[PATCH 7.x ubsan fix 1/6] cputime: Prevent 32bit overflow in time[val|spec]_to_cputime()

Kefeng Wang <wangkefeng.wang@xxxxxxxxxx> · Fri, 17 Nov 2017 10:33:24 +0800

From: zengtao <prime.zeng@xxxxxxxxxx>

mainline inclusion
from mainline-4.5
commit 0f26922fe5dc5724b1adbbd54b21bad03590b4f3
category: bugfix
bugzilla: 3214
DTS: NA
CVE: NA

-------------------------------------------------

The datatype __kernel_time_t is u32 on 32bit platform, so its subject to
overflows in the timeval/timespec to cputime conversion.

Currently the following functions are affected:
1. setitimer()
2. timer_create/timer_settime()
3. sys_clock_nanosleep

This can happen on MIPS32 and ARM32 with "Full dynticks CPU time accounting"
enabled, which is required for CONFIG_NO_HZ_FULL.

Enforce u64 conversion to prevent the overflow.

Fixes: 31c1fc818715 ("ARM: Kconfig: allow full nohz CPU accounting")
Signed-off-by: zengtao <prime.zeng@xxxxxxxxxx>
Reviewed-by: Arnd Bergmann <arnd@xxxxxxxx>
Cc: <fweisbec@xxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
Link: http://lkml.kernel.org/r/1454384314-154784-1-git-send-email-prime.zeng@xxxxxxxxxx
Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
(cherry picked from commit 0f26922fe5dc5724b1adbbd54b21bad03590b4f3)
Signed-off-by: Kefeng Wang <wangkefeng.wang@xxxxxxxxxx>
---
 include/asm-generic/cputime_nsecs.h | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/include/asm-generic/cputime_nsecs.h b/include/asm-generic/cputime_nsecs.h
index bf97df3..903285b 100644
--- a/include/asm-generic/cputime_nsecs.h
+++ b/include/asm-generic/cputime_nsecs.h
@@ -72,7 +72,7 @@ typedef u64 __nocast cputime64_t;
  */
 static inline cputime_t timespec_to_cputime(const struct timespec *val)
 {
-	u64 ret = val->tv_sec * NSEC_PER_SEC + val->tv_nsec;
+	u64 ret = (u64)val->tv_sec * NSEC_PER_SEC + val->tv_nsec;
 	return (__force cputime_t) ret;
 }
 static inline void cputime_to_timespec(const cputime_t ct, struct timespec *val)
@@ -88,7 +88,8 @@ static inline void cputime_to_timespec(const cputime_t ct, struct timespec *val)
  */
 static inline cputime_t timeval_to_cputime(const struct timeval *val)
 {
-	u64 ret = val->tv_sec * NSEC_PER_SEC + val->tv_usec * NSEC_PER_USEC;
+	u64 ret = (u64)val->tv_sec * NSEC_PER_SEC +
+			val->tv_usec * NSEC_PER_USEC;
 	return (__force cputime_t) ret;
 }
 static inline void cputime_to_timeval(const cputime_t ct, struct timeval *val)
-- 
1.8.3.1







