On Tue, Sep 14, 2021 at 1:22 AM Greg Kroah-Hartman gregkh@linuxfoundation.org wrote:
/*
- Limits for settimeofday():
@@ -124,10 +126,13 @@ static inline bool timespec64_valid_sett */ static inline s64 timespec64_to_ns(const struct timespec64 *ts) {
/* Prevent multiplication overflow */
if ((unsigned long long)ts->tv_sec >= KTIME_SEC_MAX)
/* Prevent multiplication overflow / underflow */
if (ts->tv_sec >= KTIME_SEC_MAX) return KTIME_MAX;
if (ts->tv_sec <= KTIME_SEC_MIN)
return KTIME_MIN;
I just saw this get merged for the stable kernels, and had not seen this when Thomas originally merged it.
I can see how this helps the ptp_clock_adjtime() users, but I just double-checked what other callers exist, and I think it introduces a regression in setitimer(), which does
nval = timespec64_to_ns(&value->it_value); ninterval = timespec64_to_ns(&value->it_interval);
without any further range checking that I could find. Setting timers with negative intervals sounds like a bad idea, and interpreting negative it_value as a past time instead of KTIME_SEC_MAX sounds like an unintended interface change.
I haven't done any proper analysis of the changes, so maybe it's all good, but I think we need to double-check this, and possibly revert it from the stable kernels until a final conclusion.
Arnd