[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <AM6PR01MB541637BD6F336B8FFB72AF80EEC69@AM6PR01MB5416.eurprd01.prod.exchangelabs.com>
Date: Wed, 25 Aug 2021 10:12:43 +0000
From: OPENSOURCE Lukas Hannen
<lukas.hannen@...nsource.tttech-industrial.com>
To: John Stultz <john.stultz@...aro.org>,
Thomas Gleixner <tglx@...utronix.de>,
"EMC: linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Subject: [PATCH] changed timespec64_to_ns to avoid underrun
This patch fixes a small oversight in timespec64_to_ns() that has
resulted in negative seconds being erroneously clamped to KTIME_MAX
due to a cast to unsigned long long (which expands to the 2's complement
of a negative long long, even if the architecture does not implement
negative numbers using 2's complement)
This is especially relevant in the PTP context, since the ptp_clock_info
struct (from include/linux/ptp_clock_kernel.h) specifies
int (*adjtime)(struct ptp_clock_info *ptp, s64 delta);
int (*gettime64)(struct ptp_clock_info *ptp, struct timespec64 *ts);
which is exactly the kind of timespec64 / nanoseconds mix in combination
with negative values ( ns adjust times ) that can easily lead to calling
timespec64_to_ns with a negative ts->tv_sec, which would in turn lead to
instability of the ptp clock.
Fixes: cb47755725da ("time: Prevent undefined behaviour in timespec64_to_ns()")'
Signed-off-by: Lukas Hannen <lukas.hannen@...nsource.tttech-industrial.com>
---
The Patch should apply cleanly to all the branches that the original
commit cb47755725da ("time: Prevent undefined behaviour in timespec64_to_ns()")'
was backported to.
include/linux/time64.h | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/include/linux/time64.h b/include/linux/time64.h
index 5117cb5b56561..81b9686a20799 100644
--- a/include/linux/time64.h
+++ b/include/linux/time64.h
@@ -21,15 +21,17 @@ struct itimerspec64 {
};
/* Located here for timespec[64]_valid_strict */
#define TIME64_MAX ((s64)~((u64)1 << 63))
#define TIME64_MIN (-TIME64_MAX - 1)
#define KTIME_MAX ((s64)~((u64)1 << 63))
+#define KTIME_MIN (-KTIME_MAX - 1)
#define KTIME_SEC_MAX (KTIME_MAX / NSEC_PER_SEC)
+#define KTIME_SEC_MIN (KTIME_MIN / NSEC_PER_SEC)
/*
* Limits for settimeofday():
*
* To prevent setting the time close to the wraparound point time setting
* is limited so a reasonable uptime can be accomodated. Uptime of 30 years
* should be really sufficient, which means the cutoff is 2232. At that
@@ -120,18 +122,21 @@ static inline bool timespec64_valid_settod(const struct timespec64 *ts)
* @ts: pointer to the timespec64 variable to be converted
*
* Returns the scalar nanosecond representation of the timespec64
* parameter.
*/
static inline s64 timespec64_to_ns(const struct timespec64 *ts)
{
- /* Prevent multiplication overflow */
- if ((unsigned long long)ts->tv_sec >= KTIME_SEC_MAX)
+ /* Prevent multiplication overflow / underflow */
+ if (ts->tv_sec >= KTIME_SEC_MAX)
return KTIME_MAX;
+ if (ts->tv_sec <= KTIME_SEC_MIN)
+ return KTIME_MIN;
+
return ((s64) ts->tv_sec * NSEC_PER_SEC) + ts->tv_nsec;
}
/**
* ns_to_timespec64 - Convert nanoseconds to timespec64
* @nsec: the nanoseconds value to be converted
*
--
2.31.1
Internal
Powered by blists - more mailing lists