linux

mirror of https://github.com/hardkernel/linux.git synced 2026-04-03 03:33:01 +09:00

Files

Vegard Nossum 08b1cf4964 time: Avoid undefined behaviour in ktime_add_safe()

commit 979515c564 upstream.

I ran into this:

    ================================================================================
    UBSAN: Undefined behaviour in kernel/time/hrtimer.c:310:16
    signed integer overflow:
    9223372036854775807 + 50000 cannot be represented in type 'long long int'
    CPU: 2 PID: 4798 Comm: trinity-c2 Not tainted 4.8.0-rc1+ #91
    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2014
     0000000000000000 ffff88010ce6fb88 ffffffff82344740 0000000041b58ab3
     ffffffff84f97a20 ffffffff82344694 ffff88010ce6fbb0 ffff88010ce6fb60
     000000000000c350 ffff88010ce6f968 dffffc0000000000 ffffffff857bc320
    Call Trace:
     [<ffffffff82344740>] dump_stack+0xac/0xfc
     [<ffffffff82344694>] ? _atomic_dec_and_lock+0xc4/0xc4
     [<ffffffff8242df78>] ubsan_epilogue+0xd/0x8a
     [<ffffffff8242e6b4>] handle_overflow+0x202/0x23d
     [<ffffffff8242e4b2>] ? val_to_string.constprop.6+0x11e/0x11e
     [<ffffffff8236df71>] ? timerqueue_add+0x151/0x410
     [<ffffffff81485c48>] ? hrtimer_start_range_ns+0x3b8/0x1380
     [<ffffffff81795631>] ? memset+0x31/0x40
     [<ffffffff8242e6fd>] __ubsan_handle_add_overflow+0xe/0x10
     [<ffffffff81488ac9>] hrtimer_nanosleep+0x5d9/0x790
     [<ffffffff814884f0>] ? hrtimer_init_sleeper+0x80/0x80
     [<ffffffff813a9ffb>] ? __might_sleep+0x5b/0x260
     [<ffffffff8148be10>] common_nsleep+0x20/0x30
     [<ffffffff814906c7>] SyS_clock_nanosleep+0x197/0x210
     [<ffffffff81490530>] ? SyS_clock_getres+0x150/0x150
     [<ffffffff823c7113>] ? __this_cpu_preempt_check+0x13/0x20
     [<ffffffff8162ef60>] ? __context_tracking_exit.part.3+0x30/0x1b0
     [<ffffffff81490530>] ? SyS_clock_getres+0x150/0x150
     [<ffffffff81007bd3>] do_syscall_64+0x1b3/0x4b0
     [<ffffffff845f85aa>] entry_SYSCALL64_slow_path+0x25/0x25
    ================================================================================

Add a new ktime_add_unsafe() helper which doesn't check for overflow, but
doesn't throw a UBSAN warning when it does overflow either.

Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Richard Cochran <richardcochran@gmail.com>
Cc: Prarit Bhargava <prarit@redhat.com>
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2018-01-31 12:06:08 +01:00

bpf

bpf, array: fix overflow in max_entries and undefined behavior in index_mask

2018-01-17 09:35:31 +01:00

configs

kconfig: tinyconfig: provide whole choice blocks to avoid warnings

2016-09-24 10:07:42 +02:00

debug

kdb: Fix handling of kallsyms_symbol_next() return value

2017-12-16 10:33:49 +01:00

events

bpf: one perf event close won't free bpf program attached by another perf event

2017-10-21 17:09:02 +02:00

gcov

gcov: disable for COMPILE_TEST

2018-01-23 19:50:10 +01:00

irq

genirq: Release resources in __setup_irq() error path

2017-06-26 07:13:10 +02:00

livepatch

livepatch: x86: fix relocation computation with kASLR

2015-11-11 17:36:04 +01:00

locking

locking/mutex: Allow next waiter lockless wakeup

2018-01-17 09:35:27 +01:00

power

sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs

2017-10-12 11:27:35 +02:00

printk

printk: use rcuidle console tracepoint

2017-02-23 17:43:10 +01:00

rcu

rcu: Allow for page faults in NMI handlers

2017-10-18 09:20:41 +02:00

sched

sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks

2018-01-31 12:06:07 +01:00

time

time: Avoid undefined behaviour in ktime_add_safe()

2018-01-31 12:06:08 +01:00

trace

tracing: Fix converting enum's from the map in trace_event_eval_update()

2018-01-23 19:50:16 +01:00

.gitignore

certs: add .gitignore to stop git nagging about x509_certificate_list

2015-10-21 15:18:35 +01:00

acct.c

kernel/acct.c: fix the acct->needcheck check in check_free_space()

2018-01-10 09:27:08 +01:00

async.c

kernel/async.c: switch to pr_foo()

2014-10-09 22:26:04 -04:00

audit_fsnotify.c

audit: clean simple fsnotify implementation

2015-08-06 16:14:53 -04:00

audit_tree.c

audit: audit_tree_match can be boolean

2015-11-04 08:23:51 -05:00

audit_watch.c

audit: Fix use after free in audit_remove_watch_rule()

2017-08-24 17:02:35 -07:00

audit.c

audit: ensure that 'audit=1' actually enables audit for PID 1

2017-12-16 10:33:56 +01:00

audit.h

audit: audit_tree_match can be boolean

2015-11-04 08:23:51 -05:00

auditfilter.c

audit: fix comment block whitespace

2015-11-04 08:23:51 -05:00

auditsc.c

audit: fix a double fetch in audit_log_single_execve_arg()

2016-08-20 18:09:22 +02:00

backtracetest.c

kernel/backtracetest.c: replace no level printk by pr_info()

2014-06-04 16:54:14 -07:00

bounds.c

page-cgroup: get rid of NR_PCG_FLAGS

2014-08-08 15:57:18 -07:00

capability.c

exec: Ensure mm->user_ns contains the execed files

2017-01-06 11:16:14 +01:00

cgroup_freezer.c

cgroup: fix handling of multi-destination migration from subtree_control enabling

2015-12-03 10:18:21 -05:00

cgroup_pids.c

cgroup_pids: don't account for the root cgroup

2015-12-03 10:18:21 -05:00

cgroup.c

cgroup, kthread: close race window where new kthreads can be migrated to non-root cgroups

2017-04-21 09:30:04 +02:00

compat.c

compat: cleanup coding in compat_get_bitmap() and compat_put_bitmap()

2015-06-04 23:57:18 +02:00

configs.c

…

context_tracking.c

context_tracking: avoid irq_save/irq_restore on guest entry and exit

2015-11-10 12:06:23 +01:00

cpu_pm.c

kernel/cpu_pm: fix cpu_cluster_pm_exit comment

2015-09-03 02:42:20 +02:00

cpu.c

stable-fixup: hotplug: fix unused function warning

2017-01-12 11:22:48 +01:00

cpuset.c

sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs

2017-10-12 11:27:35 +02:00

crash_dump.c

crash_dump: Make is_kdump_kernel() accessible from modules

2014-08-25 15:42:19 -07:00

cred.c

cred: Reject inodes with invalid ids in set_create_file_as()

2016-09-15 08:27:49 +02:00

delayacct.c

delayacct: Remove braindamaged type conversions

2014-07-23 10:18:06 -07:00

dma.c

…

elfcore.c

switch elf_core_write_extra_phdrs() to dump_emit()

2013-11-09 00:16:23 -05:00

exec_domain.c

Remove rest of exec domains.

