| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AM0PR01MB54100B19D6ED5FDE764FA516EED69@AM0PR01MB5410.eurprd01.prod.exchangelabs.com>
Date: Fri, 10 Sep 2021 13:50:07 +0000
From: OPENSOURCE Lukas Hannen
<lukas.hannen@...nsource.tttech-industrial.com>
To: John Stultz <john.stultz@...aro.org>,
Thomas Gleixner <tglx@...utronix.de>,
"EMC: linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: [RESEND PATCH] time: changed timespec64_to_ns to avoid underrun
This patch fixes a small oversight in timespec64_to_ns() that has resulted
in negative seconds being erroneously clamped to KTIME_MAX due to a cast
to unsigned long long (which expands to the 2's complement of a negative
long long, even if the architecture does not implement negative numbers
using 2's complement)
This is especially relevant in the PTP context, since the ptp_clock_info struct
(from include/linux/ptp_clock_kernel.h) specifies
int (*adjtime)(struct ptp_clock_info *ptp, s64 delta);
int (*gettime64)(struct ptp_clock_info *ptp, struct timespec64 *ts);
which is exactly the kind of timespec64 / nanoseconds mix in combination with
negative values ( ns adjust times ) that can easily lead to calling timespec64_to_ns
with a negative ts->tv_sec, which would in turn lead to instability of the ptp clock.
Fixes: cb47755725da ("time: Prevent undefined behaviour in timespec64_to_ns()")'
Signed-off-by: Lukas Hannen <lukas.hannen@...nsource.tttech-industrial.com>
---
The Patch should apply cleanly to all the branches that the original commit
cb47755725da ("time: Prevent undefined behaviour in timespec64_to_ns()")'
was backported to.
include/linux/time64.h | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/include/linux/time64.h b/include/linux/time64.h
index 5117cb5b56561..81b9686a20799 100644
--- a/include/linux/time64.h
+++ b/include/linux/time64.h
@@ -21,15 +21,17 @@ struct itimerspec64 { };
/* Located here for timespec[64]_valid_strict */
#define TIME64_MAX ((s64)~((u64)1 << 63))
#define TIME64_MIN (-TIME64_MAX - 1)
#define KTIME_MAX ((s64)~((u64)1 << 63))
+#define KTIME_MIN (-KTIME_MAX - 1)
#define KTIME_SEC_MAX (KTIME_MAX / NSEC_PER_SEC)
+#define KTIME_SEC_MIN (KTIME_MIN / NSEC_PER_SEC)
/*
* Limits for settimeofday():
*
* To prevent setting the time close to the wraparound point time setting
* is limited so a reasonable uptime can be accomodated. Uptime of 30 years
* should be really sufficient, which means the cutoff is 2232. At that
@@ -120,18 +122,21 @@ static inline bool timespec64_valid_settod(const struct timespec64 *ts)
* @ts: pointer to the timespec64 variable to be converted
*
* Returns the scalar nanosecond representation of the timespec64
* parameter.
*/
static inline s64 timespec64_to_ns(const struct timespec64 *ts) {
- /* Prevent multiplication overflow */
- if ((unsigned long long)ts->tv_sec >= KTIME_SEC_MAX)
+ /* Prevent multiplication overflow / underflow */
+ if (ts->tv_sec >= KTIME_SEC_MAX)
return KTIME_MAX;
+ if (ts->tv_sec <= KTIME_SEC_MIN)
+ return KTIME_MIN;
+
return ((s64) ts->tv_sec * NSEC_PER_SEC) + ts->tv_nsec; }
/**
* ns_to_timespec64 - Convert nanoseconds to timespec64
* @nsec: the nanoseconds value to be converted
*
--
2.31.1
Best Regards,
Lukas Hannen
Internal
Powered by blists - more mailing lists