From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, David Engraf <david.engraf@sysgo.com>,
John Stultz <john.stultz@linaro.org>
Subject: [ 30/46] hrtimer: Fix ktime_add_ns() overflow on 32bit architectures
Date: Mon, 6 May 2013 15:58:36 -0700 [thread overview]
Message-ID: <20130506225823.836335202@linuxfoundation.org> (raw)
In-Reply-To: <20130506225820.628893970@linuxfoundation.org>
3.0-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Engraf <david.engraf@sysgo.com>
commit 51fd36f3fad8447c487137ae26b9d0b3ce77bb25 upstream.
One can trigger an overflow when using ktime_add_ns() on a 32bit
architecture not supporting CONFIG_KTIME_SCALAR.
When passing a very high value for u64 nsec, e.g. 7881299347898368000
the do_div() function converts this value to seconds (7881299347) which
is still to high to pass to the ktime_set() function as long. The result
in is a negative value.
The problem on my system occurs in the tick-sched.c,
tick_nohz_stop_sched_tick() when time_delta is set to
timekeeping_max_deferment(). The check for time_delta < KTIME_MAX is
valid, thus ktime_add_ns() is called with a too large value resulting in
a negative expire value. This leads to an endless loop in the ticker code:
time_delta: 7881299347898368000
expires = ktime_add_ns(last_update, time_delta)
expires: negative value
This fix caps the value to KTIME_MAX.
This error doesn't occurs on 64bit or architectures supporting
CONFIG_KTIME_SCALAR (e.g. ARM, x86-32).
Signed-off-by: David Engraf <david.engraf@sysgo.com>
[jstultz: Minor tweaks to commit message & header]
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/hrtimer.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/kernel/hrtimer.c
+++ b/kernel/hrtimer.c
@@ -298,6 +298,10 @@ ktime_t ktime_sub_ns(const ktime_t kt, u
} else {
unsigned long rem = do_div(nsec, NSEC_PER_SEC);
+ /* Make sure nsec fits into long */
+ if (unlikely(nsec > KTIME_SEC_MAX))
+ return (ktime_t){ .tv64 = KTIME_MAX };
+
tmp = ktime_set((long)nsec, rem);
}
next prev parent reply other threads:[~2013-05-06 22:59 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-06 22:58 [ 00/46] 3.0.77-stable review Greg Kroah-Hartman
2013-05-06 22:58 ` [ 01/46] powerpc: Add isync to copy_and_flush Greg Kroah-Hartman
2013-05-06 22:58 ` [ 02/46] powerpc/spufs: Initialise inode->i_ino in spufs_new_inode() Greg Kroah-Hartman
2013-05-06 22:58 ` [ 03/46] USB: serial: option: Added support Olivetti Olicard 145 Greg Kroah-Hartman
2013-05-06 22:58 ` [ 04/46] USB: option: add a D-Link DWM-156 variant Greg Kroah-Hartman
2013-05-06 22:58 ` [ 05/46] usb/misc/appledisplay: Add 24" LED Cinema display Greg Kroah-Hartman
2013-05-06 22:58 ` [ 06/46] USB: add ftdi_sio USB ID for GDM Boost V1.x Greg Kroah-Hartman
2013-05-06 22:58 ` [ 07/46] USB: ftdi_sio: correct ST Micro Connect Lite PIDs Greg Kroah-Hartman
2013-05-06 22:58 ` [ 08/46] usbfs: Always allow ctrl requests with USB_RECIP_ENDPOINT on the ctrl ep Greg Kroah-Hartman
2013-05-06 22:58 ` [ 09/46] usb-storage: CY7C68300A chips do not support Cypress ATACB Greg Kroah-Hartman
2013-05-06 22:58 ` [ 10/46] s390/memory hotplug: prevent offline of active memory increments Greg Kroah-Hartman
2013-05-06 22:58 ` [ 11/46] xen/time: Fix kasprintf splat when allocating timer%d IRQ line Greg Kroah-Hartman
2013-05-06 22:58 ` [ 12/46] serial_core.c: add put_device() after device_find_child() Greg Kroah-Hartman
2013-05-06 22:58 ` [ 13/46] tty: fix up atime/mtime mess, take three Greg Kroah-Hartman
2013-05-06 22:58 ` [ 14/46] fbcon: when font is freed, clear also vc_font.data Greg Kroah-Hartman
