diff --git a/.gitignore b/.gitignore index f1ea4ca..8fb8667 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/xt_time-5.9.tar.xz +SOURCES/xt_time-4.18.0-240.el8.tar.xz diff --git a/.kmod-xt_time.metadata b/.kmod-xt_time.metadata index 4b7b0b6..696b1bc 100644 --- a/.kmod-xt_time.metadata +++ b/.kmod-xt_time.metadata @@ -1 +1 @@ -e59b35f0f53a18d5be6e207fb905548ffcd6d7cb SOURCES/xt_time-5.9.tar.xz +544fb35b57cc6b25ec4828db0cf6b39fbdd5a594 SOURCES/xt_time-4.18.0-240.el8.tar.xz diff --git a/SOURCES/0001-netfilter-xt_time-use-time64_t.patch b/SOURCES/0001-netfilter-xt_time-use-time64_t.patch new file mode 100644 index 0000000..d8df702 --- /dev/null +++ b/SOURCES/0001-netfilter-xt_time-use-time64_t.patch @@ -0,0 +1,114 @@ +From fcbad8293d52864d87d0b9f6035fd87a049d59d8 Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Fri, 8 Nov 2019 21:34:28 +0100 +Subject: [Backport fcbad8293d52] netfilter: xt_time: use time64_t + +The current xt_time driver suffers from the y2038 overflow on 32-bit +architectures, when the time of day calculations break. + +Also, on both 32-bit and 64-bit architectures, there is a problem with +info->date_start/stop, which is part of the user ABI and overflows in +in 2106. + +Fix the first issue by using time64_t and explicit calls to div_u64() +and div_u64_rem(), and document the seconds issue. + +The explicit 64-bit division is unfortunately slower on 32-bit +architectures, but doing it as unsigned lets us use the optimized +division-through-multiplication path in most configurations. This should +be fine, as the code already does not allow any negative time of day +values. + +Using u32 seconds values consistently would probably also work and +be a little more efficient, but that doesn't feel right as it would +propagate the y2106 overflow to more place rather than fewer. + +Signed-off-by: Arnd Bergmann +Signed-off-by: Pablo Neira Ayuso +--- + src/xt_time.c | 19 +++++++++++-------- + 1 file changed, 11 insertions(+), 8 deletions(-) + +diff --git a/src/xt_time.c b/src/xt_time.c +index 8dbb4d48f2ed5995dedaa8eb4f4b18a0ba91acb2..67cb984894153d5db895e104adacf51422926e34 100644 +--- a/src/xt_time.c ++++ b/src/xt_time.c +@@ -77,12 +77,12 @@ static inline bool is_leap(unsigned int y) + * This is done in three separate functions so that the most expensive + * calculations are done last, in case a "simple match" can be found earlier. + */ +-static inline unsigned int localtime_1(struct xtm *r, time_t time) ++static inline unsigned int localtime_1(struct xtm *r, time64_t time) + { + unsigned int v, w; + + /* Each day has 86400s, so finding the hour/minute is actually easy. */ +- v = time % SECONDS_PER_DAY; ++ div_u64_rem(time, SECONDS_PER_DAY, &v); + r->second = v % 60; + w = v / 60; + r->minute = w % 60; +@@ -90,13 +90,13 @@ static inline unsigned int localtime_1(struct xtm *r, time_t time) + return v; + } + +-static inline void localtime_2(struct xtm *r, time_t time) ++static inline void localtime_2(struct xtm *r, time64_t time) + { + /* + * Here comes the rest (weekday, monthday). First, divide the SSTE + * by seconds-per-day to get the number of _days_ since the epoch. + */ +- r->dse = time / 86400; ++ r->dse = div_u64(time, SECONDS_PER_DAY); + + /* + * 1970-01-01 (w=0) was a Thursday (4). +@@ -105,7 +105,7 @@ static inline void localtime_2(struct xtm *r, time_t time) + r->weekday = (4 + r->dse - 1) % 7 + 1; + } + +-static void localtime_3(struct xtm *r, time_t time) ++static void localtime_3(struct xtm *r, time64_t time) + { + unsigned int year, i, w = r->dse; + +@@ -160,7 +160,7 @@ time_mt(const struct sk_buff *skb, struct xt_action_param *par) + const struct xt_time_info *info = par->matchinfo; + unsigned int packet_time; + struct xtm current_time; +- s64 stamp; ++ time64_t stamp; + + /* + * We need real time here, but we can neither use skb->tstamp +@@ -173,14 +173,14 @@ time_mt(const struct sk_buff *skb, struct xt_action_param *par) + * 1. match before 13:00 + * 2. match after 13:00 + * +- * If you match against processing time (get_seconds) it ++ * If you match against processing time (ktime_get_real_seconds) it + * may happen that the same packet matches both rules if + * it arrived at the right moment before 13:00, so it would be + * better to check skb->tstamp and set it via __net_timestamp() + * if needed. This however breaks outgoing packets tx timestamp, + * and causes them to get delayed forever by fq packet scheduler. + */ +- stamp = get_seconds(); ++ stamp = ktime_get_real_seconds(); + + if (info->flags & XT_TIME_LOCAL_TZ) + /* Adjust for local timezone */ +@@ -193,6 +193,9 @@ time_mt(const struct sk_buff *skb, struct xt_action_param *par) + * - 'now' is in the weekday mask + * - 'now' is in the daytime range time_start..time_end + * (and by default, libxt_time will set these so as to match) ++ * ++ * note: info->date_start/stop are unsigned 32-bit values that ++ * can hold values beyond y2038, but not after y2106. + */ + + if (stamp < info->date_start || stamp > info->date_stop) +-- +2.31.1 + diff --git a/SPECS/kmod-xt_time.spec b/SPECS/kmod-xt_time.spec index b6739f1..ceaa6ea 100644 --- a/SPECS/kmod-xt_time.spec +++ b/SPECS/kmod-xt_time.spec @@ -1,6 +1,8 @@ %global pkg xt_time -%global kernel_version 4.18.0-305.7.1.el8_4 +%global driver_version 4.18.0-240.el8 + +%global kernel_version 4.18.0-348.el8 %global _use_internal_dependency_generator 0 %global __find_requires /usr/lib/rpm/redhat/find-requires @@ -18,14 +20,15 @@ Name: kmod-%{pkg} -Version: 5.9 -Release: 5%{?dist} +Version: 4.18.0.240 +Release: 1%{?dist} Summary: Time match support for Netfilter (xt_time) License: GPLv2 URL: https://www.kernel.org/ -Source0: %{pkg}-%{version}.tar.xz +Source0: %{pkg}-%{driver_version}.tar.xz +Patch1: 0001-netfilter-xt_time-use-time64_t.patch ExclusiveArch: x86_64 aarch64 @@ -63,7 +66,7 @@ departure time. %prep -%autosetup -p1 -n %{pkg}-%{version} +%autosetup -p1 -n %{pkg}-%{driver_version} %build @@ -125,5 +128,6 @@ fi %changelog -* Tue Sep 28 2021 Peter Georg - 5.9-5 -- Convert to kABI tracking kmod package (kernel >= 4.18.0-305.7.1.el8_4) +* Wed Jan 12 2022 Kmods SIG - 4.18.0.240-1 +- Switch to EL kernel source and versioning +- kABI tracking kmod package (kernel >= 4.18.0-348.el8)