From: <gregkh@linuxfoundation.org>
To: john.stultz@linaro.org,a.p.zijlstra@chello.nl,caiqian@redhat.com,gregkh@linuxfoundation.org,levinsasha928@gmail.com,mingo@kernel.org,prarit@redhat.com,tglx@linutronix.de,zliu@redhat.com
Cc: <stable@vger.kernel.org>, <stable-commits@vger.kernel.org>
Subject: Patch "time: Improve sanity checking of timekeeping inputs" has been added to the 3.5-stable tree
Date: Thu, 27 Sep 2012 13:49:37 -0700 [thread overview]
Message-ID: <134877897736@kroah.org> (raw)
In-Reply-To: <1347389781-54602-2-git-send-email-john.stultz@linaro.org>
This is a note to let you know that I've just added the patch titled
time: Improve sanity checking of timekeeping inputs
to the 3.5-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
time-improve-sanity-checking-of-timekeeping-inputs.patch
and it can be found in the queue-3.5 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From john.stultz@linaro.org Thu Sep 27 13:27:22 2012
From: John Stultz <john.stultz@linaro.org>
Date: Tue, 11 Sep 2012 14:56:19 -0400
Subject: time: Improve sanity checking of timekeeping inputs
To: stable@vger.kernel.org
Cc: John Stultz <john.stultz@linaro.org>, Peter Zijlstra <a.p.zijlstra@chello.nl>, Prarit Bhargava <prarit@redhat.com>, Zhouping Liu <zliu@redhat.com>, Ingo Molnar <mingo@kernel.org>, Thomas Gleixner <tglx@linutronix.de>
Message-ID: <1347389781-54602-2-git-send-email-john.stultz@linaro.org>
From: John Stultz <john.stultz@linaro.org>
commit 4e8b14526ca7fb046a81c94002c1c43b6fdf0e9b upstream.
Unexpected behavior could occur if the time is set to a value large
enough to overflow a 64bit ktime_t (which is something larger then the
year 2262).
Also unexpected behavior could occur if large negative offsets are
injected via adjtimex.
So this patch improves the sanity check timekeeping inputs by
improving the timespec_valid() check, and then makes better use of
timespec_valid() to make sure we don't set the time to an invalid
negative value or one that overflows ktime_t.
Note: This does not protect from setting the time close to overflowing
ktime_t and then letting natural accumulation cause the overflow.
Reported-by: CAI Qian <caiqian@redhat.com>
Reported-by: Sasha Levin <levinsasha928@gmail.com>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Prarit Bhargava <prarit@redhat.com>
Cc: Zhouping Liu <zliu@redhat.com>
Cc: Ingo Molnar <mingo@kernel.org>
Link: http://lkml.kernel.org/r/1344454580-17031-1-git-send-email-john.stultz@linaro.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/ktime.h | 7 -------
include/linux/time.h | 22 ++++++++++++++++++++--
kernel/time/timekeeping.c | 26 ++++++++++++++++++++++++--
3 files changed, 44 insertions(+), 11 deletions(-)
--- a/include/linux/ktime.h
+++ b/include/linux/ktime.h
@@ -58,13 +58,6 @@ union ktime {
typedef union ktime ktime_t; /* Kill this */
-#define KTIME_MAX ((s64)~((u64)1 << 63))
-#if (BITS_PER_LONG == 64)
-# define KTIME_SEC_MAX (KTIME_MAX / NSEC_PER_SEC)
-#else
-# define KTIME_SEC_MAX LONG_MAX
-#endif
-
/*
* ktime_t definitions when using the 64-bit scalar representation:
*/
--- a/include/linux/time.h
+++ b/include/linux/time.h
@@ -107,11 +107,29 @@ static inline struct timespec timespec_s
return ts_delta;
}
+#define KTIME_MAX ((s64)~((u64)1 << 63))
+#if (BITS_PER_LONG == 64)
+# define KTIME_SEC_MAX (KTIME_MAX / NSEC_PER_SEC)
+#else
+# define KTIME_SEC_MAX LONG_MAX
+#endif
+
/*
* Returns true if the timespec is norm, false if denorm:
