These are updates to devidce drivers and file systems that for some reason or another were not included in the kernel in the previous y2038 series.
I've gone through all users of time_t again to make sure the kernel is in a long-term maintainable state.
Posting these as a series for better organization, but each change here is applicable standalone.
Please merge, review, ack/nack etc as you see fit. I will add these to my y2038 branch [1] for linux-next, but can keep rebasing for feedback and to remove any patches that get picked up by a maintainer.
Changes since v1 [2]:
- Add Acks I received - Rebase to v5.5-rc1, droping patches that got merged already - Add NFS, XFS and the final three patches from another series - Rewrite etnaviv patches
Arnd
[1] https://git.kernel.org/pub/scm/linux/kernel/git/arnd/playground.git/log/?h=y... [2] https://lore.kernel.org/lkml/20191108213257.3097633-1-arnd@arndb.de/
Arnd Bergmann (24): Input: input_event: fix struct padding on sparc64 fat: use prandom_u32() for i_generation dlm: use SO_SNDTIMEO_NEW instead of SO_SNDTIMEO_OLD xtensa: ISS: avoid struct timeval um: ubd: use 64-bit time_t where possible acct: stop using get_seconds() tsacct: add 64-bit btime field packet: clarify timestamp overflow quota: avoid time_t in v1_disk_dqblk definition hostfs: pass 64-bit timestamps to/from user space hfs/hfsplus: use 64-bit inode timestamps drm/msm: avoid using 'timespec' drm/etnaviv: reject timeouts with tv_nsec >= NSEC_PER_SEC drm/etnaviv: avoid deprecated timespec sunrpc: convert to time64_t for expiry nfs: use time64_t internally nfs: fix timstamp debug prints nfs: fscache: use timespec64 in inode auxdata xfs: rename compat_time_t to old_time32_t xfs: disallow broken ioctls without compat-32-bit-time xfs: quota: move to time64_t interfaces y2038: remove obsolete jiffies conversion functions y2038: rename itimerval to __kernel_old_itimerval y2038: sparc: remove use of struct timex
arch/sparc/kernel/sys_sparc_64.c | 29 +++++----- arch/um/drivers/cow.h | 2 +- arch/um/drivers/cow_user.c | 7 ++- arch/um/drivers/ubd_kern.c | 10 ++-- arch/um/include/shared/os.h | 2 +- arch/um/os-Linux/file.c | 2 +- .../platforms/iss/include/platform/simcall.h | 4 +- drivers/gpu/drm/etnaviv/etnaviv_drv.c | 20 ++++--- drivers/gpu/drm/etnaviv/etnaviv_drv.h | 11 ++-- drivers/gpu/drm/etnaviv/etnaviv_gem.c | 4 +- drivers/gpu/drm/etnaviv/etnaviv_gem.h | 2 +- drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 5 +- drivers/gpu/drm/etnaviv/etnaviv_gpu.h | 5 +- drivers/gpu/drm/msm/msm_drv.h | 3 +- drivers/input/evdev.c | 14 ++--- drivers/input/misc/uinput.c | 14 +++-- fs/dlm/lowcomms.c | 6 +- fs/fat/inode.c | 3 +- fs/hfs/hfs_fs.h | 28 +++++++-- fs/hfs/inode.c | 4 +- fs/hfsplus/hfsplus_fs.h | 28 +++++++-- fs/hfsplus/inode.c | 12 ++-- fs/hostfs/hostfs.h | 22 ++++--- fs/hostfs/hostfs_kern.c | 15 +++-- fs/nfs/fscache-index.c | 6 +- fs/nfs/fscache.c | 18 ++++-- fs/nfs/fscache.h | 8 ++- fs/nfs/nfs4xdr.c | 10 ++-- fs/quota/quotaio_v1.h | 6 +- fs/xfs/xfs_dquot.c | 6 +- fs/xfs/xfs_ioctl.c | 26 +++++++++ fs/xfs/xfs_ioctl32.c | 2 +- fs/xfs/xfs_ioctl32.h | 2 +- fs/xfs/xfs_qm.h | 6 +- fs/xfs/xfs_quotaops.c | 6 +- fs/xfs/xfs_trans_dquot.c | 8 ++- include/linux/jiffies.h | 20 ------- include/linux/sunrpc/cache.h | 42 ++++++++------ include/linux/sunrpc/gss_api.h | 4 +- include/linux/sunrpc/gss_krb5.h | 2 +- include/linux/syscalls.h | 9 ++- include/uapi/linux/acct.h | 2 + include/uapi/linux/input.h | 1 + include/uapi/linux/taskstats.h | 6 +- include/uapi/linux/time_types.h | 5 ++ include/uapi/linux/timex.h | 2 + kernel/acct.c | 4 +- kernel/time/itimer.c | 18 +++--- kernel/time/time.c | 58 ++----------------- kernel/tsacct.c | 9 ++- net/packet/af_packet.c | 27 +++++---- net/sunrpc/auth_gss/gss_krb5_mech.c | 12 +++- net/sunrpc/auth_gss/gss_krb5_seal.c | 8 +-- net/sunrpc/auth_gss/gss_krb5_unseal.c | 6 +- net/sunrpc/auth_gss/gss_krb5_wrap.c | 16 ++--- net/sunrpc/auth_gss/gss_mech_switch.c | 2 +- net/sunrpc/auth_gss/svcauth_gss.c | 6 +- net/sunrpc/cache.c | 16 ++--- net/sunrpc/svcauth_unix.c | 10 ++-- 59 files changed, 351 insertions(+), 290 deletions(-)
The timespec structure and associated interfaces are deprecated and will be removed in the future because of the y2038 overflow.
The use of ktime_to_timespec() in timeout_to_jiffies() does not suffer from that overflow, but is easy to avoid by just converting the ktime_t into jiffies directly.
Reviewed-by: Jordan Crouse jcrouse@codeaurora.org Signed-off-by: Arnd Bergmann arnd@arndb.de --- drivers/gpu/drm/msm/msm_drv.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/msm/msm_drv.h b/drivers/gpu/drm/msm/msm_drv.h index 71547e756e29..740bf7c70d8f 100644 --- a/drivers/gpu/drm/msm/msm_drv.h +++ b/drivers/gpu/drm/msm/msm_drv.h @@ -454,8 +454,7 @@ static inline unsigned long timeout_to_jiffies(const ktime_t *timeout) remaining_jiffies = 0; } else { ktime_t rem = ktime_sub(*timeout, now); - struct timespec ts = ktime_to_timespec(rem); - remaining_jiffies = timespec_to_jiffies(&ts); + remaining_jiffies = ktime_divns(rem, NSEC_PER_SEC / HZ); }
return remaining_jiffies;
Most kernel interfaces that take a timespec require normalized representation with tv_nsec between 0 and NSEC_PER_SEC.
Passing values larger than 0x100000000ull further behaves differently on 32-bit and 64-bit kernels, and can cause the latter to spend a long time counting seconds in timespec64_sub()/set_normalized_timespec64().
Reject those large values at the user interface to enforce sane and portable behavior.
Signed-off-by: Arnd Bergmann arnd@arndb.de --- drivers/gpu/drm/etnaviv/etnaviv_drv.c | 9 +++++++++ 1 file changed, 9 insertions(+)
diff --git a/drivers/gpu/drm/etnaviv/etnaviv_drv.c b/drivers/gpu/drm/etnaviv/etnaviv_drv.c index 1f9c01be40d7..95d72dc00280 100644 --- a/drivers/gpu/drm/etnaviv/etnaviv_drv.c +++ b/drivers/gpu/drm/etnaviv/etnaviv_drv.c @@ -297,6 +297,9 @@ static int etnaviv_ioctl_gem_cpu_prep(struct drm_device *dev, void *data, if (args->op & ~(ETNA_PREP_READ | ETNA_PREP_WRITE | ETNA_PREP_NOSYNC)) return -EINVAL;
+ if (args->timeout.tv_nsec > NSEC_PER_SEC) + return -EINVAL; + obj = drm_gem_object_lookup(file, args->handle); if (!obj) return -ENOENT; @@ -360,6 +363,9 @@ static int etnaviv_ioctl_wait_fence(struct drm_device *dev, void *data, if (args->flags & ~(ETNA_WAIT_NONBLOCK)) return -EINVAL;
+ if (args->timeout.tv_nsec > NSEC_PER_SEC) + return -EINVAL; + if (args->pipe >= ETNA_MAX_PIPES) return -EINVAL;
@@ -411,6 +417,9 @@ static int etnaviv_ioctl_gem_wait(struct drm_device *dev, void *data, if (args->flags & ~(ETNA_WAIT_NONBLOCK)) return -EINVAL;
+ if (args->timeout.tv_nsec > NSEC_PER_SEC) + return -EINVAL; + if (args->pipe >= ETNA_MAX_PIPES) return -EINVAL;
On Fri, 2019-12-13 at 21:53 +0100, Arnd Bergmann wrote:
Most kernel interfaces that take a timespec require normalized representation with tv_nsec between 0 and NSEC_PER_SEC.
