) result; -} -#endif - -/* - * Sign aware variation of the above. On some architectures a - * negative dividend leads to an divide overflow exception, which - * is avoided by the sign check. - */ -static inline long div_long_long_rem_signed(const long long dividend, - const long divisor, long *remainder) -{ - long res; - - if (unlikely(dividend < 0)) { - res = -div_long_long_rem(-dividend, divisor, remainder); - *remainder = -(*remainder); - } else - res = div_long_long_rem(dividend, divisor, remainder); - - return res; -} - -#endif diff --git a/include/linux/jiffies.h b/include/linux/jiffies.h index 8b08002..629143c 100644 --- a/include/linux/jiffies.h +++ b/include/linux/jiffies.h @@ -1,7 +1,7 @@ #ifndef _LINUX_JIFFIES_H #define _LINUX_JIFFIES_H -#include +#include #include #include #include diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c index 68c9637..96300f2 100644 --- a/kernel/posix-cpu-timers.c +++ b/kernel/posix-cpu-timers.c @@ -4,8 +4,9 @@ #include #include -#include #include +#include +#include static int check_clock(const clockid_t which_clock) { @@ -47,12 +48,10 @@ static void sample_to_timespec(const clockid_t which_clock, union cpu_time_count cpu, struct timespec *tp) { - if (CPUCLOCK_WHICH(which_clock) == CPUCLOCK_SCHED) { - tp->tv_sec = div_long_long_rem(cpu.sched, - NSEC_PER_SEC, &tp->tv_nsec); - } else { + if (CPUCLOCK_WHICH(which_clock) == CPUCLOCK_SCHED) + *tp = ns_to_timespec(cpu.sched); + else cputime_to_timespec(cpu.cpu, tp); - } } static inline int cpu_time_before(const clockid_t which_clock, diff --git a/kernel/time.c b/kernel/time.c index 09d3c45..f5bb259 100644 --- a/kernel/time.c +++ b/kernel/time.c @@ -377,13 +377,17 @@ void set_normalized_timespec(struct timespec *ts, time_t sec, long nsec) struct timespec ns_to_timespec(const s64 nsec) { struct timespec ts; + s32 rem; if (!nsec) return (struct timespec) {0, 0}; - ts.tv_sec = div_long_long_rem_signed(nsec, NSEC_PER_SEC, &ts.tv_nsec); - if (unlikely(nsec < 0)) - set_normalized_timespec(&ts, ts.tv_sec, ts.tv_nsec); + ts.tv_sec = div_s64_rem(nsec, NSEC_PER_SEC, &rem); + if (unlikely(rem < 0)) { + ts.tv_sec--; + rem += NSEC_PER_SEC; + } + ts.tv_nsec = rem; return ts; } @@ -511,8 +515,10 @@ jiffies_to_timespec(const unsigned long jiffies, struct timespec *value) * Convert jiffies to nanoseconds and separate with * one divide. */ - u64 nsec = (u64)jiffies * TICK_NSEC; - value->tv_sec = div_long_long_rem(nsec, NSEC_PER_SEC, &value->tv_nsec); + u32 rem; + value->tv_sec = div_u64_rem((u64)jiffies * TICK_NSEC, + NSEC_PER_SEC, &rem); + value->tv_nsec = rem; } EXPORT_SYMBOL(jiffies_to_timespec); @@ -550,12 +556,11 @@ void jiffies_to_timeval(const unsigned long jiffies, struct timeval *value) * Convert jiffies to nanoseconds and separate with * one divide. */ - u64 nsec = (u64)jiffies * TICK_NSEC; - long tv_usec; + u32 rem; - value->tv_sec = div_long_long_rem(nsec, NSEC_PER_SEC, &tv_usec); - tv_usec /= NSEC_PER_USEC; - value->tv_usec = tv_usec; + value->tv_sec = div_u64_rem((u64)jiffies * TICK_NSEC, + NSEC_PER_SEC, &rem); + value->tv_usec = rem / NSEC_PER_USEC; } EXPORT_SYMBOL(jiffies_to_timeval); diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c index e64efaf..9c66fc2 100644 --- a/kernel/time/ntp.c +++ b/kernel/time/ntp.c @@ -239,7 +239,7 @@ static inline void notify_cmos_timer(void) { } */ int do_adjtimex(struct timex *txc) { - long mtemp, save_adjust, rem; + long mtemp, save_adjust; s64 freq_adj, temp64; int result; @@ -359,9 +359,7 @@ int do_adjtimex(struct timex *txc) freq_adj += time_freq; freq_adj = min(freq_adj, (s64)MAXFREQ_NSEC); time_freq = max(freq_adj, (s64)-MAXFREQ_NSEC); - time_offset = div_long_long_rem_signed(time_offset, - NTP_INTERVAL_FREQ, - &rem); + time_offset = div_s64(time_offset, NTP_INTERVAL_FREQ); time_offset <<= SHIFT_UPDATE; } /* STA_PLL */ } /* txc->modes & ADJ_OFFSET */ diff --git a/mm/slub.c b/mm/slub.c index c432f68..2c23456 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -21,6 +21,7 @@ #include #include #include +#include /* * Lock order: @@ -3432,12 +3433,10 @@ static int list_locations(struct kmem_cache *s, char *buf, n += sprintf(buf + n, ""); if (l->sum_time != l->min_time) { - unsigned long remainder; - n += sprintf(buf + n, " age=%ld/%ld/%ld", - l->min_time, - div_long_long_rem(l->sum_time, l->count, &remainder), - l->max_time); + l->min_time, + (long)div_u64(l->sum_time, l->count), + l->max_time); } else n += sprintf(buf + n, " age=%ld", l->min_time);