[7.x,ubsan,fix,1/6] cputime: Prevent 32bit overflow in time[val|spec]_to_cputime()

Message ID 1510886009-141575-2-git-send-email-wangkefeng.wang@huawei.com
State New
Headers show
Series
  • [7.x,ubsan,fix,1/6] cputime: Prevent 32bit overflow in time[val|spec]_to_cputime()
Related show

Commit Message

Kefeng Wang Nov. 17, 2017, 2:33 a.m.
From: zengtao <prime.zeng@huawei.com>


mainline inclusion
from mainline-4.5
commit 0f26922fe5dc5724b1adbbd54b21bad03590b4f3
category: bugfix
bugzilla: 3214
DTS: NA
CVE: NA

-------------------------------------------------

The datatype __kernel_time_t is u32 on 32bit platform, so its subject to
overflows in the timeval/timespec to cputime conversion.

Currently the following functions are affected:
1. setitimer()
2. timer_create/timer_settime()
3. sys_clock_nanosleep

This can happen on MIPS32 and ARM32 with "Full dynticks CPU time accounting"
enabled, which is required for CONFIG_NO_HZ_FULL.

Enforce u64 conversion to prevent the overflow.

Fixes: 31c1fc818715 ("ARM: Kconfig: allow full nohz CPU accounting")
Signed-off-by: zengtao <prime.zeng@huawei.com>

Reviewed-by: Arnd Bergmann <arnd@arndb.de>

Cc: <fweisbec@gmail.com>
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/1454384314-154784-1-git-send-email-prime.zeng@huawei.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

(cherry picked from commit 0f26922fe5dc5724b1adbbd54b21bad03590b4f3)
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>

---
 include/asm-generic/cputime_nsecs.h | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

-- 
1.8.3.1

Comments

Kefeng Wang Nov. 17, 2017, 2:34 a.m. | #1
sorry, please ignore...


On 2017/11/17 10:33, Kefeng Wang wrote:
> From: zengtao <prime.zeng@huawei.com>

>

> mainline inclusion

> from mainline-4.5

> commit 0f26922fe5dc5724b1adbbd54b21bad03590b4f3

> category: bugfix

> bugzilla: 3214

> DTS: NA

> CVE: NA

>

> -------------------------------------------------

>

> The datatype __kernel_time_t is u32 on 32bit platform, so its subject to

> overflows in the timeval/timespec to cputime conversion.

>

> Currently the following functions are affected:

> 1. setitimer()

> 2. timer_create/timer_settime()

> 3. sys_clock_nanosleep

>

> This can happen on MIPS32 and ARM32 with "Full dynticks CPU time accounting"

> enabled, which is required for CONFIG_NO_HZ_FULL.

>

> Enforce u64 conversion to prevent the overflow.

>

> Fixes: 31c1fc818715 ("ARM: Kconfig: allow full nohz CPU accounting")

> Signed-off-by: zengtao <prime.zeng@huawei.com>

> Reviewed-by: Arnd Bergmann <arnd@arndb.de>

> Cc: <fweisbec@gmail.com>

> Cc: stable@vger.kernel.org

> Link: http://lkml.kernel.org/r/1454384314-154784-1-git-send-email-prime.zeng@huawei.com

> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

> (cherry picked from commit 0f26922fe5dc5724b1adbbd54b21bad03590b4f3)

> Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>

> ---

>  include/asm-generic/cputime_nsecs.h | 5 +++--

>  1 file changed, 3 insertions(+), 2 deletions(-)

>

> diff --git a/include/asm-generic/cputime_nsecs.h b/include/asm-generic/cputime_nsecs.h

> index bf97df3..903285b 100644

> --- a/include/asm-generic/cputime_nsecs.h

> +++ b/include/asm-generic/cputime_nsecs.h

> @@ -72,7 +72,7 @@ typedef u64 __nocast cputime64_t;

>   */

>  static inline cputime_t timespec_to_cputime(const struct timespec *val)

>  {

> -	u64 ret = val->tv_sec * NSEC_PER_SEC + val->tv_nsec;

> +	u64 ret = (u64)val->tv_sec * NSEC_PER_SEC + val->tv_nsec;

>  	return (__force cputime_t) ret;

>  }

>  static inline void cputime_to_timespec(const cputime_t ct, struct timespec *val)

> @@ -88,7 +88,8 @@ static inline void cputime_to_timespec(const cputime_t ct, struct timespec *val)

>   */

>  static inline cputime_t timeval_to_cputime(const struct timeval *val)

>  {

> -	u64 ret = val->tv_sec * NSEC_PER_SEC + val->tv_usec * NSEC_PER_USEC;

> +	u64 ret = (u64)val->tv_sec * NSEC_PER_SEC +

> +			val->tv_usec * NSEC_PER_USEC;

>  	return (__force cputime_t) ret;

>  }

>  static inline void cputime_to_timeval(const cputime_t ct, struct timeval *val)

Patch

diff --git a/include/asm-generic/cputime_nsecs.h b/include/asm-generic/cputime_nsecs.h
index bf97df3..903285b 100644
--- a/include/asm-generic/cputime_nsecs.h
+++ b/include/asm-generic/cputime_nsecs.h
@@ -72,7 +72,7 @@  typedef u64 __nocast cputime64_t;
  */
 static inline cputime_t timespec_to_cputime(const struct timespec *val)
 {
-	u64 ret = val->tv_sec * NSEC_PER_SEC + val->tv_nsec;
+	u64 ret = (u64)val->tv_sec * NSEC_PER_SEC + val->tv_nsec;
 	return (__force cputime_t) ret;
 }
 static inline void cputime_to_timespec(const cputime_t ct, struct timespec *val)
@@ -88,7 +88,8 @@  static inline void cputime_to_timespec(const cputime_t ct, struct timespec *val)
  */
 static inline cputime_t timeval_to_cputime(const struct timeval *val)
 {
-	u64 ret = val->tv_sec * NSEC_PER_SEC + val->tv_usec * NSEC_PER_USEC;
+	u64 ret = (u64)val->tv_sec * NSEC_PER_SEC +
+			val->tv_usec * NSEC_PER_USEC;
 	return (__force cputime_t) ret;
 }
 static inline void cputime_to_timeval(const cputime_t ct, struct timeval *val)