On Wed, Sep 15, 2021 at 09:00:32PM +0200, Arnd Bergmann wrote:
> On Tue, Sep 14, 2021 at 1:22 AM Greg Kroah-Hartman
> <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> > /*
> > * Limits for settimeofday():
> > @@ -124,10 +126,13 @@ static inline bool timespec64_valid_sett
> > */
> > static inline s64 timespec64_to_ns(const struct timespec64 *ts)
> > {
> > - /* Prevent multiplication overflow */
> > - if ((unsigned long long)ts->tv_sec >= KTIME_SEC_MAX)
> > + /* Prevent multiplication overflow / underflow */
> > + if (ts->tv_sec >= KTIME_SEC_MAX)
> > return KTIME_MAX;
> >
> > + if (ts->tv_sec <= KTIME_SEC_MIN)
> > + return KTIME_MIN;
> > +
>
> I just saw this get merged for the stable kernels, and had not seen this when
> Thomas originally merged it.
>
> I can see how this helps the ptp_clock_adjtime() users, but I just
> double-checked
> what other callers exist, and I think it introduces a regression in setitimer(),
> which does
>
> nval = timespec64_to_ns(&value->it_value);
> ninterval = timespec64_to_ns(&value->it_interval);
>
> without any further range checking that I could find. Setting timers
> with negative intervals sounds like a bad idea, and interpreting negative
> it_value as a past time instead of KTIME_SEC_MAX sounds like an
> unintended interface change.
>
> I haven't done any proper analysis of the changes, so maybe it's all
> good, but I think we need to double-check this, and possibly revert
> it from the stable kernels until a final conclusion.
I will revert it now from all stable kernels, thanks.
greg k-h