*/
-#define timespec_valid(ts) \
- (((ts)->tv_sec >= 0) && (((unsigned long) (ts)->tv_nsec) < NSEC_PER_SEC))
+static inline bool timespec_valid(const struct timespec *ts)
+{
+ /* Dates before 1970 are bogus */
+ if (ts->tv_sec < 0)
+ return false;
+ /* Can't have more nanoseconds then a second */
+ if ((unsigned long)ts->tv_nsec >= NSEC_PER_SEC)
+ return false;
+ /* Disallow values that could overflow ktime_t */
+ if ((unsigned long long)ts->tv_sec >= KTIME_SEC_MAX)
+ return false;
+ return true;
+}
extern void read_persistent_clock(struct timespec *ts);
extern void read_boot_clock(struct timespec *ts);
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -384,7 +384,7 @@ int do_settimeofday(const struct timespe
struct timespec ts_delta;
unsigned long flags;
- if ((unsigned long)tv->tv_nsec >= NSEC_PER_SEC)
+ if (!timespec_valid(tv))
return -EINVAL;
write_seqlock_irqsave(&timekeeper.lock, flags);
@@ -418,6 +418,8 @@ EXPORT_SYMBOL(do_settimeofday);
int timekeeping_inject_offset(struct timespec *ts)
{
unsigned long flags;
+ struct timespec tmp;
+ int ret = 0;
if ((unsigned long)ts->tv_nsec >= NSEC_PER_SEC)
return -EINVAL;
@@ -426,10 +428,17 @@ int timekeeping_inject_offset(struct tim
timekeeping_forward_now();
+ tmp = timespec_add(timekeeper.xtime, *ts);
+ if (!timespec_valid(&tmp)) {
+ ret = -EINVAL;
+ goto error;
+ }
+
timekeeper.xtime = timespec_add(timekeeper.xtime, *ts);
timekeeper.wall_to_monotonic =
timespec_sub(timekeeper.wall_to_monotonic, *ts);
+error: /* even if we error out, we forwarded the time, so call update */
timekeeping_update(true);
write_sequnlock_irqrestore(&timekeeper.lock, flags);
@@ -437,7 +446,7 @@ int timekeeping_inject_offset(struct tim
/* signal hrtimers about time change */
clock_was_set();
- return 0;
+ return ret;
}
EXPORT_SYMBOL(timekeeping_inject_offset);
@@ -597,7 +606,20 @@ void __init timekeeping_init(void)
struct timespec now, boot;
read_persistent_clock(&now);
+ if (!timespec_valid(&now)) {
+ pr_warn("WARNING: Persistent clock returned invalid value!\n"
+ " Check your CMOS/BIOS settings.\n");
+ now.tv_sec = 0;
+ now.tv_nsec = 0;
+ }
+
read_boot_clock(&boot);
+ if (!timespec_valid(&boot)) {
+ pr_warn("WARNING: Boot clock returned invalid value!\n"
+ " Check your CMOS/BIOS settings.\n");
+ boot.tv_sec = 0;
+ boot.tv_nsec = 0;
+ }
seqlock_init(&timekeeper.lock);
Patches currently in stable-queue which might be from john.stultz@linaro.org are
queue-3.5/time-avoid-making-adjustments-if-we-haven-t-accumulated-anything.patch
queue-3.5/time-move-ktime_t-overflow-checking-into-timespec_valid_strict.patch
queue-3.5/time-improve-sanity-checking-of-timekeeping-inputs.patch
next parent reply other threads:[~2012-09-27 20:49 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1347389781-54602-2-git-send-email-john.stultz@linaro.org>
2012-09-27 20:49 ` gregkh [this message]
2012-08-31 18:02 Patch "time: Improve sanity checking of timekeeping inputs" has been added to the 3.5-stable tree gregkh
2012-08-31 18:12 ` Greg KH
2012-08-31 18:30 ` John Stultz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=134877897736@kroah.org \
--to=gregkh@linuxfoundation.org \
--cc=a.p.zijlstra@chello.nl \
--cc=caiqian@redhat.com \
--cc=john.stultz@linaro.org \
--cc=levinsasha928@gmail.com \
--cc=mingo@kernel.org \
--cc=prarit@redhat.com \
--cc=stable-commits@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=zliu@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).