Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754738AbbLFWL4 (ORCPT <rfc822;w@1wt.eu>);
	Sun, 6 Dec 2015 17:11:56 -0500
Received: from mail-wm0-f42.google.com ([74.125.82.42]:37388 "EHLO
	mail-wm0-f42.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754197AbbLFWLz (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Sun, 6 Dec 2015 17:11:55 -0500
Date: Sun, 6 Dec 2015 23:11:49 +0100
From: Richard Cochran <richardcochran@gmail.com>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Sasha Levin <sasha.levin@oracle.com>, john.stultz@linaro.org,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH] time: verify time values in adjtimex ADJ_SETOFFSET to
 avoid overflow
Message-ID: <20151206221149.GA22451@netboy>
References: <1449198571-21133-1-git-send-email-sasha.levin@oracle.com>
 <alpine.DEB.2.11.1512051806450.3595@nanos>
 <56637E2D.1040603@oracle.com>
 <alpine.DEB.2.11.1512061006210.3595@nanos>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <alpine.DEB.2.11.1512061006210.3595@nanos>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1352
Lines: 37

On Sun, Dec 06, 2015 at 10:07:01AM +0100, Thomas Gleixner wrote:
> On Sat, 5 Dec 2015, Sasha Levin wrote:
> > On 12/05/2015 12:10 PM, Thomas Gleixner wrote:
> > > That's not a canonical timeval. timeval_valid() is what you want to
> > > check it. Or has adjtimex some magic exception here?

You can't use timeval_valid for ADJ_SETOFFSET, because the seconds
field can also be negative (when setting the time back).

> > Nope, it looks like timeval_valid() is indeed what I've needed to use.
> > 
> > Is there a reason ntp_validate_timex() doesn't do timeval_valid() too
> > for at least the ADJ_SETOFFSET case? If not, I'll add it in.

So you should not use timeval_valid, and the original patch is also
not right.  The rule is:

	The value of a timeval is the sum of its fields, but the
	field tv_usec must always be non-negative.

We had a discussion about this a year or two ago.  Maybe I can find it
again.

The overflow is a latent problem, and the patch should:

1. return error in case (txc->time.tv_usec >= USEC_PER_SEC)
2. remove the redundant test in timekeeping_inject_offset.

Thanks,
Richard


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/