Passing values larger than 0x100000000ull further behaves differently on 32-bit and 64-bit kernels, and can cause the latter to spend a long time counting seconds in timespec64_sub()/set_normalized_timespec64().
Reject those large values at the user interface to enforce sane and portable behavior.
Signed-off-by: Arnd Bergmann arnd@arndb.de
drivers/gpu/drm/etnaviv/etnaviv_drv.c | 9 +++++++++ 1 file changed, 9 insertions(+)
diff --git a/drivers/gpu/drm/etnaviv/etnaviv_drv.c b/drivers/gpu/drm/etnaviv/etnaviv_drv.c index 1f9c01be40d7..95d72dc00280 100644 --- a/drivers/gpu/drm/etnaviv/etnaviv_drv.c +++ b/drivers/gpu/drm/etnaviv/etnaviv_drv.c @@ -297,6 +297,9 @@ static int etnaviv_ioctl_gem_cpu_prep(struct drm_device *dev, void *data, if (args->op & ~(ETNA_PREP_READ | ETNA_PREP_WRITE | ETNA_PREP_NOSYNC)) return -EINVAL;
- if (args->timeout.tv_nsec > NSEC_PER_SEC)
[...]
There's an off-by-one error between the subject line and the actual changes. The subject line seems to have the correct comparison.
Ben.
Hi, On Fri, Dec 13, 2019 at 09:53:41PM +0100, Arnd Bergmann wrote:
Most kernel interfaces that take a timespec require normalized representation with tv_nsec between 0 and NSEC_PER_SEC.
Passing values larger than 0x100000000ull further behaves differently on 32-bit and 64-bit kernels, and can cause the latter to spend a long time counting seconds in timespec64_sub()/set_normalized_timespec64().
Reject those large values at the user interface to enforce sane and portable behavior.
Signed-off-by: Arnd Bergmann arnd@arndb.de
drivers/gpu/drm/etnaviv/etnaviv_drv.c | 9 +++++++++ 1 file changed, 9 insertions(+)
diff --git a/drivers/gpu/drm/etnaviv/etnaviv_drv.c b/drivers/gpu/drm/etnaviv/etnaviv_drv.c index 1f9c01be40d7..95d72dc00280 100644 --- a/drivers/gpu/drm/etnaviv/etnaviv_drv.c +++ b/drivers/gpu/drm/etnaviv/etnaviv_drv.c @@ -297,6 +297,9 @@ static int etnaviv_ioctl_gem_cpu_prep(struct drm_device *dev, void *data, if (args->op & ~(ETNA_PREP_READ | ETNA_PREP_WRITE | ETNA_PREP_NOSYNC)) return -EINVAL;
- if (args->timeout.tv_nsec > NSEC_PER_SEC)
return -EINVAL;- obj = drm_gem_object_lookup(file, args->handle); if (!obj) return -ENOENT;
@@ -360,6 +363,9 @@ static int etnaviv_ioctl_wait_fence(struct drm_device *dev, void *data, if (args->flags & ~(ETNA_WAIT_NONBLOCK)) return -EINVAL;
- if (args->timeout.tv_nsec > NSEC_PER_SEC)
return -EINVAL;- if (args->pipe >= ETNA_MAX_PIPES) return -EINVAL;
@@ -411,6 +417,9 @@ static int etnaviv_ioctl_gem_wait(struct drm_device *dev, void *data, if (args->flags & ~(ETNA_WAIT_NONBLOCK)) return -EINVAL;
- if (args->timeout.tv_nsec > NSEC_PER_SEC)
return -EINVAL;- if (args->pipe >= ETNA_MAX_PIPES) return -EINVAL;
This breaks rendering here on arm64/gc7000 due to
ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_PREP or DRM_IOCTL_MSM_GEM_CPU_PREP, 0xfffff7888680) = -1 EINVAL (Invalid argument) ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_FINI or DRM_IOCTL_QXL_CLIENTCAP, 0xfffff78885e0) = 0 ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_PREP or DRM_IOCTL_MSM_GEM_CPU_PREP, 0xfffff7888680) = -1 EINVAL (Invalid argument) ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_FINI or DRM_IOCTL_QXL_CLIENTCAP, 0xfffff78885e0) = 0 ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_PREP or DRM_IOCTL_MSM_GEM_CPU_PREP, 0xfffff7888680) = -1 EINVAL (Invalid argument) ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_FINI or DRM_IOCTL_QXL_CLIENTCAP, 0xfffff78885e0) = 0
This is due to
get_abs_timeout(&req.timeout, 5000000000);
in etna_bo_cpu_prep which can exceed NSEC_PER_SEC.
Should i send a patch to revert that change since it breaks existing userspace?
Cheers, -- Guido
-- 2.20.0
etnaviv mailing list etnaviv@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/etnaviv
On Fr, 2020-01-17 at 16:47 +0100, Guido Günther wrote:
Hi, On Fri, Dec 13, 2019 at 09:53:41PM +0100, Arnd Bergmann wrote:
Most kernel interfaces that take a timespec require normalized representation with tv_nsec between 0 and NSEC_PER_SEC.
Passing values larger than 0x100000000ull further behaves differently on 32-bit and 64-bit kernels, and can cause the latter to spend a long time counting seconds in timespec64_sub()/set_normalized_timespec64().
Reject those large values at the user interface to enforce sane and portable behavior.
Signed-off-by: Arnd Bergmann arnd@arndb.de
drivers/gpu/drm/etnaviv/etnaviv_drv.c | 9 +++++++++ 1 file changed, 9 insertions(+)
diff --git a/drivers/gpu/drm/etnaviv/etnaviv_drv.c b/drivers/gpu/drm/etnaviv/etnaviv_drv.c index 1f9c01be40d7..95d72dc00280 100644 --- a/drivers/gpu/drm/etnaviv/etnaviv_drv.c +++ b/drivers/gpu/drm/etnaviv/etnaviv_drv.c @@ -297,6 +297,9 @@ static int etnaviv_ioctl_gem_cpu_prep(struct drm_device *dev, void *data, if (args->op & ~(ETNA_PREP_READ | ETNA_PREP_WRITE | ETNA_PREP_NOSYNC)) return -EINVAL;
- if (args->timeout.tv_nsec > NSEC_PER_SEC)
return -EINVAL;- obj = drm_gem_object_lookup(file, args->handle); if (!obj) return -ENOENT;
@@ -360,6 +363,9 @@ static int etnaviv_ioctl_wait_fence(struct drm_device *dev, void *data, if (args->flags & ~(ETNA_WAIT_NONBLOCK)) return -EINVAL;
- if (args->timeout.tv_nsec > NSEC_PER_SEC)
return -EINVAL;- if (args->pipe >= ETNA_MAX_PIPES) return -EINVAL;
@@ -411,6 +417,9 @@ static int etnaviv_ioctl_gem_wait(struct drm_device *dev, void *data, if (args->flags & ~(ETNA_WAIT_NONBLOCK)) return -EINVAL;
- if (args->timeout.tv_nsec > NSEC_PER_SEC)
return -EINVAL;- if (args->pipe >= ETNA_MAX_PIPES) return -EINVAL;
This breaks rendering here on arm64/gc7000 due to
ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_PREP or DRM_IOCTL_MSM_GEM_CPU_PREP, 0xfffff7888680) = -1 EINVAL (Invalid argument) ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_FINI or DRM_IOCTL_QXL_CLIENTCAP, 0xfffff78885e0) = 0 ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_PREP or DRM_IOCTL_MSM_GEM_CPU_PREP, 0xfffff7888680) = -1 EINVAL (Invalid argument) ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_FINI or DRM_IOCTL_QXL_CLIENTCAP, 0xfffff78885e0) = 0 ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_PREP or DRM_IOCTL_MSM_GEM_CPU_PREP, 0xfffff7888680) = -1 EINVAL (Invalid argument) ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_FINI or DRM_IOCTL_QXL_CLIENTCAP, 0xfffff78885e0) = 0
This is due to
get_abs_timeout(&req.timeout, 5000000000);in etna_bo_cpu_prep which can exceed NSEC_PER_SEC.
Should i send a patch to revert that change since it breaks existing userspace?
No need to revert. This patch has not been applied to the etnaviv tree yet, I guess it's just in one of Arnds branches feeding into -next.
That part of userspace is pretty dumb, as it misses to renormalize tv_nsec when it overflows the second boundary. So if what I see is correct it should be enough to allow 2 * NSEC_PER_SEC, which should both reject broken large timeout and keep existing userspace working.
Regards, Lucas
On Mon, Jan 20, 2020 at 6:48 PM Lucas Stach l.stach@pengutronix.de wrote:
On Fr, 2020-01-17 at 16:47 +0100, Guido Günther wrote:
This breaks rendering here on arm64/gc7000 due to
ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_PREP or DRM_IOCTL_MSM_GEM_CPU_PREP, 0xfffff7888680) = -1 EINVAL (Invalid argument) ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_FINI or DRM_IOCTL_QXL_CLIENTCAP, 0xfffff78885e0) = 0 ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_PREP or DRM_IOCTL_MSM_GEM_CPU_PREP, 0xfffff7888680) = -1 EINVAL (Invalid argument) ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_FINI or DRM_IOCTL_QXL_CLIENTCAP, 0xfffff78885e0) = 0 ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_PREP or DRM_IOCTL_MSM_GEM_CPU_PREP, 0xfffff7888680) = -1 EINVAL (Invalid argument) ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_FINI or DRM_IOCTL_QXL_CLIENTCAP, 0xfffff78885e0) = 0
This is due to
get_abs_timeout(&req.timeout, 5000000000);in etna_bo_cpu_prep which can exceed NSEC_PER_SEC.
Should i send a patch to revert that change since it breaks existing userspace?
No need to revert. This patch has not been applied to the etnaviv tree yet, I guess it's just in one of Arnds branches feeding into -next.
That part of userspace is pretty dumb, as it misses to renormalize tv_nsec when it overflows the second boundary. So if what I see is correct it should be enough to allow 2 * NSEC_PER_SEC, which should both reject broken large timeout and keep existing userspace working.
Ah, so it's never more than 2 billion nanoseconds in known user space? I can definitely change my patch (actually add one on top) to allow that and handle it as before, or alternatively accept any 64-bit nanosecond value as arm64 already did, but make it less inefficient to handle.
Arnd
On Mo, 2020-01-20 at 19:47 +0100, Arnd Bergmann wrote:
On Mon, Jan 20, 2020 at 6:48 PM Lucas Stach l.stach@pengutronix.de wrote:
On Fr, 2020-01-17 at 16:47 +0100, Guido Günther wrote:
This breaks rendering here on arm64/gc7000 due to
ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_PREP or DRM_IOCTL_MSM_GEM_CPU_PREP, 0xfffff7888680) = -1 EINVAL (Invalid argument) ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_FINI or DRM_IOCTL_QXL_CLIENTCAP, 0xfffff78885e0) = 0 ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_PREP or DRM_IOCTL_MSM_GEM_CPU_PREP, 0xfffff7888680) = -1 EINVAL (Invalid argument) ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_FINI or DRM_IOCTL_QXL_CLIENTCAP, 0xfffff78885e0) = 0 ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_PREP or DRM_IOCTL_MSM_GEM_CPU_PREP, 0xfffff7888680) = -1 EINVAL (Invalid argument) ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_FINI or DRM_IOCTL_QXL_CLIENTCAP, 0xfffff78885e0) = 0
This is due to
get_abs_timeout(&req.timeout, 5000000000);in etna_bo_cpu_prep which can exceed NSEC_PER_SEC.
Should i send a patch to revert that change since it breaks existing userspace?
No need to revert. This patch has not been applied to the etnaviv tree yet, I guess it's just in one of Arnds branches feeding into -next.
That part of userspace is pretty dumb, as it misses to renormalize tv_nsec when it overflows the second boundary. So if what I see is correct it should be enough to allow 2 * NSEC_PER_SEC, which should both reject broken large timeout and keep existing userspace working.
Ah, so it's never more than 2 billion nanoseconds in known user space? I can definitely change my patch (actually add one on top) to allow that and handle it as before, or alternatively accept any 64-bit nanosecond value as arm64 already did, but make it less inefficient to handle.
So the broken userspace code looks like this:
static inline void get_abs_timeout(struct drm_etnaviv_timespec *tv, uint64_t ns) { struct timespec t; uint32_t s = ns / 1000000000; clock_gettime(CLOCK_MONOTONIC, &t); tv->tv_sec = t.tv_sec + s; tv->tv_nsec = t.tv_nsec + ns - (s * 1000000000); }
Which means it _tries_ to do the right thing by putting the billion part into the tv_sec member and only the remaining ns part is added to tv_nsec, but then it fails to propagate a tv_nsec overflow over NSEC_PER_SEC into tv_sec.
