Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S933239AbbBQOPe (ORCPT <rfc822;w@1wt.eu>);
	Tue, 17 Feb 2015 09:15:34 -0500
Received: from youngberry.canonical.com ([91.189.89.112]:54316 "EHLO
	youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753256AbbBQOPc (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 17 Feb 2015 09:15:32 -0500
Date: Tue, 17 Feb 2015 14:16:13 +0000
From: Luis Henriques <luis.henriques@canonical.com>
To: Ben Hutchings <ben@decadent.org.uk>
Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org,
        akpm@linux-foundation.org, John Stultz <john.stultz@linaro.org>,
        Ingo Molnar <mingo@kernel.org>, Sasha Levin <sasha.levin@oracle.com>,
        Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [PATCH 3.2 090/152] time: adjtimex: Validate the ADJ_FREQUENCY
 values
Message-ID: <20150217141613.GB4915@charon>
References: <lsq.1424137613.308090640@decadent.org.uk>
 <lsq.1424137613.223213443@decadent.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <lsq.1424137613.223213443@decadent.org.uk>
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1997
Lines: 61

On Tue, Feb 17, 2015 at 01:46:53AM +0000, Ben Hutchings wrote:
> 3.2.67-rc1 review patch.  If anyone has any objections, please let me know.
>

John reported a regression with this commit [1].  A fix seems to be
already available, but since it hasn't been accepted into mainline yet
I haven't picked this patch for the 3.16 kernel.

[1] https://lists.ubuntu.com/archives/kernel-team/2015-February/053981.html

Cheers,
--
Lu?s

> ------------------
> 
> From: Sasha Levin <sasha.levin@oracle.com>
> 
> commit 5e5aeb4367b450a28f447f6d5ab57d8f2ab16a5f upstream.
> 
> Verify that the frequency value from userspace is valid and makes sense.
> 
> Unverified values can cause overflows later on.
> 
> Cc: Thomas Gleixner <tglx@linutronix.de>
> Cc: Ingo Molnar <mingo@kernel.org>
> Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
> [jstultz: Fix up bug for negative values and drop redunent cap check]
> Signed-off-by: John Stultz <john.stultz@linaro.org>
> [bwh: Backported to 3.2: adjust context]
> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
> ---
>  kernel/time/ntp.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> --- a/kernel/time/ntp.c
> +++ b/kernel/time/ntp.c
> @@ -608,6 +608,13 @@ int do_adjtimex(struct timex *txc)
>  			return -EINVAL;
>  	}
>  
> +	if (txc->modes & ADJ_FREQUENCY) {
> +		if (LONG_MIN / PPM_SCALE > txc->freq)
> +			return -EINVAL;
> +		if (LONG_MAX / PPM_SCALE < txc->freq)
> +			return -EINVAL;
> +	}
> +
>  	if (txc->modes & ADJ_SETOFFSET) {
>  		struct timespec delta;
>  		delta.tv_sec  = txc->time.tv_sec;
> 
> --
> To unsubscribe from this list: send the line "unsubscribe stable" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/