* [patch 0/2] posix-timers: Sanitize posix timer overrun handling @ 2018-06-26 13:21 Thomas Gleixner 2018-06-26 13:21 ` [patch 1/2] posix-timers: Make forward callback return s64 Thomas Gleixner 2018-06-26 13:21 ` [patch 2/2] posix-timers: Sanitize overrun handling Thomas Gleixner 0 siblings, 2 replies; 7+ messages in thread From: Thomas Gleixner @ 2018-06-26 13:21 UTC (permalink / raw) To: LKML; +Cc: John Stultz, Peter Zijlstra, Michael Kerrisk, air icy Icy reported an UBSAN splat in the posix timer code, which is caused by the way the overrun accounting works. Depending on interval and expiry time the overrun can be larger than INT_MAX, but the accounting is int based which basically makes the accounting values, which are visible to user space via timer_getoverrrun(2) and siginfo::si_overrun, random. The following series addresses this by converting the internal accounting to 64bit and clamping the user space visible values to INT_MAX. Thanks, tglx 8<------------------- b/include/linux/posix-timers.h | 4 ++-- kernel/time/alarmtimer.c | 4 ++-- kernel/time/posix-cpu-timers.c | 2 +- kernel/time/posix-timers.c | 33 +++++++++++++++++++++------------ kernel/time/posix-timers.h | 2 +- 5 files changed, 27 insertions(+), 18 deletions(-) ^ permalink raw reply [flat|nested] 7+ messages in thread
* [patch 1/2] posix-timers: Make forward callback return s64 2018-06-26 13:21 [patch 0/2] posix-timers: Sanitize posix timer overrun handling Thomas Gleixner @ 2018-06-26 13:21 ` Thomas Gleixner 2018-06-29 4:25 ` John Stultz 2018-07-02 9:36 ` [tip:timers/core] " tip-bot for Thomas Gleixner 2018-06-26 13:21 ` [patch 2/2] posix-timers: Sanitize overrun handling Thomas Gleixner 1 sibling, 2 replies; 7+ messages in thread From: Thomas Gleixner @ 2018-06-26 13:21 UTC (permalink / raw) To: LKML; +Cc: John Stultz, Peter Zijlstra, Michael Kerrisk, air icy The posix timer ti_overrun handling is broken because the forwarding functions can return a huge number of overruns which does not fit in an int. As a consequence timer_getoverrun(2) and siginfo::si_overrun can turn into random number generators. As a first step to address that let the timer_forward() callbacks return the full 64 bit value. Cast it to (int) temporarily until k_itimer::ti_overrun is converted to 64bit and the conversion to user space visible values is sanitized. Reported-by: air icy <icytxw@gmail.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> --- kernel/time/alarmtimer.c | 4 ++-- kernel/time/posix-timers.c | 6 +++--- kernel/time/posix-timers.h | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) --- a/kernel/time/alarmtimer.c +++ b/kernel/time/alarmtimer.c @@ -581,11 +581,11 @@ static void alarm_timer_rearm(struct k_i * @timr: Pointer to the posixtimer data struct * @now: Current time to forward the timer against */ -static int alarm_timer_forward(struct k_itimer *timr, ktime_t now) +static s64 alarm_timer_forward(struct k_itimer *timr, ktime_t now) { struct alarm *alarm = &timr->it.alarm.alarmtimer; - return (int) alarm_forward(alarm, timr->it_interval, now); + return alarm_forward(alarm, timr->it_interval, now); } /** --- a/kernel/time/posix-timers.c +++ b/kernel/time/posix-timers.c @@ -645,11 +645,11 @@ static ktime_t common_hrtimer_remaining( return __hrtimer_expires_remaining_adjusted(timer, now); } -static int common_hrtimer_forward(struct k_itimer *timr, ktime_t now) +static s64 common_hrtimer_forward(struct k_itimer *timr, ktime_t now) { struct hrtimer *timer = &timr->it.real.timer; - return (int)hrtimer_forward(timer, now, timr->it_interval); + return hrtimer_forward(timer, now, timr->it_interval); } /* @@ -702,7 +702,7 @@ void common_timer_get(struct k_itimer *t * expiry time forward by intervals, so expiry is > now. */ if (iv && (timr->it_requeue_pending & REQUEUE_PENDING || sig_none)) - timr->it_overrun += kc->timer_forward(timr, now); + timr->it_overrun += (int)kc->timer_forward(timr, now); remaining = kc->timer_remaining(timr, now); /* Return 0 only, when the timer is expired and not pending */ --- a/kernel/time/posix-timers.h +++ b/kernel/time/posix-timers.h @@ -19,7 +19,7 @@ struct k_clock { void (*timer_get)(struct k_itimer *timr, struct itimerspec64 *cur_setting); void (*timer_rearm)(struct k_itimer *timr); - int (*timer_forward)(struct k_itimer *timr, ktime_t now); + s64 (*timer_forward)(struct k_itimer *timr, ktime_t now); ktime_t (*timer_remaining)(struct k_itimer *timr, ktime_t now); int (*timer_try_to_cancel)(struct k_itimer *timr); void (*timer_arm)(struct k_itimer *timr, ktime_t expires, ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [patch 1/2] posix-timers: Make forward callback return s64 2018-06-26 13:21 ` [patch 1/2] posix-timers: Make forward callback return s64 Thomas Gleixner @ 2018-06-29 4:25 ` John Stultz 2018-07-02 9:36 ` [tip:timers/core] " tip-bot for Thomas Gleixner 1 sibling, 0 replies; 7+ messages in thread From: John Stultz @ 2018-06-29 4:25 UTC (permalink / raw) To: Thomas Gleixner; +Cc: LKML, Peter Zijlstra, Michael Kerrisk, air icy On Tue, Jun 26, 2018 at 6:21 AM, Thomas Gleixner <tglx@linutronix.de> wrote: > The posix timer ti_overrun handling is broken because the forwarding > functions can return a huge number of overruns which does not fit in an > int. As a consequence timer_getoverrun(2) and siginfo::si_overrun can turn > into random number generators. > > As a first step to address that let the timer_forward() callbacks return > the full 64 bit value. > > Cast it to (int) temporarily until k_itimer::ti_overrun is converted to > 64bit and the conversion to user space visible values is sanitized. > > Reported-by: air icy <icytxw@gmail.com> > Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Looks ok, and doesn't trip any regressions in testing so far. Acked-by: John Stultz <john.stultz@linaro.org> thanks -john ^ permalink raw reply [flat|nested] 7+ messages in thread
* [tip:timers/core] posix-timers: Make forward callback return s64 2018-06-26 13:21 ` [patch 1/2] posix-timers: Make forward callback return s64 Thomas Gleixner 2018-06-29 4:25 ` John Stultz @ 2018-07-02 9:36 ` tip-bot for Thomas Gleixner 1 sibling, 0 replies; 7+ messages in thread From: tip-bot for Thomas Gleixner @ 2018-07-02 9:36 UTC (permalink / raw) To: linux-tip-commits Cc: linux-kernel, icytxw, mingo, john.stultz, hpa, tglx, peterz, mtk.manpages Commit-ID: 6fec64e1c92d5c715c6d0f50786daa7708266bde Gitweb: https://git.kernel.org/tip/6fec64e1c92d5c715c6d0f50786daa7708266bde Author: Thomas Gleixner <tglx@linutronix.de> AuthorDate: Tue, 26 Jun 2018 15:21:31 +0200 Committer: Thomas Gleixner <tglx@linutronix.de> CommitDate: Mon, 2 Jul 2018 11:33:25 +0200 posix-timers: Make forward callback return s64 The posix timer ti_overrun handling is broken because the forwarding functions can return a huge number of overruns which does not fit in an int. As a consequence timer_getoverrun(2) and siginfo::si_overrun can turn into random number generators. As a first step to address that let the timer_forward() callbacks return the full 64 bit value. Cast it to (int) temporarily until k_itimer::ti_overrun is converted to 64bit and the conversion to user space visible values is sanitized. Reported-by: Team OWL337 <icytxw@gmail.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: John Stultz <john.stultz@linaro.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Michael Kerrisk <mtk.manpages@gmail.com> Link: https://lkml.kernel.org/r/20180626132704.922098090@linutronix.de --- kernel/time/alarmtimer.c | 4 ++-- kernel/time/posix-timers.c | 6 +++--- kernel/time/posix-timers.h | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c index 639321bf2e39..78a3cc555823 100644 --- a/kernel/time/alarmtimer.c +++ b/kernel/time/alarmtimer.c @@ -581,11 +581,11 @@ static void alarm_timer_rearm(struct k_itimer *timr) * @timr: Pointer to the posixtimer data struct * @now: Current time to forward the timer against */ -static int alarm_timer_forward(struct k_itimer *timr, ktime_t now) +static s64 alarm_timer_forward(struct k_itimer *timr, ktime_t now) { struct alarm *alarm = &timr->it.alarm.alarmtimer; - return (int) alarm_forward(alarm, timr->it_interval, now); + return alarm_forward(alarm, timr->it_interval, now); } /** diff --git a/kernel/time/posix-timers.c b/kernel/time/posix-timers.c index 80d59333c76e..db1d65963a57 100644 --- a/kernel/time/posix-timers.c +++ b/kernel/time/posix-timers.c @@ -645,11 +645,11 @@ static ktime_t common_hrtimer_remaining(struct k_itimer *timr, ktime_t now) return __hrtimer_expires_remaining_adjusted(timer, now); } -static int common_hrtimer_forward(struct k_itimer *timr, ktime_t now) +static s64 common_hrtimer_forward(struct k_itimer *timr, ktime_t now) { struct hrtimer *timer = &timr->it.real.timer; - return (int)hrtimer_forward(timer, now, timr->it_interval); + return hrtimer_forward(timer, now, timr->it_interval); } /* @@ -702,7 +702,7 @@ void common_timer_get(struct k_itimer *timr, struct itimerspec64 *cur_setting) * expiry time forward by intervals, so expiry is > now. */ if (iv && (timr->it_requeue_pending & REQUEUE_PENDING || sig_none)) - timr->it_overrun += kc->timer_forward(timr, now); + timr->it_overrun += (int)kc->timer_forward(timr, now); remaining = kc->timer_remaining(timr, now); /* Return 0 only, when the timer is expired and not pending */ diff --git a/kernel/time/posix-timers.h b/kernel/time/posix-timers.h index 151e28f5bf30..ddb21145211a 100644 --- a/kernel/time/posix-timers.h +++ b/kernel/time/posix-timers.h @@ -19,7 +19,7 @@ struct k_clock { void (*timer_get)(struct k_itimer *timr, struct itimerspec64 *cur_setting); void (*timer_rearm)(struct k_itimer *timr); - int (*timer_forward)(struct k_itimer *timr, ktime_t now); + s64 (*timer_forward)(struct k_itimer *timr, ktime_t now); ktime_t (*timer_remaining)(struct k_itimer *timr, ktime_t now); int (*timer_try_to_cancel)(struct k_itimer *timr); void (*timer_arm)(struct k_itimer *timr, ktime_t expires, ^ permalink raw reply related [flat|nested] 7+ messages in thread
* [patch 2/2] posix-timers: Sanitize overrun handling 2018-06-26 13:21 [patch 0/2] posix-timers: Sanitize posix timer overrun handling Thomas Gleixner 2018-06-26 13:21 ` [patch 1/2] posix-timers: Make forward callback return s64 Thomas Gleixner @ 2018-06-26 13:21 ` Thomas Gleixner 2018-06-29 4:24 ` John Stultz 2018-07-02 9:37 ` [tip:timers/core] " tip-bot for Thomas Gleixner 1 sibling, 2 replies; 7+ messages in thread From: Thomas Gleixner @ 2018-06-26 13:21 UTC (permalink / raw) To: LKML; +Cc: John Stultz, Peter Zijlstra, Michael Kerrisk, air icy The posix timer overrun handling is broken because the forwarding functions can return a huge number of overruns which does not fit in an int. As a consequence timer_getoverrun(2) and siginfo::si_overrun can turn into random number generators. The k_clock::timer_forward() callbacks return a 64 bit value now. Make k_itimer::ti_overrun[_last] 64bit as well, so the kernel internal accounting is correct. 3Remove the temporary (int) casts. Add a helper function which clamps the overrun value returned to user space via timer_getoverrun(2) or siginfo::si_overrun limited to a positive value between 0 and INT_MAX. INT_MAX is an indicator for user space that the overrun value has been clamped. Reported-by: air icy <icytxw@gmail.