lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 10 Sep 2021 13:50:07 +0000
From:   OPENSOURCE Lukas Hannen 
        <lukas.hannen@...nsource.tttech-industrial.com>
To:     John Stultz <john.stultz@...aro.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        "EMC: linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: [RESEND PATCH] time: changed timespec64_to_ns to avoid underrun

This patch fixes a small oversight in timespec64_to_ns() that has resulted
in negative seconds being erroneously clamped to KTIME_MAX due to a cast
to unsigned long long (which expands to the 2's complement of a negative
long long, even if the architecture does not implement negative numbers
using 2's complement)

This is especially relevant in the PTP context, since the ptp_clock_info struct
(from include/linux/ptp_clock_kernel.h) specifies

        int (*adjtime)(struct ptp_clock_info *ptp, s64 delta);
        int (*gettime64)(struct ptp_clock_info *ptp, struct timespec64 *ts);

which is exactly the kind of timespec64 / nanoseconds mix in combination with
negative values ( ns adjust times ) that can easily lead to calling timespec64_to_ns
with a negative ts->tv_sec, which would in turn lead to instability of the ptp clock.

Fixes: cb47755725da ("time: Prevent undefined behaviour in timespec64_to_ns()")'
Signed-off-by: Lukas Hannen <lukas.hannen@...nsource.tttech-industrial.com>

---
The Patch should apply cleanly to all the branches that the original commit
cb47755725da ("time: Prevent undefined behaviour in timespec64_to_ns()")'
was backported to.

include/linux/time64.h | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/include/linux/time64.h b/include/linux/time64.h
index 5117cb5b56561..81b9686a20799 100644
--- a/include/linux/time64.h
+++ b/include/linux/time64.h
@@ -21,15 +21,17 @@ struct itimerspec64 {  };

 /* Located here for timespec[64]_valid_strict */
 #define TIME64_MAX                     ((s64)~((u64)1 << 63))
 #define TIME64_MIN                     (-TIME64_MAX - 1)

 #define KTIME_MAX                      ((s64)~((u64)1 << 63))
+#define KTIME_MIN                      (-KTIME_MAX - 1)
 #define KTIME_SEC_MAX                  (KTIME_MAX / NSEC_PER_SEC)
+#define KTIME_SEC_MIN                  (KTIME_MIN / NSEC_PER_SEC)

 /*
  * Limits for settimeofday():
  *
  * To prevent setting the time close to the wraparound point time setting
  * is limited so a reasonable uptime can be accomodated. Uptime of 30 years
  * should be really sufficient, which means the cutoff is 2232. At that
@@ -120,18 +122,21 @@ static inline bool timespec64_valid_settod(const struct timespec64 *ts)
  * @ts:                pointer to the timespec64 variable to be converted
  *
  * Returns the scalar nanosecond representation of the timespec64
  * parameter.
  */
 static inline s64 timespec64_to_ns(const struct timespec64 *ts)  {
-       /* Prevent multiplication overflow */
-       if ((unsigned long long)ts->tv_sec >= KTIME_SEC_MAX)
+       /* Prevent multiplication overflow / underflow */
+       if (ts->tv_sec >= KTIME_SEC_MAX)
                return KTIME_MAX;

+       if (ts->tv_sec <= KTIME_SEC_MIN)
+               return KTIME_MIN;
+
        return ((s64) ts->tv_sec * NSEC_PER_SEC) + ts->tv_nsec;  }

 /**
  * ns_to_timespec64 - Convert nanoseconds to timespec64
  * @nsec:      the nanoseconds value to be converted
  *
--
2.31.1

Best Regards,

Lukas Hannen


Internal

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