[musl] [RFC] removing SYS_clock_gettime & SYS_gettimeofday

[musl] [RFC] removing SYS_clock_gettime & SYS_gettimeofday

[Rich Felker]

[-- Attachment #1: Type: text/plain, Size: 316 bytes --]

I think I'd like to go ahead with this patch, discussed in a previous
thread. Does it look okay? Should I add any other syscalls that are
absolutely not valid to use anymore (as opposed to the ones with
optional timeouts, which I won't remove, because musl doesn't break
valid code to catch bugs) to the list?

Rich

[-- Attachment #2: 0001-remove-legacy-clock_gettime-and-gettimeofday-from-pu.patch --]
[-- Type: text/plain, Size: 9471 bytes --]

From 5a105f19b5aae79dd302899e634b6b18b3dcd0d6 Mon Sep 17 00:00:00 2001
From: Rich Felker <dalias@aerifal.cx>
Date: Thu, 30 Jan 2020 11:25:07 -0500
Subject: [PATCH] remove legacy clock_gettime and gettimeofday from public
 syscall.h

some nontrivial number of applications have historically performed
direct syscalls for these operations rather than using the public
functions. such usage is invalid now that time_t is 64-bit and these
syscalls no longer match the types they are used with, and it was
already harmful before (by suppressing use of vdso).

since syscall() has no type safety, incorrect usage of these syscalls
can't be caught at compile-time. so, without manually inspecting or
running additional tools to check sources, the risk of such errors
slipping through is high.

this patch renames the syscalls on 32-bit archs to clock_gettime32 and
gettimeofday_time32, so that applications using the original names
will fail to build without being fixed.

note that there are a number of other syscalls that may also be unsafe
to use directly after the time64 switchover, but (1) these are the
main two that seem to be in widespread use, and (2) most of the others
continue to have valid usage with a null timeval/timespec argument, as
the argument is an optional timeout or similar.
---
 arch/arm/bits/syscall.h.in        | 4 ++--
 arch/i386/bits/syscall.h.in       | 4 ++--
 arch/m68k/bits/syscall.h.in       | 4 ++--
 arch/microblaze/bits/syscall.h.in | 4 ++--
 arch/mips/bits/syscall.h.in       | 4 ++--
 arch/mipsn32/bits/syscall.h.in    | 4 ++--
 arch/or1k/bits/syscall.h.in       | 4 ++--
 arch/powerpc/bits/syscall.h.in    | 4 ++--
 arch/sh/bits/syscall.h.in         | 4 ++--
 src/internal/syscall.h            | 7 +++++++
 10 files changed, 25 insertions(+), 18 deletions(-)

