We fixed a bunch of integer overflows in timekeeping code during the 3.6
cycle. I did an audit based on that and found this potential overflow.
Signed-off-by: Dan Carpenter <[email protected]>
---
I'm not super familiar with this code so please review my work
carefully.
diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
index 5ce06a3..1d1ee67 100644
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -1113,7 +1113,7 @@ static cycle_t logarithmic_accumulation(struct timekeeper *tk, cycle_t offset,
accumulate_nsecs_to_secs(tk);
/* Accumulate raw time */
- raw_nsecs = tk->raw_interval << shift;
+ raw_nsecs = (u64)tk->raw_interval << shift;
raw_nsecs += tk->raw_time.tv_nsec;
if (raw_nsecs >= NSEC_PER_SEC) {
u64 raw_secs = raw_nsecs;
On 10/09/2012 12:18 AM, Dan Carpenter wrote:
> We fixed a bunch of integer overflows in timekeeping code during the 3.6
> cycle. I did an audit based on that and found this potential overflow.
>
> Signed-off-by: Dan Carpenter <[email protected]>
Yep. Looks like this would trigger if you had NOZ idle for more then 4
seconds.
Thanks for the audit, and sending this in!
Thomas: Mind queuing this? Probably should be marked for stable too.
Acked-by: John Stultz <[email protected]>
Commit-ID: 5b3900cd409466c0070b234d941650685ad0c791
Gitweb: http://git.kernel.org/tip/5b3900cd409466c0070b234d941650685ad0c791
Author: Dan Carpenter <[email protected]>
AuthorDate: Tue, 9 Oct 2012 10:18:23 +0300
Committer: Thomas Gleixner <[email protected]>
CommitDate: Tue, 9 Oct 2012 21:27:14 +0200
timekeeping: Cast raw_interval to u64 to avoid shift overflow
We fixed a bunch of integer overflows in timekeeping code during the 3.6
cycle. I did an audit based on that and found this potential overflow.
Signed-off-by: Dan Carpenter <[email protected]>
Acked-by: John Stultz <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Thomas Gleixner <[email protected]>
Cc: [email protected]
---
kernel/time/timekeeping.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
index 16280ff..3eb3fc7c 100644
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -1045,7 +1045,7 @@ static cycle_t logarithmic_accumulation(struct timekeeper *tk, cycle_t offset,
accumulate_nsecs_to_secs(tk);
/* Accumulate raw time */
- raw_nsecs = tk->raw_interval << shift;
+ raw_nsecs = (u64)tk->raw_interval << shift;
raw_nsecs += tk->raw_time.tv_nsec;
if (raw_nsecs >= NSEC_PER_SEC) {
u64 raw_secs = raw_nsecs;