| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Aug 2012 01:52:04 -0700 From: tip-bot for John Stultz <john.stultz@...aro.org> To: linux-tip-commits@...r.kernel.org Cc: linux-kernel@...r.kernel.org, john.stultz@...aro.org, hpa@...or.com, mingo@...nel.org, schwab@...ux-m68k.org, tglx@...utronix.de, prarit@...hat.com Subject: [tip:timers/urgent] time: Avoid potential shift overflow with large shift values Commit-ID: 6ea565a9be32a3c8d1092017686f183b6d8c4514 Gitweb: http://git.kernel.org/tip/6ea565a9be32a3c8d1092017686f183b6d8c4514 Author: John Stultz <john.stultz@...aro.org> AuthorDate: Tue, 21 Aug 2012 20:30:48 -0400 Committer: Thomas Gleixner <tglx@...utronix.de> CommitDate: Wed, 22 Aug 2012 10:42:13 +0200 time: Avoid potential shift overflow with large shift values Andreas Schwab noticed that the 1 << tk->shift could overflow if the shift value was greater than 30, since 1 would be a 32bit long on 32bit architectures. This issue was introduced by 1e75fa8be (time: Condense timekeeper.xtime into xtime_sec) Use 1ULL instead to ensure we don't overflow on the shift. Reported-by: Andreas Schwab <schwab@...ux-m68k.org> Signed-off-by: John Stultz <john.stultz@...aro.org> Cc: Prarit Bhargava <prarit@...hat.com> Cc: Ingo Molnar <mingo@...nel.org> Link: http://lkml.kernel.org/r/1345595449-34965-4-git-send-email-john.stultz@linaro.org Signed-off-by: Thomas Gleixner <tglx@...utronix.de> --- kernel/time/timekeeping.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c index 1dbf80e..a5a9389 100644 --- a/kernel/time/timekeeping.c +++ b/kernel/time/timekeeping.c @@ -1184,9 +1184,9 @@ static void update_wall_time(void) * the vsyscall implementations are converted to use xtime_nsec * (shifted nanoseconds), this can be killed. */ - remainder = tk->xtime_nsec & ((1 << tk->shift) - 1); + remainder = tk->xtime_nsec & ((1ULL << tk->shift) - 1); tk->xtime_nsec -= remainder; - tk->xtime_nsec += 1 << tk->shift; + tk->xtime_nsec += 1ULL << tk->shift; tk->ntp_error += remainder << tk->ntp_error_shift; /* -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists