| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1f56589b-ffd5-4ed2-afb5-18cf2e7692a6@linux.dev>
Date: Thu, 28 Aug 2025 13:53:17 +0100
From: Vadim Fedorenko <vadim.fedorenko@...ux.dev>
To: Miroslav Lichvar <mlichvar@...hat.com>, netdev@...r.kernel.org
Cc: Richard Cochran <richardcochran@...il.com>,
Thomas Gleixner <tglx@...utronix.de>, John Stultz <jstultz@...gle.com>,
Arnd Bergmann <arnd@...db.de>
Subject: Re: [PATCH v2 net-next] ptp: Limit time setting of PTP clocks
On 28/08/2025 11:32, Miroslav Lichvar wrote:
> Networking drivers implementing PTP clocks and kernel socket code
> handling hardware timestamps use the 64-bit signed ktime_t type counting
> nanoseconds. When a PTP clock reaches the maximum value in year 2262,
> the timestamps returned to applications will overflow into year 1667.
> The same thing happens when injecting a large offset with
> clock_adjtime(ADJ_SETOFFSET).
>
> The commit 7a8e61f84786 ("timekeeping: Force upper bound for setting
> CLOCK_REALTIME") limited the maximum accepted value setting the system
> clock to 30 years before the maximum representable value (i.e. year
> 2232) to avoid the overflow, assuming the system will not run for more
> than 30 years.
>
> Enforce the same limit for PTP clocks. Don't allow negative values and
> values closer than 30 years to the maximum value. Drivers may implement
> an even lower limit if the hardware registers cannot represent the whole
> interval between years 1970 and 2262 in the required resolution.
>
> Signed-off-by: Miroslav Lichvar <mlichvar@...hat.com>
> Cc: Richard Cochran <richardcochran@...il.com>
> Cc: Thomas Gleixner <tglx@...utronix.de>
> Cc: John Stultz <jstultz@...gle.com>
> Cc: Arnd Bergmann <arnd@...db.de>
> ---
>
> Notes:
> v2:
> - leave tv_nsec validation separate (Jakub)
>
> drivers/ptp/ptp_clock.c | 13 ++++++++++++-
> 1 file changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/ptp/ptp_clock.c b/drivers/ptp/ptp_clock.c
> index 1cc06b7cb17e..3e0726c6f55b 100644
> --- a/drivers/ptp/ptp_clock.c
> +++ b/drivers/ptp/ptp_clock.c
> @@ -100,6 +100,9 @@ static int ptp_clock_settime(struct posix_clock *pc, const struct timespec64 *tp
> return -EBUSY;
> }
>
> + if (!timespec64_valid_settod(tp))
> + return -EINVAL;
> +
> return ptp->info->settime64(ptp->info, tp);
> }
>
> @@ -130,7 +133,7 @@ static int ptp_clock_adjtime(struct posix_clock *pc, struct __kernel_timex *tx)
> ops = ptp->info;
>
> if (tx->modes & ADJ_SETOFFSET) {
> - struct timespec64 ts;
> + struct timespec64 ts, ts2;
> ktime_t kt;
> s64 delta;
>
> @@ -143,6 +146,14 @@ static int ptp_clock_adjtime(struct posix_clock *pc, struct __kernel_timex *tx)
> if ((unsigned long) ts.tv_nsec >= NSEC_PER_SEC)
> return -EINVAL;
>
> + /* Make sure the offset is valid */
> + err = ptp_clock_gettime(pc, &ts2);
> + if (err)
> + return err;
> + ts2 = timespec64_add(ts2, ts);
> + if (!timespec64_valid_settod(&ts2))
> + return -EINVAL;
> +
> kt = timespec64_to_ktime(ts);
> delta = ktime_to_ns(kt);
> err = ops->adjtime(ops, delta);
Reviewed-by: Vadim Fedorenko <vadim.fedorenko@...ux.dev>
Powered by blists - more mailing lists