From: Liav Rehana <liavr@xxxxxxxxxxxx> During the calculation of the nsec variable in the inline function timekeeping_delta_to_ns, it may undergo a sign extension if its msb is set just before the shift. The sign extension may, in some cases, gain it a value near the maximum value of the 64-bit range. This is bad when it is later used in a division function, such as __iter_div_u64_rem, where the amount of loops it will go through to calculate the division will be too large. One can encounter such a problem, for example, when trying to connect through ftp from an outside host to the operation system. When the OS is too overloaded, delta will get a high enough value for the msb of the sum delta * tkr->mult + tkr->xtime_nsec to be set, and so after the shift the nsec variable will gain a value similar to 0xffffffffff000000. Using a variable with such a value in the inline function __iter_div_u64_rem will take too long, making the ftp connection attempt seem to get stuck. The following commit fixes that chance of sign extension, while maintaining the type of the nsec variable as signed for other functions that use this variable, for possible legit negative time intervals. Cc: Chris Metcalf <cmetcalf@xxxxxxxxxxxx> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx> Cc: Richard Cochran <richardcochran@xxxxxxxxx> Cc: Ingo Molnar <mingo@xxxxxxxxxx> Cc: Prarit Bhargava <prarit@xxxxxxxxxx> Cc: Laurent Vivier <lvivier@xxxxxxxxxx> Cc: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx> Cc: "Christopher S . Hall" <christopher.s.hall@xxxxxxxxx> Cc: stable@xxxxxxxxxxxxxxx (4.6+) Fixes: 6bd58f09e1d8 ("time: Add cycles to nanoseconds translation") Also-Reported-by: Chris Metcalf <cmetcalf@xxxxxxxxxxxx> Signed-off-by: Liav Rehana <liavr@xxxxxxxxxxxx> Signed-off-by: John Stultz <john.stultz@xxxxxxxxxx> --- Thomas/Ingo: This is for tip:timers/urgent. kernel/time/timekeeping.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c index 37dec7e..46e312e 100644 --- a/kernel/time/timekeeping.c +++ b/kernel/time/timekeeping.c @@ -299,10 +299,10 @@ u32 (*arch_gettimeoffset)(void) = default_arch_gettimeoffset; static inline u32 arch_gettimeoffset(void) { return 0; } #endif -static inline s64 timekeeping_delta_to_ns(struct tk_read_base *tkr, +static inline u64 timekeeping_delta_to_ns(struct tk_read_base *tkr, cycle_t delta) { - s64 nsec; + u64 nsec; nsec = delta * tkr->mult + tkr->xtime_nsec; nsec >>= tkr->shift; -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html