2015-04-12 21:03:31 +02:00

exit.c

wait/ptrace: assume __WALL if the child is traced

2016-06-07 18:14:35 -07:00

extable.c

kernel/extable.c: mark core_kernel_text notrace

2017-07-21 07:44:56 +02:00

fork.c

kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE

2018-01-05 15:44:23 +01:00

freezer.c

freezer: remove obsolete comments in __thaw_task()

2014-10-21 23:44:20 +02:00

futex_compat.c

ptrace: use fsuid, fsgid, effective creds for fs access checks

2016-02-25 12:01:16 -08:00

futex.c

futex: Prevent overflow by strengthen input validation

2018-01-23 19:50:14 +01:00

groups.c

kernel: make groups_sort calling a responsibility group_info allocators

2018-01-10 09:27:10 +01:00

hung_task.c

kernel/hung_task.c: change hung_task.c to use for_each_process_thread()

2015-04-15 16:35:22 -07:00

irq_work.c

treewide: Remove old email address

2015-11-23 09:44:58 +01:00

jump_label.c

jump_label: Invoke jump_label_test() via early_initcall()

2017-12-16 10:33:55 +01:00

kallsyms.c

kernel/kallsyms.c: use __seq_open_private()

2014-10-14 02:18:16 +02:00

kcmp.c

ptrace: use fsuid, fsgid, effective creds for fs access checks

2016-02-25 12:01:16 -08:00

Kconfig.freezer

…

Kconfig.hz

kernel: remove CONFIG_USE_GENERIC_SMP_HELPERS

2013-11-15 09:32:22 +09:00

Kconfig.locks

locking/qrwlock: Rename QUEUE_RWLOCK to QUEUED_RWLOCKS

2015-05-12 09:46:00 +02:00

Kconfig.preempt

…

kexec_core.c

kexec: use file name as the output message prefix

2015-11-06 17:50:42 -08:00

kexec_file.c

kexec: fix double-free when failing to relocate the purgatory

2016-09-24 10:07:36 +02:00

kexec_internal.h

kexec: split kexec_file syscall code to kexec_file.c

2015-09-10 13:29:01 -07:00

kexec.c

kexec: use file name as the output message prefix

2015-11-06 17:50:42 -08:00

kmod.c

kmod: don't run async usermode helper as a child of kworker thread

2015-10-23 17:55:10 +09:00

kprobes.c

tracing/kprobes: Enforce kprobes teardown after testing

2017-05-25 14:30:17 +02:00

ksysfs.c

kexec: split kexec_load syscall from kexec core code

2015-09-10 13:29:01 -07:00

kthread.c

cgroup, kthread: close race window where new kthreads can be migrated to non-root cgroups

2017-04-21 09:30:04 +02:00

latencytop.c

kernel/latencytop.c: convert seq_printf to seq_puts

2014-06-04 16:54:15 -07:00

Makefile

sys_membarrier(): system-wide memory barrier (generic, x86)

2015-09-11 15:21:34 -07:00

membarrier.c

Fix: Disable sys_membarrier when nohz_full is enabled

2017-03-12 06:37:26 +01:00

memremap.c

mm: fix devm_memremap_pages crash, use mem_hotplug_{begin, done}

2017-01-19 20:17:18 +01:00

module_signing.c

KEYS: Merge the type-specific data with the payload data

2015-10-21 15:18:36 +01:00

module-internal.h

KEYS: Separate the kernel signature checking keyring from module signing

2013-09-25 17:17:01 +01:00

module.c

module: Issue warnings when tainting kernel

2018-01-10 09:27:14 +01:00

notifier.c

Merge branch 'x86-asm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

2015-09-01 08:40:25 -07:00

nsproxy.c

bury struct proc_ns in fs/proc

2014-12-04 14:34:54 -05:00

padata.c

padata: free correct variable

2017-05-20 14:27:02 +02:00

panic.c

kernel/panic.c: add missing \n

2017-07-05 14:37:19 +02:00

params.c

Merge tag 'modules-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux

2015-11-09 15:53:39 -08:00

pid_namespace.c

pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes

2017-05-25 14:30:11 +02:00

pid.c

pids: make task_tgid_nr_ns() safe

2017-08-24 17:02:36 -07:00

profile.c

mm: rename alloc_pages_exact_node() to __alloc_pages_node()