diff --git a/arch/arm/bits/syscall.h.in b/arch/arm/bits/syscall.h.in
index 8ab5df1d..4d844e57 100644
--- a/arch/arm/bits/syscall.h.in
+++ b/arch/arm/bits/syscall.h.in
@@ -55,7 +55,7 @@
 #define __NR_sethostname	74
 #define __NR_setrlimit	75
 #define __NR_getrusage	77
-#define __NR_gettimeofday	78
+#define __NR_gettimeofday_time32	78
 #define __NR_settimeofday	79
 #define __NR_getgroups	80
 #define __NR_setgroups	81
@@ -216,7 +216,7 @@
 #define __NR_timer_getoverrun	260
 #define __NR_timer_delete	261
 #define __NR_clock_settime	262
-#define __NR_clock_gettime	263
+#define __NR_clock_gettime32	263
 #define __NR_clock_getres	264
 #define __NR_clock_nanosleep	265
 #define __NR_statfs64	266
diff --git a/arch/i386/bits/syscall.h.in b/arch/i386/bits/syscall.h.in
index bb841677..a96317c0 100644
--- a/arch/i386/bits/syscall.h.in
+++ b/arch/i386/bits/syscall.h.in
@@ -76,7 +76,7 @@
 #define __NR_setrlimit		 75
 #define __NR_getrlimit		 76   /* Back compatible 2Gig limited rlimit */
 #define __NR_getrusage		 77
-#define __NR_gettimeofday	 78
+#define __NR_gettimeofday_time32	 78
 #define __NR_settimeofday	 79
 #define __NR_getgroups		 80
 #define __NR_setgroups		 81
@@ -262,7 +262,7 @@
 #define __NR_timer_getoverrun	(__NR_timer_create+3)
 #define __NR_timer_delete	(__NR_timer_create+4)
 #define __NR_clock_settime	(__NR_timer_create+5)
-#define __NR_clock_gettime	(__NR_timer_create+6)
+#define __NR_clock_gettime32	(__NR_timer_create+6)
 #define __NR_clock_getres	(__NR_timer_create+7)
 #define __NR_clock_nanosleep	(__NR_timer_create+8)
 #define __NR_statfs64		268
diff --git a/arch/m68k/bits/syscall.h.in b/arch/m68k/bits/syscall.h.in
index e7f71a5d..e70d3472 100644
--- a/arch/m68k/bits/syscall.h.in
+++ b/arch/m68k/bits/syscall.h.in
@@ -67,7 +67,7 @@
 #define __NR_setrlimit		 75
 #define __NR_getrlimit		 76
 #define __NR_getrusage		 77
-#define __NR_gettimeofday	 78
+#define __NR_gettimeofday_time32	 78
 #define __NR_settimeofday	 79
 #define __NR_getgroups		 80
 #define __NR_setgroups		 81
@@ -240,7 +240,7 @@
 #define __NR_timer_getoverrun	257
 #define __NR_timer_delete	258
 #define __NR_clock_settime	259
-#define __NR_clock_gettime	260
+#define __NR_clock_gettime32	260
 #define __NR_clock_getres	261
 #define __NR_clock_nanosleep	262
 #define __NR_statfs64		263
diff --git a/arch/microblaze/bits/syscall.h.in b/arch/microblaze/bits/syscall.h.in
index afefb354..b23fe6ef 100644
--- a/arch/microblaze/bits/syscall.h.in
+++ b/arch/microblaze/bits/syscall.h.in
@@ -76,7 +76,7 @@
 #define __NR_setrlimit 75
 #define __NR_getrlimit 76
 #define __NR_getrusage 77
-#define __NR_gettimeofday 78
+#define __NR_gettimeofday_time32 78
 #define __NR_settimeofday 79
 #define __NR_getgroups 80
 #define __NR_setgroups 81
@@ -260,7 +260,7 @@
 #define __NR_timer_getoverrun 262
 #define __NR_timer_delete 263
 #define __NR_clock_settime 264
-#define __NR_clock_gettime 265
+#define __NR_clock_gettime32 265
 #define __NR_clock_getres 266
 #define __NR_clock_nanosleep 267
 #define __NR_statfs64 268
diff --git a/arch/mips/bits/syscall.h.in b/arch/mips/bits/syscall.h.in
index 7f9afaab..e3f2de31 100644
--- a/arch/mips/bits/syscall.h.in
+++ b/arch/mips/bits/syscall.h.in
@@ -76,7 +76,7 @@
 #define __NR_setrlimit               4075
 #define __NR_getrlimit               4076
 #define __NR_getrusage               4077
-#define __NR_gettimeofday            4078
+#define __NR_gettimeofday_time32            4078
 #define __NR_settimeofday            4079
 #define __NR_getgroups               4080
 #define __NR_setgroups               4081
@@ -261,7 +261,7 @@
 #define __NR_timer_getoverrun        4260
 #define __NR_timer_delete            4261
 #define __NR_clock_settime           4262
-#define __NR_clock_gettime           4263
+#define __NR_clock_gettime32           4263
 #define __NR_clock_getres            4264
 #define __NR_clock_nanosleep         4265
 #define __NR_tgkill                  4266
diff --git a/arch/mipsn32/bits/syscall.h.in b/arch/mipsn32/bits/syscall.h.in
index 134a4f81..d13fda12 100644
--- a/arch/mipsn32/bits/syscall.h.in
+++ b/arch/mipsn32/bits/syscall.h.in
@@ -92,7 +92,7 @@
 #define __NR_fchown			6091
 #define __NR_lchown			6092
 #define __NR_umask			6093
-#define __NR_gettimeofday		6094
+#define __NR_gettimeofday_time32		6094
 #define __NR_getrlimit			6095
 #define __NR_getrusage			6096
 #define __NR_sysinfo			6097
@@ -224,7 +224,7 @@
 #define __NR_timer_getoverrun		6223
 #define __NR_timer_delete		6224
 #define __NR_clock_settime		6225
-#define __NR_clock_gettime		6226
+#define __NR_clock_gettime32		6226
 #define __NR_clock_getres		6227
 #define __NR_clock_nanosleep		6228
 #define __NR_tgkill			6229
diff --git a/arch/or1k/bits/syscall.h.in b/arch/or1k/bits/syscall.h.in
index eaa1a935..82d94b29 100644
--- a/arch/or1k/bits/syscall.h.in
+++ b/arch/or1k/bits/syscall.h.in
@@ -112,7 +112,7 @@
 #define __NR_timer_settime 110
 #define __NR_timer_delete 111
 #define __NR_clock_settime 112
-#define __NR_clock_gettime 113
+#define __NR_clock_gettime32 113
 #define __NR_clock_getres 114
 #define __NR_clock_nanosleep 115
 #define __NR_syslog 116
@@ -168,7 +168,7 @@
 #define __NR_umask 166
 #define __NR_prctl 167
 #define __NR_getcpu 168
-#define __NR_gettimeofday 169
+#define __NR_gettimeofday_time32 169
 #define __NR_settimeofday 170
 #define __NR_adjtimex 171
 #define __NR_getpid 172
diff --git a/arch/powerpc/bits/syscall.h.in b/arch/powerpc/bits/syscall.h.in
index d8b6a247..14cf79c6 100644
--- a/arch/powerpc/bits/syscall.h.in
+++ b/arch/powerpc/bits/syscall.h.in
@@ -76,7 +76,7 @@
 #define __NR_setrlimit               75
 #define __NR_getrlimit               76
 #define __NR_getrusage               77
-#define __NR_gettimeofday            78
+#define __NR_gettimeofday_time32            78
 #define __NR_settimeofday            79
 #define __NR_getgroups               80
 #define __NR_setgroups               81
@@ -243,7 +243,7 @@
 #define __NR_timer_getoverrun       243
 #define __NR_timer_delete           244
 #define __NR_clock_settime          245
-#define __NR_clock_gettime          246
+#define __NR_clock_gettime32          246
 #define __NR_clock_getres           247
 #define __NR_clock_nanosleep        248
 #define __NR_swapcontext            249
diff --git a/arch/sh/bits/syscall.h.in b/arch/sh/bits/syscall.h.in
index 4e9ae2e0..5c24f4a6 100644
--- a/arch/sh/bits/syscall.h.in
+++ b/arch/sh/bits/syscall.h.in
@@ -67,7 +67,7 @@
 #define __NR_setrlimit              75
 #define __NR_getrlimit              76
 #define __NR_getrusage              77
-#define __NR_gettimeofday           78
+#define __NR_gettimeofday_time32           78
 #define __NR_settimeofday           79
 #define __NR_getgroups              80
 #define __NR_setgroups              81
@@ -236,7 +236,7 @@
 #define __NR_timer_getoverrun       262
 #define __NR_timer_delete           263
 #define __NR_clock_settime          264
-#define __NR_clock_gettime          265
+#define __NR_clock_gettime32          265
 #define __NR_clock_getres           266
 #define __NR_clock_nanosleep        267
 #define __NR_statfs64               268
diff --git a/src/internal/syscall.h b/src/internal/syscall.h
index d768fb64..0b61f34e 100644
--- a/src/internal/syscall.h
+++ b/src/internal/syscall.h
@@ -193,6 +193,13 @@ hidden long __syscall_ret(unsigned long),
 #define SYS_sendfile SYS_sendfile64
 #endif
 
+#ifndef SYS_clock_gettime
+#define SYS_clock_gettime SYS_clock_gettime32
+#endif
+
+#ifndef SYS_gettimeofday
+#define SYS_gettimeofday SYS_gettimeofday_time32
+#endif
 
 /* Ensure that the plain syscall names are defined even for "time64-only"
  * archs. These facilitate callers passing null time arguments, and make
-- 
2.21.0

Re: [musl] [RFC] removing SYS_clock_gettime & SYS_gettimeofday

[Florian Weimer]

* Rich Felker:

> I think I'd like to go ahead with this patch, discussed in a previous
> thread. Does it look okay? Should I add any other syscalls that are
> absolutely not valid to use anymore (as opposed to the ones with
> optional timeouts, which I won't remove, because musl doesn't break
> valid code to catch bugs) to the list?

I think this change needs to be reflected in the UAPI headers in some
way, too.

Thanks,
Florian

Re: [musl] [RFC] removing SYS_clock_gettime & SYS_gettimeofday

[Rich Felker]

On Thu, Jan 30, 2020 at 06:09:08PM +0100, Florian Weimer wrote:
> * Rich Felker:
> 
> > I think I'd like to go ahead with this patch, discussed in a previous
> > thread. Does it look okay? Should I add any other syscalls that are
> > absolutely not valid to use anymore (as opposed to the ones with
> > optional timeouts, which I won't remove, because musl doesn't break
> > valid code to catch bugs) to the list?
> 
> I think this change needs to be reflected in the UAPI headers in some
> way, too.

Can you clarify? Do you mean asm/unistd.h? musl does not use it to
provide sys/syscall.h. I suppose it's possible that some applications
are including asm/unistd.h rather than sys/syscall.h (is there a code
search that could check this for us?) but my experience has been that
they use the latter, and I don't think there's much we can do about
the former, at least not from our side.

Rich