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> --- include/linux/posix-timers.h | 4 ++-- kernel/time/posix-cpu-timers.c | 2 +- kernel/time/posix-timers.c | 31 ++++++++++++++++++++----------- 3 files changed, 23 insertions(+), 14 deletions(-) --- a/include/linux/posix-timers.h +++ b/include/linux/posix-timers.h @@ -95,8 +95,8 @@ struct k_itimer { clockid_t it_clock; timer_t it_id; int it_active; - int it_overrun; - int it_overrun_last; + s64 it_overrun; + s64 it_overrun_last; int it_requeue_pending; int it_sigev_notify; ktime_t it_interval; --- a/kernel/time/posix-cpu-timers.c +++ b/kernel/time/posix-cpu-timers.c @@ -85,7 +85,7 @@ static void bump_cpu_timer(struct k_itim continue; timer->it.cpu.expires += incr; - timer->it_overrun += 1 << i; + timer->it_overrun += 1LL << i; delta -= incr; } } --- a/kernel/time/posix-timers.c +++ b/kernel/time/posix-timers.c @@ -283,6 +283,17 @@ static __init int init_posix_timers(void } __initcall(init_posix_timers); +/* + * The siginfo si_overrun field and the return value of timer_getoverrun(2) + * are of type int. Clamp the overrun value to INT_MAX + */ +static inline int timer_overrun_to_int(struct k_itimer *timr, int baseval) +{ + s64 sum = timr->it_overrun_last + (s64)baseval; + + return sum > (s64)INT_MAX ? INT_MAX : (int)sum; +} + static void common_hrtimer_rearm(struct k_itimer *timr) { struct hrtimer *timer = &timr->it.real.timer; @@ -290,9 +301,8 @@ static void common_hrtimer_rearm(struct if (!timr->it_interval) return; - timr->it_overrun += (unsigned int) hrtimer_forward(timer, - timer->base->get_time(), - timr->it_interval); + timr->it_overrun += hrtimer_forward(timer, timer->base->get_time(), + timr->it_interval); hrtimer_restart(timer); } @@ -321,10 +331,10 @@ void posixtimer_rearm(struct siginfo *in timr->it_active = 1; timr->it_overrun_last = timr->it_overrun; - timr->it_overrun = -1; + timr->it_overrun = -1LL; ++timr->it_requeue_pending; - info->si_overrun += timr->it_overrun_last; + info->si_overrun = timer_overrun_to_int(timr, info->si_overrun); } unlock_timer(timr, flags); @@ -418,9 +428,8 @@ static enum hrtimer_restart posix_timer_ now = ktime_add(now, kj); } #endif - timr->it_overrun += (unsigned int) - hrtimer_forward(timer, now, - timr->it_interval); + timr->it_overrun += hrtimer_forward(timer, now, + timr->it_interval); ret = HRTIMER_RESTART; ++timr->it_requeue_pending; timr->it_active = 1; @@ -524,7 +533,7 @@ static int do_timer_create(clockid_t whi new_timer->it_id = (timer_t) new_timer_id; new_timer->it_clock = which_clock; new_timer->kclock = kc; - new_timer->it_overrun = -1; + new_timer->it_overrun = -1LL; if (event) { rcu_read_lock(); @@ -702,7 +711,7 @@ void common_timer_get(struct k_itimer *t * expiry time forward by intervals, so expiry is > now. */ if (iv && (timr->it_requeue_pending & REQUEUE_PENDING || sig_none)) - timr->it_overrun += (int)kc->timer_forward(timr, now); + timr->it_overrun += kc->timer_forward(timr, now); remaining = kc->timer_remaining(timr, now); /* Return 0 only, when the timer is expired and not pending */ @@ -791,7 +800,7 @@ SYSCALL_DEFINE1(timer_getoverrun, timer_ if (!timr) return -EINVAL; - overrun = timr->it_overrun_last; + overrun = timer_overrun_to_int(timr, 0); unlock_timer(timr, flags); return overrun; ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [patch 2/2] posix-timers: Sanitize overrun handling 2018-06-26 13:21 ` [patch 2/2] posix-timers: Sanitize overrun handling Thomas Gleixner @ 2018-06-29 4:24 ` John Stultz 2018-07-02 9:37 ` [tip:timers/core] " tip-bot for Thomas Gleixner 