[Linux-stable-mirror] [PATCH 7.x ubsan fix 1/6] cputime: Prevent 32bit overflow in time[val|spec]_to_cputime()
From: zengtao prime.zeng@huawei.com
mainline inclusion from mainline-4.5 commit 0f26922fe5dc5724b1adbbd54b21bad03590b4f3 category: bugfix bugzilla: 3214 DTS: NA CVE: NA
-------------------------------------------------
The datatype __kernel_time_t is u32 on 32bit platform, so its subject to overflows in the timeval/timespec to cputime conversion.
Currently the following functions are affected: 1. setitimer() 2. timer_create/timer_settime() 3. sys_clock_nanosleep
This can happen on MIPS32 and ARM32 with "Full dynticks CPU time accounting" enabled, which is required for CONFIG_NO_HZ_FULL.
Enforce u64 conversion to prevent the overflow.
Fixes: 31c1fc818715 ("ARM: Kconfig: allow full nohz CPU accounting") Signed-off-by: zengtao prime.zeng@huawei.com Reviewed-by: Arnd Bergmann arnd@arndb.de Cc: fweisbec@gmail.com Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/1454384314-154784-1-git-send-email-prime.zeng@huawe... Signed-off-by: Thomas Gleixner tglx@linutronix.de (cherry picked from commit 0f26922fe5dc5724b1adbbd54b21bad03590b4f3) Signed-off-by: Kefeng Wang wangkefeng.wang@huawei.com --- include/asm-generic/cputime_nsecs.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/include/asm-generic/cputime_nsecs.h b/include/asm-generic/cputime_nsecs.h index bf97df3..903285b 100644 --- a/include/asm-generic/cputime_nsecs.h +++ b/include/asm-generic/cputime_nsecs.h @@ -72,7 +72,7 @@ typedef u64 __nocast cputime64_t; */ static inline cputime_t timespec_to_cputime(const struct timespec *val) { - u64 ret = val->tv_sec * NSEC_PER_SEC + val->tv_nsec; + u64 ret = (u64)val->tv_sec * NSEC_PER_SEC + val->tv_nsec; return (__force cputime_t) ret; } static inline void cputime_to_timespec(const cputime_t ct, struct timespec *val) @@ -88,7 +88,8 @@ static inline void cputime_to_timespec(const cputime_t ct, struct timespec *val) */ static inline cputime_t timeval_to_cputime(const struct timeval *val) { - u64 ret = val->tv_sec * NSEC_PER_SEC + val->tv_usec * NSEC_PER_USEC; + u64 ret = (u64)val->tv_sec * NSEC_PER_SEC + + val->tv_usec * NSEC_PER_USEC; return (__force cputime_t) ret; } static inline void cputime_to_timeval(const cputime_t ct, struct timeval *val)
sorry, please ignore...
On 2017/11/17 10:33, Kefeng Wang wrote:
From: zengtao prime.zeng@huawei.com
mainline inclusion from mainline-4.5 commit 0f26922fe5dc5724b1adbbd54b21bad03590b4f3 category: bugfix bugzilla: 3214 DTS: NA CVE: NA
The datatype __kernel_time_t is u32 on 32bit platform, so its subject to overflows in the timeval/timespec to cputime conversion.
Currently the following functions are affected:
- setitimer()
- timer_create/timer_settime()
- sys_clock_nanosleep
This can happen on MIPS32 and ARM32 with "Full dynticks CPU time accounting" enabled, which is required for CONFIG_NO_HZ_FULL.
Enforce u64 conversion to prevent the overflow.
Fixes: 31c1fc818715 ("ARM: Kconfig: allow full nohz CPU accounting") Signed-off-by: zengtao prime.zeng@huawei.com Reviewed-by: Arnd Bergmann arnd@arndb.de Cc: fweisbec@gmail.com Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/1454384314-154784-1-git-send-email-prime.zeng@huawe... Signed-off-by: Thomas Gleixner tglx@linutronix.de (cherry picked from commit 0f26922fe5dc5724b1adbbd54b21bad03590b4f3) Signed-off-by: Kefeng Wang wangkefeng.wang@huawei.com
include/asm-generic/cputime_nsecs.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/include/asm-generic/cputime_nsecs.h b/include/asm-generic/cputime_nsecs.h index bf97df3..903285b 100644 --- a/include/asm-generic/cputime_nsecs.h +++ b/include/asm-generic/cputime_nsecs.h @@ -72,7 +72,7 @@ typedef u64 __nocast cputime64_t; */ static inline cputime_t timespec_to_cputime(const struct timespec *val) {
- u64 ret = val->tv_sec * NSEC_PER_SEC + val->tv_nsec;
- u64 ret = (u64)val->tv_sec * NSEC_PER_SEC + val->tv_nsec; return (__force cputime_t) ret;
} static inline void cputime_to_timespec(const cputime_t ct, struct timespec *val) @@ -88,7 +88,8 @@ static inline void cputime_to_timespec(const cputime_t ct, struct timespec *val) */ static inline cputime_t timeval_to_cputime(const struct timeval *val) {
- u64 ret = val->tv_sec * NSEC_PER_SEC + val->tv_usec * NSEC_PER_USEC;
- u64 ret = (u64)val->tv_sec * NSEC_PER_SEC +
val->tv_usec * NSEC_PER_USEC;} static inline void cputime_to_timeval(const cputime_t ct, struct timeval *val)
linux-stable-mirror@lists.linaro.org
-
Kefeng Wang