On Thu, 15 Aug 2019, Dmitry Safonov wrote:
> +ktime_t do_timens_ktime_to_host(clockid_t clockid, ktime_t tim,
> + struct timens_offsets *ns_offsets)
> +{
> + ktime_t offset;
> +
> + switch (clockid) {
> + case CLOCK_MONOTONIC:
> + offset = timespec64_to_ktime(ns_offsets->monotonic);
> + break;
> + case CLOCK_BOOTTIME:
> + case CLOCK_BOOTTIME_ALARM:
> + offset = timespec64_to_ktime(ns_offsets->boottime);
> + break;
> + default:
> + return tim;
> + }
> +
> + /*
> + * Check that @tim value is in [offset, KTIME_MAX + offset]
> + * and subtract offset.
> + */
> + if (tim < offset) {
> + /*
> + * User can specify @tim *absolute* value - if it's lesser than
> + * the time namespace's offset - it's already expired.
> + */
> + tim = 0;
> + } else if (KTIME_MAX - tim < -offset) {
> + /*
> + * User-supplied @tim may be close or even equal KTIME_MAX
> + * and time namespace offset can be negative.
> + * Let's check (tim - offset) for an overflow.
> + * Return KTIME_MAX in such case, as the time value is
> + * thousands *years* in future anyway.
> + */
> + tim = KTIME_MAX;
> + } else {
> + tim = ktime_sub(tim, offset);
> + }
While the overflow check is correct, wouldn't it be more intuitive to do:
tim = ktime_sub(tim, offset);
if (unlikely(tim > KTIME_MAX))
tim = KTIME_MAX;
Thanks,
tglx