2013-05-06 22:58 ` [ 15/46] tracing: Use stack of calling function for stack tracer Greg Kroah-Hartman
2013-05-06 22:58 ` [ 16/46] tracing: Fix stack tracer with fentry use Greg Kroah-Hartman
2013-05-06 22:58 ` [ 17/46] tracing: Remove most or all of stack tracer stack size from stack_max_size Greg Kroah-Hartman
2013-05-06 22:58 ` [ 18/46] tracing: Fix off-by-one on allocating stat->pages Greg Kroah-Hartman
2013-05-06 22:58 ` [ 19/46] tracing: Check return value of tracing_init_dentry() Greg Kroah-Hartman
2013-05-06 22:58 ` [ 20/46] tracing: Reset ftrace_graph_filter_enabled if count is zero Greg Kroah-Hartman
2013-05-06 22:58 ` [ 21/46] i2c: xiic: must always write 16-bit words to TX_FIFO Greg Kroah-Hartman
2013-05-06 22:58 ` [ 22/46] Fix initialization of CMCI/CMCP interrupts Greg Kroah-Hartman
2013-05-06 22:58 ` [ 23/46] PCI / ACPI: Dont query OSC support with all possible controls Greg Kroah-Hartman
2013-05-06 22:58 ` [ 24/46] Wrong asm register contraints in the futex implementation Greg Kroah-Hartman
2013-05-06 22:58 ` [ 25/46] Wrong asm register contraints in the kvm implementation Greg Kroah-Hartman
2013-05-06 22:58 ` [ 26/46] fs/fscache/stats.c: fix memory leak Greg Kroah-Hartman
2013-05-06 22:58 ` [ 27/46] ALSA: usb-audio: disable autopm for MIDI devices Greg Kroah-Hartman
2013-05-06 22:58 ` [ 28/46] ALSA: usb-audio: Fix autopm error during probing Greg Kroah-Hartman
2013-05-06 22:58 ` [ 29/46] ASoC: max98088: Fix logging of hardware revision Greg Kroah-Hartman
2013-05-06 22:58 ` Greg Kroah-Hartman [this message]
2013-05-06 22:58 ` [ 31/46] hrtimer: Add expiry time overflow check in hrtimer_interrupt Greg Kroah-Hartman
2013-05-06 22:58 ` [ 32/46] drivers/rtc/rtc-cmos.c: dont disable hpet emulation on suspend Greg Kroah-Hartman
2013-05-06 22:58 ` [ 33/46] cgroup: fix an off-by-one bug which may trigger BUG_ON() Greg Kroah-Hartman
2013-05-06 22:58 ` [ 34/46] clockevents: Set dummy handler on CPU_DEAD shutdown Greg Kroah-Hartman
2013-05-06 22:58 ` [ 35/46] LOCKD: Ensure that nlmclnt_block resets block->b_status after a server reboot Greg Kroah-Hartman
2013-05-06 22:58 ` [ 36/46] NFSv4: Handle NFS4ERR_DELAY and NFS4ERR_GRACE in nfs4_open_delegation_recall Greg Kroah-Hartman
2013-05-06 22:58 ` [ 37/46] nfsd4: dont close read-write opens too soon Greg Kroah-Hartman
2013-05-06 22:58 ` [ 38/46] nfsd: Decode and send 64bit time values Greg Kroah-Hartman
2013-05-06 22:58 ` [ 39/46] wireless: regulatory: fix channel disabling race condition Greg Kroah-Hartman
2013-05-06 22:58 ` [ 40/46] ipc: sysv shared memory limited to 8TiB Greg Kroah-Hartman
2013-05-06 22:58 ` [ 41/46] ext4: fix Kconfig documentation for CONFIG_EXT4_DEBUG Greg Kroah-Hartman
2013-05-06 22:58 ` [ 42/46] x86: Eliminate irq_mis_count counted in arch_irq_stat Greg Kroah-Hartman
2013-05-06 22:58 ` [ 43/46] mmc: core: Fix bit width test failing on old eMMC cards Greg Kroah-Hartman
2013-05-06 22:58 ` [ 44/46] mfd: adp5520: Restore mode bits on resume Greg Kroah-Hartman
2013-05-06 22:58 ` [ 45/46] s390: move dummy io_remap_pfn_range() to asm/pgtable.h Greg Kroah-Hartman
2013-05-06 22:58 ` [ 46/46] Revert :can: sja1000: fix handling on dt properties on little endian systems" Greg Kroah-Hartman
[not found] ` <CAKocOOM7rXbFbD73ZZ2zmS6SGgaytmWd-36uV+G2OVO88Zb=Og@mail.gmail.com>
2013-05-07 19:14 ` [ 00/46] 3.0.77-stable review Shuah Khan
2013-05-07 19:26 ` gregkh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130506225823.836335202@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=david.engraf@sysgo.com \
--cc=john.stultz@linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox