On Tue, Sep 14, 2021 at 1:22 AM Greg Kroah-Hartman
<gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> /*
> * Limits for settimeofday():
> @@ -124,10 +126,13 @@ static inline bool timespec64_valid_sett
> */
> static inline s64 timespec64_to_ns(const struct timespec64 *ts)
> {
> - /* Prevent multiplication overflow */
> - if ((unsigned long long)ts->tv_sec >= KTIME_SEC_MAX)
> + /* Prevent multiplication overflow / underflow */
> + if (ts->tv_sec >= KTIME_SEC_MAX)
> return KTIME_MAX;
>
> + if (ts->tv_sec <= KTIME_SEC_MIN)
> + return KTIME_MIN;
> +
I just saw this get merged for the stable kernels, and had not seen this when
Thomas originally merged it.
I can see how this helps the ptp_clock_adjtime() users, but I just
double-checked
what other callers exist, and I think it introduces a regression in setitimer(),
which does
nval = timespec64_to_ns(&value->it_value);
ninterval = timespec64_to_ns(&value->it_interval);
without any further range checking that I could find. Setting timers
with negative intervals sounds like a bad idea, and interpreting negative
it_value as a past time instead of KTIME_SEC_MAX sounds like an
unintended interface change.
I haven't done any proper analysis of the changes, so maybe it's all
good, but I think we need to double-check this, and possibly revert
it from the stable kernels until a final conclusion.
Arnd