2015-09-08 15:35:28 -07:00

ptrace.c

ptrace: Properly initialize ptracer_cred on fork

2017-06-14 13:16:20 +02:00

range.c

kernel: avoid overflow in cmp_range

2015-01-17 10:02:23 +13:00

reboot.c

kexec: split kexec_load syscall from kexec core code

2015-09-10 13:29:01 -07:00

relay.c

kernel/relay.c: use kvfree() in relay_free_page_array()

2015-06-30 19:44:59 -07:00

resource.c

/proc/iomem: only expose physical resource addresses to privileged users

2017-08-06 19:19:42 -07:00

seccomp.c

seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter()

2017-10-05 09:41:46 +02:00

signal.c

kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal()

2018-01-10 09:27:11 +01:00

smp.c

mm, page_alloc: distinguish between being unable to sleep, unwilling to sleep and avoiding waking kswapd

2015-11-06 17:50:42 -08:00

smpboot.c

stop_machine: Kill smp_hotplug_thread->pre_unpark, introduce stop_machine_unpark()

2015-10-20 10:23:55 +02:00

smpboot.h

…

softirq.c

Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

2015-02-09 15:24:03 -08:00

stacktrace.c

stacktrace: introduce snprint_stack_trace for buffer output

2014-12-13 12:42:48 -08:00

stop_machine.c

kernel: remove stop_machine() Kconfig dependency

2015-12-12 10:15:34 -08:00

sys_ni.c

mm: mlock: add new mlock system call

2015-11-05 19:34:48 -08:00

sys.c

prctl: take mmap sem for writing to protect against others

2016-02-25 12:01:25 -08:00

sysctl_binary.c

fs/coredump: prevent fsuid=0 dumps into user-controlled directories

2016-04-12 09:08:58 -07:00

sysctl.c

timer/sysclt: Restrict timer migration sysctl values to 0 and 1

2017-10-05 09:41:47 +02:00

task_work.c

task_work: remove fifo ordering guarantee

2015-09-05 13:46:58 -07:00

taskstats.c

netlink: make nlmsg_end() and genlmsg_end() void

2015-01-18 01:03:45 -05:00

test_kprobes.c

kernel/test_kprobes.c: use current logging functions

2014-08-08 15:57:18 -07:00

torture.c

torture: Consolidate cond_resched_rcu_qs() into stutter_wait()

2015-10-06 11:25:01 -07:00

tracepoint.c

tracepoint: Give priority to probes of tracepoints

2015-10-25 21:33:54 -04:00

tsacct.c

sched: Make task->start_time nanoseconds based

2014-07-23 10:18:05 -07:00

uid16.c

kernel: make groups_sort calling a responsibility group_info allocators

2018-01-10 09:27:10 +01:00

up.c

smp: Rename __smp_call_function_single() to smp_call_function_single_async()

2014-02-24 14:47:15 -08:00

user_namespace.c

capabilities: ambient capabilities

2015-09-04 16:54:41 -07:00

user-return-notifier.c

scheduler: Replace __get_cpu_var with this_cpu_ptr

2014-08-26 13:45:45 -04:00

user.c

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace

2014-12-17 12:31:40 -08:00

utsname_sysctl.c

sysctl: convert use of typedef ctl_table to struct ctl_table

2014-06-06 16:08:16 -07:00

utsname.c

copy address of proc_ns_ops into ns_common

2014-12-04 14:34:47 -05:00

watchdog.c

kernel/watchdog: use nmi registers snapshot in hardlockup handler

2017-01-06 11:16:16 +01:00

workqueue_internal.h

workqueue: Fix NULL pointer dereference

2017-11-15 17:13:11 +01:00

workqueue.c

workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq

2017-12-16 10:33:52 +01:00