From: Richard Cochran <richardcochran@gmail.com>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Sasha Levin <sasha.levin@oracle.com>,
john.stultz@linaro.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] time: verify time values in adjtimex ADJ_SETOFFSET to avoid overflow
Date: Sun, 6 Dec 2015 23:11:49 +0100 [thread overview]
Message-ID: <20151206221149.GA22451@netboy> (raw)
In-Reply-To: <alpine.DEB.2.11.1512061006210.3595@nanos>
On Sun, Dec 06, 2015 at 10:07:01AM +0100, Thomas Gleixner wrote:
> On Sat, 5 Dec 2015, Sasha Levin wrote:
> > On 12/05/2015 12:10 PM, Thomas Gleixner wrote:
> > > That's not a canonical timeval. timeval_valid() is what you want to
> > > check it. Or has adjtimex some magic exception here?
You can't use timeval_valid for ADJ_SETOFFSET, because the seconds
field can also be negative (when setting the time back).
> > Nope, it looks like timeval_valid() is indeed what I've needed to use.
> >
> > Is there a reason ntp_validate_timex() doesn't do timeval_valid() too
> > for at least the ADJ_SETOFFSET case? If not, I'll add it in.
So you should not use timeval_valid, and the original patch is also
not right. The rule is:
The value of a timeval is the sum of its fields, but the
field tv_usec must always be non-negative.
We had a discussion about this a year or two ago. Maybe I can find it
again.
The overflow is a latent problem, and the patch should:
1. return error in case (txc->time.tv_usec >= USEC_PER_SEC)
2. remove the redundant test in timekeeping_inject_offset.
Thanks,
Richard
next prev parent reply other threads:[~2015-12-06 22:11 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-04 3:09 [PATCH] time: verify time values in adjtimex ADJ_SETOFFSET to avoid overflow Sasha Levin
2015-12-04 20:27 ` John Stultz
2015-12-05 17:10 ` Thomas Gleixner
2015-12-06 0:15 ` Sasha Levin
2015-12-06 9:07 ` Thomas Gleixner
2015-12-06 22:11 ` Richard Cochran [this message]
2015-12-07 19:54 ` John Stultz
2015-12-07 20:11 ` [RFC][PATCH -reworked] time: Verify " John Stultz
2015-12-07 20:13 ` John Stultz
2015-12-07 20:16 ` Thomas Gleixner
2015-12-07 20:15 ` [PATCH] time: verify " Thomas Gleixner
2015-12-07 20:19 ` John Stultz
2015-12-07 20:23 ` John Stultz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151206221149.GA22451@netboy \
--to=richardcochran@gmail.com \
--cc=john.stultz@linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sasha.levin@oracle.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.