From: Thomas Gleixner <tglx@linutronix.de>
To: David Laight <David.Laight@ACULAB.COM>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-tip-commits@vger.kernel.org"
<linux-tip-commits@vger.kernel.org>
Cc: Lukas Hannen <lukas.hannen@opensource.tttech-industrial.com>,
"stable@vger.kernel.org" <stable@vger.kernel.org>,
"x86@kernel.org" <x86@kernel.org>
Subject: RE: [tip: timers/urgent] time: Handle negative seconds correctly in timespec64_to_ns()
Date: Wed, 08 Sep 2021 22:11:55 +0200 [thread overview]
Message-ID: <87zgsmesj8.ffs@tglx> (raw)
In-Reply-To: <a4bbf640306c42429afda8a4fc396f98@AcuMS.aculab.com>
David,
On Wed, Sep 08 2021 at 16:01, David Laight wrote:
>> + if (ts->tv_sec <= KTIME_SEC_MIN)
>> + return KTIME_MIN;
>> +
>> return ((s64) ts->tv_sec * NSEC_PER_SEC) + ts->tv_nsec;
>> }
>
> Adding tv_nsec can still overflow - even if tv_nsec is bounded to +/- 1 second.
> This is no more 'garbage in' => 'garbage out' than the code without the
> multiply under/overflow check.
In kernel timespecs are always normalized: 0 < tv_nsec < 1e9 - 1
Let's do the math:
KTIME_SEC_MAX = KTIME_MAX / NSEC_PER_SEC
The overflow prevention does:
if PSVAL >= KTIME_SEC_MAX:
return KTIME_MAX
so the largest positive seconds value which passes the above is:
PSMAX = KTIME_SEC_MAX - 1
ergo:
PSMAX * NSEC_PER_SEC + (NSEC_PER_SEC - 1) < KTIME_SEC_MAX < KTIME_MAX
I leave the proof for negative values as an excercise for the reader.
Thanks,
tglx
---
"Math is hard, let's go shopping!" - John Stultz
prev parent reply other threads:[~2021-09-08 20:12 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <AM6PR01MB541637BD6F336B8FFB72AF80EEC69@AM6PR01MB5416.eurprd01.prod.exchangelabs.com>
2021-09-08 15:50 ` [tip: timers/urgent] time: Handle negative seconds correctly in timespec64_to_ns() tip-bot2 for Lukas Hannen
2021-09-08 16:01 ` David Laight
2021-09-08 20:11 ` Thomas Gleixner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zgsmesj8.ffs@tglx \
--to=tglx@linutronix.de \
--cc=David.Laight@ACULAB.COM \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=lukas.hannen@opensource.tttech-industrial.com \
--cc=stable@vger.kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox