Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751322AbdFFGIo (ORCPT <rfc822;w@1wt.eu>);
        Tue, 6 Jun 2017 02:08:44 -0400
Received: from szxga02-in.huawei.com ([45.249.212.188]:6875 "EHLO
        szxga02-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750933AbdFFGIm (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 6 Jun 2017 02:08:42 -0400
Message-ID: <593646B5.6070406@huawei.com>
Date: Tue, 6 Jun 2017 14:07:49 +0800
From: Xishi Qiu <qiuxishi@huawei.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Thomas Gleixner <tglx@linutronix.de>
CC: LKML <linux-kernel@vger.kernel.org>, Ingo Molnar <mingo@kernel.org>,
        <fenghua.yu@intel.com>, Peter Zijlstra <peterz@infradead.org>,
        John Stultz <john.stultz@linaro.org>
Subject: Re: [RFC] ubsan: signed integer overflow in setitimer()
References: <59300285.6090105@huawei.com> <alpine.DEB.2.20.1706041703500.2813@nanos>
In-Reply-To: <alpine.DEB.2.20.1706041703500.2813@nanos>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.177.25.179]
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0),
        refid=str=0001.0A020204.593646BE.003E,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0,
        ip=0.0.0.0,
        so=2014-11-16 11:51:01,
        dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: bce4f3d45361a3863de69173167b6d4d
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1217
Lines: 47

On 2017/6/4 23:06, Thomas Gleixner wrote:

> On Thu, 1 Jun 2017, Xishi Qiu wrote:
> 
> Cc'ed John Stultz
> 
>> Hi, this is the test case, and then I got ubsan error
>> (signed integer overflow) report, so the root cause is from
>> user or kernel? Shall we change something in timeval_valid()?
>>
>>
>> struct itimerval new_value;
>> int ret;
>>
>> new_value.it_interval.tv_sec = 140673496649799L;
>> new_value.it_interval.tv_usec = 6;
>> new_value.it_value.tv_sec = 140673496649807L;
>> new_value.it_value.tv_usec = 5;
>>
>> ret = setitimer(ITIMER_VIRTUAL, &new_value, NULL);
>>
>>
>> [  533.326588] ================================================================================
>> [  533.335346] UBSAN: Undefined behaviour in ./include/linux/time.h:239:27
>> [  533.342155] signed integer overflow:
>> [  533.345837] 140673496649807 * 1000000000 cannot be represented in type 'long int'
>> [  533.422181]  set_cpu_itimer+0x49c/0x540
>> [  533.442127]  do_setitimer+0xe1/0x540
> 
> We need a similar clamping of the conversion as we have for
> timespec/val_to_ktime(). I'll have a look in the next days unless John
> beats me to it.
> 

Hi Thomas, anything new?

Thanks,
Xishi Qiu

> Thanks,
> 
> 	tglx
> 
> .
>