1 sibling, 0 replies; 7+ messages in thread From: John Stultz @ 2018-06-29 4:24 UTC (permalink / raw) To: Thomas Gleixner; +Cc: LKML, Peter Zijlstra, Michael Kerrisk, air icy On Tue, Jun 26, 2018 at 6:21 AM, Thomas Gleixner <tglx@linutronix.de> wrote: > The posix timer overrun handling is broken because the forwarding functions > can return a huge number of overruns which does not fit in an int. As a > consequence timer_getoverrun(2) and siginfo::si_overrun can turn into > random number generators. > > The k_clock::timer_forward() callbacks return a 64 bit value now. Make > k_itimer::ti_overrun[_last] 64bit as well, so the kernel internal > accounting is correct. 3Remove the temporary (int) casts. > > Add a helper function which clamps the overrun value returned to user space > via timer_getoverrun(2) or siginfo::si_overrun limited to a positive value > between 0 and INT_MAX. INT_MAX is an indicator for user space that the > overrun value has been clamped. > > Reported-by: air icy <icytxw@gmail.com> > Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Looks ok, and doesn't trip any regressions in testing so far. Acked-by: John Stultz <john.stultz@linaro.org> thanks -john ^ permalink raw reply [flat|nested] 7+ messages in thread
* [tip:timers/core] posix-timers: Sanitize overrun handling 2018-06-26 13:21 ` [patch 2/2] posix-timers: Sanitize overrun handling Thomas Gleixner 2018-06-29 4:24 ` John Stultz @ 2018-07-02 9:37 ` tip-bot for Thomas Gleixner 1 sibling, 0 replies; 7+ messages in thread From: tip-bot for Thomas Gleixner @ 2018-07-02 9:37 UTC (permalink / raw) To: linux-tip-commits Cc: mtk.manpages, john.stultz, hpa, linux-kernel, icytxw, tglx, peterz, mingo Commit-ID: 78c9c4dfbf8c04883941445a195276bb4bb92c76 Gitweb: https://git.kernel.org/tip/78c9c4dfbf8c04883941445a195276bb4bb92c76 Author: Thomas Gleixner <tglx@linutronix.de> AuthorDate: Tue, 26 Jun 2018 15:21:32 +0200 Committer: Thomas Gleixner <tglx@linutronix.de> CommitDate: Mon, 2 Jul 2018 11:33:25 +0200 posix-timers: Sanitize overrun handling The posix timer overrun handling is broken because the forwarding functions can return a huge number of overruns which does not fit in an int. As a consequence timer_getoverrun(2) and siginfo::si_overrun can turn into random number generators. The k_clock::timer_forward() callbacks return a 64 bit value now. Make k_itimer::ti_overrun[_last] 64bit as well, so the kernel internal accounting is correct. 3Remove the temporary (int) casts. Add a helper function which clamps the overrun value returned to user space via timer_getoverrun(2) or siginfo::si_overrun limited to a positive value between 0 and INT_MAX. INT_MAX is an indicator for user space that the overrun value has been clamped. Reported-by: Team OWL337 <icytxw@gmail.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: John Stultz <john.stultz@linaro.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Michael Kerrisk <mtk.manpages@gmail.com> Link: https://lkml.kernel.org/r/20180626132705.018623573@linutronix.de --- include/linux/posix-timers.h | 4 ++-- kernel/time/posix-cpu-timers.c | 2 +- kernel/time/posix-timers.c | 31 ++++++++++++++++++++----------- 3 files changed, 23 insertions(+), 14 deletions(-) diff --git a/include/linux/posix-timers.h b/include/linux/posix-timers.h index c85704fcdbd2..ee7e987ea1b4 100644 --- a/include/linux/posix-timers.h +++ b/include/linux/posix-timers.h @@ -95,8 +95,8 @@ struct k_itimer { clockid_t it_clock; timer_t it_id; int it_active; - int it_overrun; - int it_overrun_last; + s64 it_overrun; + s64 it_overrun_last; int it_requeue_pending; int it_sigev_notify; ktime_t it_interval; diff --git a/kernel/time/posix-cpu-timers.c b/kernel/time/posix-cpu-timers.c