[PATCH] ktime_add_ns() may overflow on 32bit architectures

All of lore.kernel.org
 help / color / mirror / Atom feed

From: David Engraf <david.engraf@sysgo.com>
To: Thomas Gleixner <tglx@linutronix.de>,
	John Stultz <john.stultz@linaro.org>
Cc: linux-kernel@vger.kernel.org
Subject: [PATCH] ktime_add_ns() may overflow on 32bit architectures
Date: Tue, 19 Mar 2013 13:29:55 +0100	[thread overview]
Message-ID: <51485A43.4020600@sysgo.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 989 bytes --]

Hello,

I've triggered an overflow when using ktime_add_ns() on a 32bit 
architecture not supporting CONFIG_KTIME_SCALAR.

When passing a very high value for u64 nsec, e.g. 7881299347898368000 
the do_div() function converts this value to seconds (7881299347) which 
is still to high to pass to the ktime_set() function as long. The result 
in my case is a negative value.

The problem on my system occurs in the tick-sched.c, 
tick_nohz_stop_sched_tick() when time_delta is set to 
timekeeping_max_deferment(). The check for time_delta < KTIME_MAX is 
valid, thus ktime_add_ns() is called with a too large value resulting in 
a negative expire value. This leads to an endless loop in the ticker code:

time_delta: 7881299347898368000
expires = ktime_add_ns(last_update, time_delta)
expires: negative value

This error doesn't occurs on 64bit or architectures supporting 
CONFIG_KTIME_SCALAR (e.g. ARM, x86-32).

Best regards
- David

Signed-off-by: David Engraf <david.engraf@sysgo.com>

[-- Attachment #2: ktime_add_ns.patch --]
[-- Type: text/x-diff, Size: 425 bytes --]

diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c
index cc47812..320a7aa 100644
--- a/kernel/hrtimer.c
+++ b/kernel/hrtimer.c
@@ -275,6 +275,10 @@ ktime_t ktime_add_ns(const ktime_t kt, u64 nsec)
 	} else {
 		unsigned long rem = do_div(nsec, NSEC_PER_SEC);

+		/* Make sure nsec fits into long */
+		if (unlikely(nsec > KTIME_SEC_MAX))
+			return (ktime_t){ .tv64 = KTIME_MAX };
+
 		tmp = ktime_set((long)nsec, rem);
 	}

next             reply	other threads:[~2013-03-19 12:29 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-03-19 12:29 David Engraf [this message]
2013-03-19 12:38 ` [PATCH] ktime_add_ns() may overflow on 32bit architectures Eric Dumazet
2013-03-19 12:53   ` David Engraf
2013-04-08 20:20 ` John Stultz
2013-04-09  7:08   ` David Engraf

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:cc47812 dfblob:320a7aa )
 OR (
bs:"[PATCH] ktime_add_ns() may overflow on 32bit architectures" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=51485A43.4020600@sysgo.com \
    --to=david.engraf@sysgo.com \
    --cc=john.stultz@linaro.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=tglx@linutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.