We could observe unexpected behavior if the time is set
to a value large enough to overflow a 64bit ktime_t
(which is something larger then the year 2264).
So check timekeeping inputs to make sure we don't set
the time to a value that overflows ktime_t.
Note: This does not protect from setting the time close to
overflowing ktime_t and then letting natural accumulation
cause the overflow.
Cc: Ingo Molnar <mi...@kernel.org>
Cc: Peter Zijlstra <a.p.zijls...@chello.nl>
Cc: Prarit Bhargava <pra...@redhat.com>
Cc: Thomas Gleixner <t...@linutronix.de>
Cc: Zhouping Liu <z...@redhat.com>
Cc: CAI Qian <caiq...@redhat.com>
Reported-by: CAI Qian <caiq...@redhat.com>
Signed-off-by: John Stultz <john.stu...@linaro.org>
---
kernel/time/timekeeping.c | 28 +++++++++++++++++++++++++---
1 file changed, 25 insertions(+), 3 deletions(-)
diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
index 96179ab..78bccd0 100644
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -92,7 +92,7 @@ __cacheline_aligned_in_smp DEFINE_SEQLOCK(xtime_lock);
/* flag for if timekeeping is suspended */
int __read_mostly timekeeping_suspended;
-
+#define TWENTY_YEARS (20LL*365*24*60*60)
/**
* timekeeper_setup_internals - Set up internals to use clocksource clock.
@@ -387,6 +387,9 @@ int do_settimeofday(const struct timespec *tv)
if ((unsigned long)tv->tv_nsec >= NSEC_PER_SEC)
return -EINVAL;
+ if ((unsigned long long)tv->tv_sec >= KTIME_SEC_MAX)
+ return -EINVAL;
+
write_seqlock_irqsave(&timekeeper.lock, flags);
timekeeping_forward_now();
@@ -418,6 +421,8 @@ EXPORT_SYMBOL(do_settimeofday);
int timekeeping_inject_offset(struct timespec *ts)
{
unsigned long flags;
+ struct timespec tmp;
+ int ret = 0;
if ((unsigned long)ts->tv_nsec >= NSEC_PER_SEC)
return -EINVAL;
@@ -426,10 +431,17 @@ int timekeeping_inject_offset(struct timespec *ts)
timekeeping_forward_now();
- timekeeper.xtime = timespec_add(timekeeper.xtime, *ts);
+ /* Make sure the increased value won't cause ktime_t trouble */
+ tmp = timespec_add(timekeeper.xtime, *ts);
+ if ((unsigned long long)tmp.tv_sec >= KTIME_SEC_MAX) {
+ ret= -EINVAL;
+ goto error;
+ }
+ timekeeper.xtime = tmp;
timekeeper.wall_to_monotonic =
timespec_sub(timekeeper.wall_to_monotonic, *ts);
+error: /* even if we error out, we forwarded the time, so call update */
timekeeping_update(true);
write_sequnlock_irqrestore(&timekeeper.lock, flags);
@@ -437,7 +449,7 @@ int timekeeping_inject_offset(struct timespec *ts)
/* signal hrtimers about time change */
clock_was_set();
- return 0;
+ return ret;
}
EXPORT_SYMBOL(timekeeping_inject_offset);
@@ -599,6 +611,16 @@ void __init timekeeping_init(void)
read_persistent_clock(&now);
read_boot_clock(&boot);
+ /*
+ * Check to make sure the persistent clock
+ * didn't return something crazy.
+ */
+ if (now.tv_sec > (KTIME_SEC_MAX - TWENTY_YEARS)) {
+ printk("WARNING: Persistent clock returned a year greater then"
+ " 2242. Capping at 2242.\n");
+ now.tv_sec = KTIME_SEC_MAX - TWENTY_YEARS;
+ }
+
seqlock_init(&timekeeper.lock);
ntp_init();
--
1.7.9.5
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