Which means the tv_nsec should never be more than 2 * NSEC_PER_SEC in known userspace. I would prefer if we could make the interface as strict as possible (i.e. no arbitrary large numbers in tv_nsec), while keeping this specific corner case working.
Regards, Lucas
On Tue, Jan 21, 2020 at 11:22 AM Lucas Stach l.stach@pengutronix.de wrote:
On Mo, 2020-01-20 at 19:47 +0100, Arnd Bergmann wrote:
On Mon, Jan 20, 2020 at 6:48 PM Lucas Stach l.stach@pengutronix.de wrote:
On Fr, 2020-01-17 at 16:47 +0100, Guido Günther wrote:
This breaks rendering here on arm64/gc7000 due to
ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_PREP or DRM_IOCTL_MSM_GEM_CPU_PREP, 0xfffff7888680) = -1 EINVAL (Invalid argument) ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_FINI or DRM_IOCTL_QXL_CLIENTCAP, 0xfffff78885e0) = 0 ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_PREP or DRM_IOCTL_MSM_GEM_CPU_PREP, 0xfffff7888680) = -1 EINVAL (Invalid argument) ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_FINI or DRM_IOCTL_QXL_CLIENTCAP, 0xfffff78885e0) = 0 ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_PREP or DRM_IOCTL_MSM_GEM_CPU_PREP, 0xfffff7888680) = -1 EINVAL (Invalid argument) ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_FINI or DRM_IOCTL_QXL_CLIENTCAP, 0xfffff78885e0) = 0
This is due to
get_abs_timeout(&req.timeout, 5000000000);in etna_bo_cpu_prep which can exceed NSEC_PER_SEC.
Should i send a patch to revert that change since it breaks existing userspace?
No need to revert. This patch has not been applied to the etnaviv tree yet, I guess it's just in one of Arnds branches feeding into -next.
That part of userspace is pretty dumb, as it misses to renormalize tv_nsec when it overflows the second boundary. So if what I see is correct it should be enough to allow 2 * NSEC_PER_SEC, which should both reject broken large timeout and keep existing userspace working.
Ah, so it's never more than 2 billion nanoseconds in known user space? I can definitely change my patch (actually add one on top) to allow that and handle it as before, or alternatively accept any 64-bit nanosecond value as arm64 already did, but make it less inefficient to handle.
So the broken userspace code looks like this:
static inline void get_abs_timeout(struct drm_etnaviv_timespec *tv, uint64_t ns) { struct timespec t; uint32_t s = ns / 1000000000; clock_gettime(CLOCK_MONOTONIC, &t); tv->tv_sec = t.tv_sec + s; tv->tv_nsec = t.tv_nsec + ns - (s * 1000000000); }
Which means it _tries_ to do the right thing by putting the billion part into the tv_sec member and only the remaining ns part is added to tv_nsec, but then it fails to propagate a tv_nsec overflow over NSEC_PER_SEC into tv_sec.
Which means the tv_nsec should never be more than 2 * NSEC_PER_SEC in known userspace. I would prefer if we could make the interface as strict as possible (i.e. no arbitrary large numbers in tv_nsec), while keeping this specific corner case working.
I've added a patch on top of my 2038 branch, please have a look at that.
Arnd
struct timespec is being removed from the kernel because it often leads to code that is not y2038-safe.
In the etnaviv driver, monotonic timestamps are used, which do not suffer from overflow, but the usage of timespec here gets in the way of removing the interface completely.
Pass down the user-supplied 64-bit value here rather than converting it to an intermediate timespec to avoid the conversion.
The conversion is transparent for all regular CLOCK_MONOTONIC values, but is a small change in behavior for excessively large values: the existing code would treat e.g. tv_sec=0x100000000 the same as tv_sec=0 and not block, while the new code it would block for up to 2^31 seconds. The new behavior is more logical here, but if it causes problems, the truncation can be put back.
Signed-off-by: Arnd Bergmann arnd@arndb.de --- drivers/gpu/drm/etnaviv/etnaviv_drv.c | 11 +++-------- drivers/gpu/drm/etnaviv/etnaviv_drv.h | 11 ++++++----- drivers/gpu/drm/etnaviv/etnaviv_gem.c | 4 ++-- drivers/gpu/drm/etnaviv/etnaviv_gem.h | 2 +- drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 5 +++-- drivers/gpu/drm/etnaviv/etnaviv_gpu.h | 5 +++-- 6 files changed, 18 insertions(+), 20 deletions(-)
diff --git a/drivers/gpu/drm/etnaviv/etnaviv_drv.c b/drivers/gpu/drm/etnaviv/etnaviv_drv.c index 95d72dc00280..3eb0f9223bea 100644 --- a/drivers/gpu/drm/etnaviv/etnaviv_drv.c +++ b/drivers/gpu/drm/etnaviv/etnaviv_drv.c @@ -282,11 +282,6 @@ static int etnaviv_ioctl_gem_new(struct drm_device *dev, void *data, args->flags, &args->handle); }
-#define TS(t) ((struct timespec){ \ - .tv_sec = (t).tv_sec, \ - .tv_nsec = (t).tv_nsec \ -}) - static int etnaviv_ioctl_gem_cpu_prep(struct drm_device *dev, void *data, struct drm_file *file) { @@ -304,7 +299,7 @@ static int etnaviv_ioctl_gem_cpu_prep(struct drm_device *dev, void *data, if (!obj) return -ENOENT;
- ret = etnaviv_gem_cpu_prep(obj, args->op, &TS(args->timeout)); + ret = etnaviv_gem_cpu_prep(obj, args->op, &args->timeout);
drm_gem_object_put_unlocked(obj);
@@ -357,7 +352,7 @@ static int etnaviv_ioctl_wait_fence(struct drm_device *dev, void *data, { struct drm_etnaviv_wait_fence *args = data; struct etnaviv_drm_private *priv = dev->dev_private; - struct timespec *timeout = &TS(args->timeout); + struct drm_etnaviv_timespec *timeout = &args->timeout; struct etnaviv_gpu *gpu;
if (args->flags & ~(ETNA_WAIT_NONBLOCK)) @@ -409,7 +404,7 @@ static int etnaviv_ioctl_gem_wait(struct drm_device *dev, void *data, { struct etnaviv_drm_private *priv = dev->dev_private; struct drm_etnaviv_gem_wait *args = data; - struct timespec *timeout = &TS(args->timeout); + struct drm_etnaviv_timespec *timeout = &args->timeout; struct drm_gem_object *obj; struct etnaviv_gpu *gpu; int ret; diff --git a/drivers/gpu/drm/etnaviv/etnaviv_drv.h b/drivers/gpu/drm/etnaviv/etnaviv_drv.h index 32cfa5a48d42..efc656efeb0f 100644 --- a/drivers/gpu/drm/etnaviv/etnaviv_drv.h +++ b/drivers/gpu/drm/etnaviv/etnaviv_drv.h @@ -61,7 +61,7 @@ int etnaviv_gem_prime_pin(struct drm_gem_object *obj); void etnaviv_gem_prime_unpin(struct drm_gem_object *obj); void *etnaviv_gem_vmap(struct drm_gem_object *obj); int etnaviv_gem_cpu_prep(struct drm_gem_object *obj, u32 op, - struct timespec *timeout); + struct drm_etnaviv_timespec *timeout); int etnaviv_gem_cpu_fini(struct drm_gem_object *obj); void etnaviv_gem_free_object(struct drm_gem_object *obj); int etnaviv_gem_new_handle(struct drm_device *dev, struct drm_file *file, @@ -107,11 +107,12 @@ static inline size_t size_vstruct(size_t nelem, size_t elem_size, size_t base) * between the specified timeout and the current CLOCK_MONOTONIC time. */ static inline unsigned long etnaviv_timeout_to_jiffies( - const struct timespec *timeout) + const struct drm_etnaviv_timespec *timeout) { - struct timespec64 ts, to; - - to = timespec_to_timespec64(*timeout); + struct timespec64 ts, to = { + .tv_sec = timeout->tv_sec, + .tv_nsec = timeout->tv_nsec, + };
ktime_get_ts64(&ts);
diff --git a/drivers/gpu/drm/etnaviv/etnaviv_gem.c b/drivers/gpu/drm/etnaviv/etnaviv_gem.c index cb1faaac380a..6adea180d629 100644 --- a/drivers/gpu/drm/etnaviv/etnaviv_gem.c +++ b/drivers/gpu/drm/etnaviv/etnaviv_gem.c @@ -373,7 +373,7 @@ static inline enum dma_data_direction etnaviv_op_to_dma_dir(u32 op) }
int etnaviv_gem_cpu_prep(struct drm_gem_object *obj, u32 op, - struct timespec *timeout) + struct drm_etnaviv_timespec *timeout) { struct etnaviv_gem_object *etnaviv_obj = to_etnaviv_bo(obj); struct drm_device *dev = obj->dev; @@ -431,7 +431,7 @@ int etnaviv_gem_cpu_fini(struct drm_gem_object *obj) }
int etnaviv_gem_wait_bo(struct etnaviv_gpu *gpu, struct drm_gem_object *obj, - struct timespec *timeout) + struct drm_etnaviv_timespec *timeout) { struct etnaviv_gem_object *etnaviv_obj = to_etnaviv_bo(obj);
diff --git a/drivers/gpu/drm/etnaviv/etnaviv_gem.h b/drivers/gpu/drm/etnaviv/etnaviv_gem.h index d6270acce619..6b68fe16041b 100644 --- a/drivers/gpu/drm/etnaviv/etnaviv_gem.h +++ b/drivers/gpu/drm/etnaviv/etnaviv_gem.h @@ -112,7 +112,7 @@ struct etnaviv_gem_submit { void etnaviv_submit_put(struct etnaviv_gem_submit * submit);
int etnaviv_gem_wait_bo(struct etnaviv_gpu *gpu, struct drm_gem_object *obj, - struct timespec *timeout); + struct drm_etnaviv_timespec *timeout); int etnaviv_gem_new_private(struct drm_device *dev, size_t size, u32 flags, const struct etnaviv_gem_ops *ops, struct etnaviv_gem_object **res); void etnaviv_gem_obj_add(struct drm_device *dev, struct drm_gem_object *obj); diff --git a/drivers/gpu/drm/etnaviv/etnaviv_gpu.c b/drivers/gpu/drm/etnaviv/etnaviv_gpu.c index d47d1a8e0219..799ec20b267d 100644 --- a/drivers/gpu/drm/etnaviv/etnaviv_gpu.c +++ b/drivers/gpu/drm/etnaviv/etnaviv_gpu.c @@ -1132,7 +1132,7 @@ static void event_free(struct etnaviv_gpu *gpu, unsigned int event) * Cmdstream submission/retirement: */ int etnaviv_gpu_wait_fence_interruptible(struct etnaviv_gpu *gpu, - u32 id, struct timespec *timeout) + u32 id, struct drm_etnaviv_timespec *timeout) { struct dma_fence *fence; int ret; @@ -1179,7 +1179,8 @@ int etnaviv_gpu_wait_fence_interruptible(struct etnaviv_gpu *gpu, * that lock in this function while waiting. */ int etnaviv_gpu_wait_obj_inactive(struct etnaviv_gpu *gpu, - struct etnaviv_gem_object *etnaviv_obj, struct timespec *timeout) + struct etnaviv_gem_object *etnaviv_obj, + struct drm_etnaviv_timespec *timeout) { unsigned long remaining; long ret; diff --git a/drivers/gpu/drm/etnaviv/etnaviv_gpu.h b/drivers/gpu/drm/etnaviv/etnaviv_gpu.h index 8f9bd4edc96a..97bb48042b4d 100644 --- a/drivers/gpu/drm/etnaviv/etnaviv_gpu.h +++ b/drivers/gpu/drm/etnaviv/etnaviv_gpu.h @@ -169,9 +169,10 @@ int etnaviv_gpu_debugfs(struct etnaviv_gpu *gpu, struct seq_file *m); void etnaviv_gpu_recover_hang(struct etnaviv_gpu *gpu); void etnaviv_gpu_retire(struct etnaviv_gpu *gpu); int etnaviv_gpu_wait_fence_interruptible(struct etnaviv_gpu *gpu, - u32 fence, struct timespec *timeout); + u32 fence, struct drm_etnaviv_timespec *timeout); int etnaviv_gpu_wait_obj_inactive(struct etnaviv_gpu *gpu, - struct etnaviv_gem_object *etnaviv_obj, struct timespec *timeout); + struct etnaviv_gem_object *etnaviv_obj, + struct drm_etnaviv_timespec *timeout); struct dma_fence *etnaviv_gpu_submit(struct etnaviv_gem_submit *submit); int etnaviv_gpu_pm_get_sync(struct etnaviv_gpu *gpu); void etnaviv_gpu_pm_put(struct etnaviv_gpu *gpu);
dri-devel@lists.freedesktop.org
-
Arnd Bergmann -
Ben Hutchings -
Guido Günther -
Lucas Stach