Received: by 2002:ac0:b08d:0:0:0:0:0 with SMTP id l13csp4242128imc; Mon, 25 Feb 2019 01:08:35 -0800 (PST) X-Google-Smtp-Source: AHgI3IZB4TBRsfQ9WKZR/U+s56XfFKVG5/GqSmgSuTiod7iKwFJxkcbzZi+K4loQU0FySEpHw63b X-Received: by 2002:a62:54c5:: with SMTP id i188mr18998401pfb.188.1551085715785; Mon, 25 Feb 2019 01:08:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551085715; cv=none; d=google.com; s=arc-20160816; b=kVBWvDMNPg2HzPVEmTNJYgWU/Cy0ZI0efO3r5gQwib1G3zflYp5FWHWNatRMVqCtcC AODILSVE78fgPALdBGEpmPpSX+1hNp5tw7nfIBNjLnNupkv2pHGHngsAy7xziMZeNXNB HkQKWvEO6wtTWABfA6kGMGbCg1B5Mlg42EHWCW1BF+ZipG+evmRC0d/l2iyHVsSdEJxs mJpxxpZVX01Q6P/NTRamS4e4MDOGHJZ7BIiQSHDDhYojSMnSqZWPDZhSK4UgZA97VaDZ zbWQmqv0TjpUMQH7RwlQiXO9b4IFy2Ms2NI+91+C2QgTDgW5WNbOT8UbVNbtSOXjFKu9 6ukA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version; bh=bhFpiNlQhnII497yog+JM6Qj/4JkhP2SptxjacnGbjk=; b=ETz8oygtCRAWLKAeUHDNVzRmnA7M7Jm3sA1tjrax+57jIQYeGTnk2LWSodh6aMN3D/ jM95wQbLUQfxahtoidJR3jSvTNZV8DZ7VkpzTWP/SKsAxab4Yock+qNIAHsFVbpcAqh9 3m7jPPjEu6kdvAJdLdUHM9exw1RvJ03c1pOb4CCUeFC0VhqiYaMiSuau/oPZko90IhNM PH0PkjgfkmaeR1HqKkUYOTA/fESfRFLoPIad3BDerkkMVsT5KSw5zrCpmv1yXHsUOJYG 5dRY0xch+lAwhbrqMslLsMafycXB22rarrqPDHNuPH7tosSgusvH5sJYcnAgv9lB3Z7c BgKw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f1si6252565pld.87.2019.02.25.01.08.19; Mon, 25 Feb 2019 01:08:35 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726355AbfBYJH7 (ORCPT + 99 others); Mon, 25 Feb 2019 04:07:59 -0500 Received: from mail-qt1-f196.google.com ([209.85.160.196]:35009 "EHLO mail-qt1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725863AbfBYJH7 (ORCPT ); Mon, 25 Feb 2019 04:07:59 -0500 Received: by mail-qt1-f196.google.com with SMTP id p48so9634530qtk.2 for ; Mon, 25 Feb 2019 01:07:57 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=bhFpiNlQhnII497yog+JM6Qj/4JkhP2SptxjacnGbjk=; b=Cl6fziEw7H/Tn375FXzumApSoOchO/9AUwnrMUzREgrjoGBw/BBP9Me1xOSaNrOkLx W9YsXz3ExG9K8tUi8Gd1AuVVYQIg6LGXJDar8nNhElusB1n8kjEynn14+ioTyC7tNZ9c TvIyT2zVfJFL2R1UJfFx/1jNvPkctX3iOjXxCCC6ShlTRVJy2irgX2NiuHzPGGGqTCUE jrwxiFt4JEurMuB+Kctw3jqPkrBYqvql9RpH06zXwjGP4GKj+Zz+bMDiWaEPNsbvNiCL RvMMU0BX6CTpUCtOdCiGuR1eJVaVXGctStqPzoBKFsHdLFHHeVLbL/mccBT4MYQ1PXsr 9j0w== X-Gm-Message-State: AHQUAuY2VO9/DKMc0C/YbnNCNY+qjWzMcdz4klTgEVpSGOgl4GnTzLVC 8/Cx6Z7J7iPSXpFEPefshsMV3u4OGO+wv2T9ac4= X-Received: by 2002:a0c:b05a:: with SMTP id l26mr12651201qvc.40.1551085677062; Mon, 25 Feb 2019 01:07:57 -0800 (PST) MIME-Version: 1.0 References: <20190225032619.17070-1-yaohongbo@huawei.com> In-Reply-To: From: Arnd Bergmann Date: Mon, 25 Feb 2019 10:07:40 +0100 Message-ID: Subject: Re: [PATCH] time64: Avoid undefined behaviour in timespec64_add() To: Deepa Dinamani Cc: Hongbo Yao , Thomas Gleixner , Linux Kernel Mailing List , Linuxarm Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Feb 25, 2019 at 10:01 AM Arnd Bergmann wrote: > On Mon, Feb 25, 2019 at 5:53 AM Deepa Dinamani wrote: > > On Sun, Feb 24, 2019 at 7:13 PM Hongbo Yao wrote: > arch/arm/xen/enlighten.c: *ts = timespec64_add(now, ts_monotonic); > arch/arm/xen/enlighten.c: system_time = timespec64_add(now, > tk->wall_to_monotonic); > drivers/net/ethernet/cadence/macb_ptp.c: now = > timespec64_add(now, then); > drivers/net/ethernet/intel/igb/igb_main.c: ts = > timespec64_add(adapter->perout[0].start, > drivers/net/ethernet/intel/igb/igb_main.c: ts = > timespec64_add(adapter->perout[1].start, > drivers/net/ethernet/intel/igb/igb_ptp.c: now = timespec64_add(now, then); > fs/cifs/dfs_cache.c: return timespec64_add(now, ts); > include/linux/rtc.h: *to_set = timespec64_add(*now, delay); > include/linux/time64.h:static inline struct timespec64 > timespec64_add(struct timespec64 lhs, > kernel/time/timekeeping.c: tmp = timespec64_add(tk_xtime(tk), *ts); > kernel/time/timekeeping.c: > timespec64_add(timekeeping_suspend_time, delta_delta); > net/ceph/messenger.c: ts = > timespec64_add(con->last_keepalive_ack, ts); > > It looks like an actual overflow would be really bad in most of these, > regardless of the undefined behavior. Side note: I was wondering whether some of those should use timespec64_add_ns() instead of converting a 64-bit nanosecond value to timespec64 first. My conclusion was "no, since timespec64_add_ns() avoids a 64-bit division by assuming that the nanoseconds are small", and in fact we probably need the oppose and change two drivers the other way: diff --git a/drivers/net/ethernet/cadence/macb_ptp.c b/drivers/net/ethernet/cadence/macb_ptp.c index a6dc47edc4cf..0d5ebde29c0d 100644 --- a/drivers/net/ethernet/cadence/macb_ptp.c +++ b/drivers/net/ethernet/cadence/macb_ptp.c @@ -160,7 +160,7 @@ static int gem_ptp_adjfine(struct ptp_clock_info *ptp, long scaled_ppm) static int gem_ptp_adjtime(struct ptp_clock_info *ptp, s64 delta) { struct macb *bp = container_of(ptp, struct macb, ptp_clock_info); - struct timespec64 now, then = ns_to_timespec64(delta); + struct timespec64 now; u32 adj, sign = 0; if (delta < 0) { @@ -170,7 +170,7 @@ static int gem_ptp_adjtime(struct ptp_clock_info *ptp, s64 delta) if (delta > TSU_NSEC_MAX_VAL) { gem_tsu_get_time(&bp->ptp_clock_info, &now); - now = timespec64_add(now, then); + now = timespec64_add(now, ns_to_timespec64(delta)); gem_tsu_set_time(&bp->ptp_clock_info, (const struct timespec64 *)&now); diff --git a/drivers/net/ethernet/intel/i40e/i40e_ptp.c b/drivers/net/ethernet/intel/i40e/i40e_ptp.c index 5fb4353c742b..4efcba0252a4 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_ptp.c +++ b/drivers/net/ethernet/intel/i40e/i40e_ptp.c @@ -151,7 +151,7 @@ static int i40e_ptp_adjtime(struct ptp_clock_info *ptp, s64 delta) mutex_lock(&pf->tmreg_lock); i40e_ptp_read(pf, &now, NULL); - timespec64_add_ns(&now, delta); + timespec64_add_ns(&now, ns_to_timespec64(delta)); i40e_ptp_write(pf, (const struct timespec64 *)&now); mutex_unlock(&pf->tmreg_lock); Arnd