From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Google-Smtp-Source: AH8x224yEjwRsIheHvm7APtyNEXBQMd69fYX8R3BcXjrVPjfQQeAbGbRMr378DYHI6deatiNmTSB ARC-Seal: i=1; a=rsa-sha256; t=1517256284; cv=none; d=google.com; s=arc-20160816; b=FQKIVIUDvQw2d6iWsvMwYi7eeN9bYzDm7RNc6oungCgi5gc6Lz+u9KBVlTo7yIrUfT 7gOlpyZ1TBdbaVgIRSJAL/UbGKDPD1O8gNrZbxn7cRcB3hN6GFQqSlKCnM6idp6YJfb0 aXjD2MYpTy9zb3s043cskWcg/XYH8pLu6OyoUMhJYDBhNXy5nIipuJf3G6GRH4149HTB 9as5o3VUxzIAHaaKSAWUdtNUaIh8TzzbQ1rQI70pknmYD4km/6cH9ukw38Uk8zfwgu7y JkIfW293BAvK/M1Lng6/+R5WGyo5imENCUBNkFEJJR7D7nqPlwJO1EoGS/2kuVyTg9k/ WINA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:user-agent:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=SmXnQ7O+rW5HHgxBFX0f2vmOAtOtH+dhJ6JMGY84nnk=; b=Ly78v+mRS/7upRxaMTZNqu/DKxAejN92XlTZc8ePHRDkJOw1YCJ/IutIToZcqhU6Kg yvZQ4Z9sTCmcjluRagQmRnANOUu+ERFfeDHsswz6ks1oCk8U5HrWk5irDw8zmGhHyUkG o/ed9Ivr5zcW4BT2aQXVNsRv2zJsl3254+lVHeW3XGDYJJIG3xfJSp+P9dNP+NUUPoji p6sttLtMza/oP6N6nqQoh5TKZ1ciutsVT03iAnTamLsP5M+PhCVkof8slknLLTe5KqkI 9IEoyHSLq47vZwDwj9+wqlJ65ok2wb+uWkIrrdJe86D9JLgING/SRYYy9RQHGK6bW6hz uXCA== ARC-Authentication-Results: i=1; mx.google.com; spf=softfail (google.com: domain of transitioning gregkh@linuxfoundation.org does not designate 90.92.71.90 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning gregkh@linuxfoundation.org does not designate 90.92.71.90 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Thomas Gleixner , Ingo Molnar , Richard Cochran , Prarit Bhargava , Vegard Nossum , John Stultz , Jiri Slaby Subject: [PATCH 4.4 12/74] time: Avoid undefined behaviour in ktime_add_safe() Date: Mon, 29 Jan 2018 13:56:17 +0100 Message-Id: <20180129123848.101898094@linuxfoundation.org> X-Mailer: git-send-email 2.16.1 In-Reply-To: <20180129123847.507563674@linuxfoundation.org> References: <20180129123847.507563674@linuxfoundation.org> User-Agent: quilt/0.65 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-LABELS: =?utf-8?b?IlxcU2VudCI=?= X-GMAIL-THRID: =?utf-8?q?1590958526332679560?= X-GMAIL-MSGID: =?utf-8?q?1590958526332679560?= X-Mailing-List: linux-kernel@vger.kernel.org List-ID: 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Vegard Nossum commit 979515c5645830465739254abc1b1648ada41518 upstream. I ran into this: ================================================================================ UBSAN: Undefined behaviour in kernel/time/hrtimer.c:310:16 signed integer overflow: 9223372036854775807 + 50000 cannot be represented in type 'long long int' CPU: 2 PID: 4798 Comm: trinity-c2 Not tainted 4.8.0-rc1+ #91 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2014 0000000000000000 ffff88010ce6fb88 ffffffff82344740 0000000041b58ab3 ffffffff84f97a20 ffffffff82344694 ffff88010ce6fbb0 ffff88010ce6fb60 000000000000c350 ffff88010ce6f968 dffffc0000000000 ffffffff857bc320 Call Trace: [] dump_stack+0xac/0xfc [] ? _atomic_dec_and_lock+0xc4/0xc4 [] ubsan_epilogue+0xd/0x8a [] handle_overflow+0x202/0x23d [] ? val_to_string.constprop.6+0x11e/0x11e [] ? timerqueue_add+0x151/0x410 [] ? hrtimer_start_range_ns+0x3b8/0x1380 [] ? memset+0x31/0x40 [] __ubsan_handle_add_overflow+0xe/0x10 [] hrtimer_nanosleep+0x5d9/0x790 [] ? hrtimer_init_sleeper+0x80/0x80 [] ? __might_sleep+0x5b/0x260 [] common_nsleep+0x20/0x30 [] SyS_clock_nanosleep+0x197/0x210 [] ? SyS_clock_getres+0x150/0x150 [] ? __this_cpu_preempt_check+0x13/0x20 [] ? __context_tracking_exit.part.3+0x30/0x1b0 [] ? SyS_clock_getres+0x150/0x150 [] do_syscall_64+0x1b3/0x4b0 [] entry_SYSCALL64_slow_path+0x25/0x25 ================================================================================ Add a new ktime_add_unsafe() helper which doesn't check for overflow, but doesn't throw a UBSAN warning when it does overflow either. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Richard Cochran Cc: Prarit Bhargava Signed-off-by: Vegard Nossum Signed-off-by: John Stultz Signed-off-by: Jiri Slaby Signed-off-by: Greg Kroah-Hartman --- include/linux/ktime.h | 7 +++++++ kernel/time/hrtimer.c | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) --- a/include/linux/ktime.h +++ b/include/linux/ktime.h @@ -64,6 +64,13 @@ static inline ktime_t ktime_set(const s6 ({ (ktime_t){ .tv64 = (lhs).tv64 + (rhs).tv64 }; }) /* + * Same as ktime_add(), but avoids undefined behaviour on overflow; however, + * this means that you must check the result for overflow yourself. + */ +#define ktime_add_unsafe(lhs, rhs) \ + ({ (ktime_t){ .tv64 = (u64) (lhs).tv64 + (rhs).tv64 }; }) + +/* * Add a ktime_t variable and a scalar nanosecond value. * res = kt + nsval: */ --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c @@ -312,7 +312,7 @@ EXPORT_SYMBOL_GPL(__ktime_divns); */ ktime_t ktime_add_safe(const ktime_t lhs, const ktime_t rhs) { - ktime_t res = ktime_add(lhs, rhs); + ktime_t res = ktime_add_unsafe(lhs, rhs); /* * We use KTIME_SEC_MAX here, the maximum timeout which we can