index 5a6251ac6f7a..562cc3891b57 100644 --- a/kernel/time/posix-cpu-timers.c +++ b/kernel/time/posix-cpu-timers.c @@ -85,7 +85,7 @@ static void bump_cpu_timer(struct k_itimer *timer, u64 now) continue; timer->it.cpu.expires += incr; - timer->it_overrun += 1 << i; + timer->it_overrun += 1LL << i; delta -= incr; } } diff --git a/kernel/time/posix-timers.c b/kernel/time/posix-timers.c index db1d65963a57..3ac7295306dc 100644 --- a/kernel/time/posix-timers.c +++ b/kernel/time/posix-timers.c @@ -283,6 +283,17 @@ static __init int init_posix_timers(void) } __initcall(init_posix_timers); +/* + * The siginfo si_overrun field and the return value of timer_getoverrun(2) + * are of type int. Clamp the overrun value to INT_MAX + */ +static inline int timer_overrun_to_int(struct k_itimer *timr, int baseval) +{ + s64 sum = timr->it_overrun_last + (s64)baseval; + + return sum > (s64)INT_MAX ? INT_MAX : (int)sum; +} + static void common_hrtimer_rearm(struct k_itimer *timr) { struct hrtimer *timer = &timr->it.real.timer; @@ -290,9 +301,8 @@ static void common_hrtimer_rearm(struct k_itimer *timr) if (!timr->it_interval) return; - timr->it_overrun += (unsigned int) hrtimer_forward(timer, - timer->base->get_time(), - timr->it_interval); + timr->it_overrun += hrtimer_forward(timer, timer->base->get_time(), + timr->it_interval); hrtimer_restart(timer); } @@ -321,10 +331,10 @@ void posixtimer_rearm(struct siginfo *info) timr->it_active = 1; timr->it_overrun_last = timr->it_overrun; - timr->it_overrun = -1; + timr->it_overrun = -1LL; ++timr->it_requeue_pending; - info->si_overrun += timr->it_overrun_last; + info->si_overrun = timer_overrun_to_int(timr, info->si_overrun); } unlock_timer(timr, flags); @@ -418,9 +428,8 @@ static enum hrtimer_restart posix_timer_fn(struct hrtimer *timer) now = ktime_add(now, kj); } #endif - timr->it_overrun += (unsigned int) - hrtimer_forward(timer, now, - timr->it_interval); + timr->it_overrun += hrtimer_forward(timer, now, + timr->it_interval); ret = HRTIMER_RESTART; ++timr->it_requeue_pending; timr->it_active = 1; @@ -524,7 +533,7 @@ static int do_timer_create(clockid_t which_clock, struct sigevent *event, new_timer->it_id = (timer_t) new_timer_id; new_timer->it_clock = which_clock; new_timer->kclock = kc; - new_timer->it_overrun = -1; + new_timer->it_overrun = -1LL; if (event) { rcu_read_lock(); @@ -702,7 +711,7 @@ void common_timer_get(struct k_itimer *timr, struct itimerspec64 *cur_setting) * expiry time forward by intervals, so expiry is > now. */ if (iv && (timr->it_requeue_pending & REQUEUE_PENDING || sig_none)) - timr->it_overrun += (int)kc->timer_forward(timr, now); + timr->it_overrun += kc->timer_forward(timr, now); remaining = kc->timer_remaining(timr, now); /* Return 0 only, when the timer is expired and not pending */ @@ -791,7 +800,7 @@ SYSCALL_DEFINE1(timer_getoverrun, timer_t, timer_id) if (!timr) return -EINVAL; - overrun = timr->it_overrun_last; + overrun = timer_overrun_to_int(timr, 0); unlock_timer(timr, flags); return overrun; ^ permalink raw reply related [flat|nested] 7+ messages in thread
end of thread, other threads:[~2018-07-02 9:38 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2018-06-26 13:21 [patch 0/2] posix-timers: Sanitize posix timer overrun handling Thomas Gleixner 2018-06-26 13:21 ` [patch 1/2] posix-timers: Make forward callback return s64 Thomas Gleixner 2018-06-29 4:25 ` John Stultz 2018-07-02 9:36 ` [tip:timers/core] " tip-bot for Thomas Gleixner 2018-06-26 13:21 ` [patch 2/2] posix-timers: Sanitize overrun handling Thomas Gleixner 2018-06-29 4:24 ` John Stultz 2018-07-02 9:37 ` [tip:timers/core] " tip-bot for Thomas Gleixner
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).