On Thu, 7 Feb 2019, Thomas Gleixner wrote:
> Does this really need to be an out of line call? If you stick this into the
> clock_get() implementations then it boils down to:
>
> static inline void timens_add_monotonic(struct timespec64 *ts)
> {
> struct timens_offsets *ns_offsets = current->nsproxy->time_ns->offsets;
>
> if (ns_offsets)
> *ts = timespec64_add(*ts, ns_offsets->monotonic_time_offset);
And this needs to be a special variant of
timespec64-add_safe(). timespec64_add_safe() is not sufficient, because it
assumes that both values are positive, which is not the case here..
In timer_set() implementations you move the timespec_valid() check after
the add. That's wrong because you really want to check the input value from
user space.
Assume that the caller supplied value is valid and the adjustment brings it
out of range then how should the caller understand why it it rejected?
So timespec64_add_namespace() must check for under and overflow. But doing
this with timespecs is a pain. I rather suggest to rework the whole thing
so hrtimer_nanosleep() takes a ktime_t expiry value and move the conversion
to the call sites. Then the whole offset magic becomes:
expires = timespec64_to_ktime(rqtp);
if (abstime)
expires = timens_to_host_mono(expires);
and that function can nicely do the underflow and overflow detection and
cap the values to 0 on underflow and KTIME_MAX on overflow.
Hmm?
Thanks,
tglx
