lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 10 Apr 2013 16:12:48 -0700
From:	Guenter Roeck <linux@...ck-us.net>
To:	John Stultz <john.stultz@...aro.org>
Cc:	Prarit Bhargava <prarit@...hat.com>, linux-kernel@...r.kernel.org,
	Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [PATCH] hrtimer, add expiry time overflow check in
 hrtimer_interrupt

On Mon, Apr 08, 2013 at 01:19:23PM -0700, John Stultz wrote:
> On 04/08/2013 05:47 AM, Prarit Bhargava wrote:
> >2nd submit: I did quite a bit of testing with this patch and I don't see any
> >ill effects.  I've tested across several large and small x86 systems, and a
> >ppc system for good measure.
> >
> >P.
> >
> >----8<---
> >`
> >The settimeofday01 test in the LTP testsuite effectively does
> >
> >         gettimeofday(current time);
> >         settimeofday(Jan 1, 1970 + 100 seconds);
> >         settimeofday(current time);
> >
> >This test causes a stack trace to be displayed on the console during the
> >setting of timeofday to Jan 1, 1970 + 100 seconds:
> >
> >[  131.066751] ------------[ cut here ]------------
> >[  131.096448] WARNING: at kernel/time/clockevents.c:209 clockevents_program_event+0x135/0x140()
> >[  131.104935] Hardware name: Dinar
> >[  131.108150] Modules linked in: sg nfsv3 nfs_acl nfsv4 auth_rpcgss nfs dns_resolver fscache lockd sunrpc nf_conntrack_netbios_ns nf_conntrack_broadcast ipt_MASQUERADE ip6table_mangle ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 iptable_nat nf_nat_ipv4 nf_nat iptable_mangle ipt_REJECT nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables kvm_amd kvm sp5100_tco bnx2 i2c_piix4 crc32c_intel k10temp fam15h_power ghash_clmulni_intel amd64_edac_mod pcspkr serio_raw edac_mce_amd edac_core microcode xfs libcrc32c sr_mod sd_mod cdrom ata_generic crc_t10dif pata_acpi radeon i2c_algo_bit drm_kms_helper ttm drm ahci pata_atiixp libahci libata usb_storage i2c_core dm_mirror dm_region_hash dm_log dm_mod
> >[  131.176784] Pid: 0, comm: swapper/28 Not tainted 3.8.0+ #6
> >[  131.182248] Call Trace:
> >[  131.184684]  <IRQ>  [<ffffffff810612af>] warn_slowpath_common+0x7f/0xc0
> >[  131.191312]  [<ffffffff8106130a>] warn_slowpath_null+0x1a/0x20
> >[  131.197131]  [<ffffffff810b9fd5>] clockevents_program_event+0x135/0x140
> >[  131.203721]  [<ffffffff810bb584>] tick_program_event+0x24/0x30
> >[  131.209534]  [<ffffffff81089ab1>] hrtimer_interrupt+0x131/0x230
> >[  131.215437]  [<ffffffff814b9600>] ? cpufreq_p4_target+0x130/0x130
> >[  131.221509]  [<ffffffff81619119>] smp_apic_timer_interrupt+0x69/0x99
> >[  131.227839]  [<ffffffff8161805d>] apic_timer_interrupt+0x6d/0x80
> >[  131.233816]  <EOI>  [<ffffffff81099745>] ? sched_clock_cpu+0xc5/0x120
> >[  131.240267]  [<ffffffff814b9ff0>] ? cpuidle_wrap_enter+0x50/0xa0
> >[  131.246252]  [<ffffffff814b9fe9>] ? cpuidle_wrap_enter+0x49/0xa0
> >[  131.252238]  [<ffffffff814ba050>] cpuidle_enter_tk+0x10/0x20
> >[  131.257877]  [<ffffffff814b9c89>] cpuidle_idle_call+0xa9/0x260
> >[  131.263692]  [<ffffffff8101c42f>] cpu_idle+0xaf/0x120
> >[  131.268727]  [<ffffffff815f8971>] start_secondary+0x255/0x257
> >[  131.274449] ---[ end trace 1151a50552231615 ]---
> >
> >When we change the system time to a low value like this, the value of
> >timekeeper->offs_real will be a negative value.
> >
> >It seems that the WARN occurs because an hrtimer has been started in the time
> >between the releasing of the timekeeper lock and the IPI call (via a call to
> >on_each_cpu) in clock_was_set() in the do_settimeofday() code.  The end result
> >is that a REALTIME_CLOCK timer has been added with softexpires = expires =
> >KTIME_MAX.  The hrtimer_interrupt() fires/is called and the loop at
> >kernel/hrtimer.c:1289 is executed.  In this loop the code subtracts the
> >clock base's offset (which was set to timekeeper->offs_real in
> >do_settimeofday()) from the current hrtimer_cpu_base->expiry value (which
> >was KTIME_MAX):
> >
> >	KTIME_MAX - (a negative value) = overflow
> >
> >A simple check for an overflow can resolve this problem.  Using KTIME_MAX
> >instead of the overflow value will result in the hrtimer function being run,
> >and the reprogramming of the timer after that.
> >
> >Signed-off-by: Prarit Bhargava <prarit@...hat.com>
> >Cc: Thomas Gleixner <tglx@...utronix.de>
> >Cc: John Stultz <john.stultz@...aro.org>
> 
> Prarit: Should this be tagged for -stable?
> 
Please. I am hitting this problem with 3.8.6 on powerpc. The patch fixes it for
me.

Tested-by: Guenter Roeck <linux@...ck-us.net>

Guenter
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