Received: by 2002:ac0:8845:0:0:0:0:0 with SMTP id g63csp380469img; Thu, 28 Feb 2019 00:45:32 -0800 (PST) X-Google-Smtp-Source: APXvYqwrf94ftBKiyqzUtuvo/BRWIaTZBD9k4PTfqayPYa/Vgx92gnxisQv8gm5Vgm7uKFKms0dj X-Received: by 2002:a63:6e88:: with SMTP id j130mr553827pgc.67.1551343532694; Thu, 28 Feb 2019 00:45:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551343532; cv=none; d=google.com; s=arc-20160816; b=iY7JyzHLuTkuU6tQOxH1iyRCRX7En0+ubWO02QlwOMBhyxyiObz4fggoj9ps8GrL4j Op6dQ8LbM+0v0ut3+wpTdzpnvRNj0/mAH0hD9KjKg+iBj4X3hm77Ljvr0HYTTB5DVrIV GSdEE2RqItBUNSNzv6i7Bvh08uF8j/Vb8inIOufZVH98/94OMUIMZu+CCRyv1Ym/lj6Q BwE3XWaaefm2GXl5jJNS7nXqkTtJXpgbQfF9u5YfuNpIM8HFvY56Wm5PIWnDq2Fp4laG HIuGJx3ZI2Fmf1+vtarX8lBnjKB0jvyA5uwo5vptUbWrgown/IOowHxVeqDxg7QFU98L wLbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version; bh=B5kwBGJvOewBDChV9seYnSkUiyXY2vxNNbNPiECI+j8=; b=0Spslnn5ewJSolywj7LNOPgp2Pxqs+58+zf65DfcMI/Mw5DL7E6CydbhaNCeaIy7bp FuThRZpez7+U1KhBPSXwRXrDl1HXkm44nzKRkSxY8If9/4Z4H94qvU5MkVblSN+e0qD2 Ytsil1RIuNd9cGItlnIqngMeXePIMGeCtc4G6sA3jGrR8KQdDMoWheQ3n1rBTk5nokHu zbal2hx1bPIpfQJGoyMmztTAmk002pQxjPirv/kWBkDHaOr/Sr/TROiD4HZy0amXeY4s dKg2qP6s0FxU7Amse8EyKFCBgfQJRWrzfLVBDDka3ZmHUnaFpYY7F3b5x7+xDoomf4+O FA0Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u37si16367864pgn.480.2019.02.28.00.45.16; Thu, 28 Feb 2019 00:45:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731029AbfB1Iou (ORCPT + 99 others); Thu, 28 Feb 2019 03:44:50 -0500 Received: from mail-qk1-f196.google.com ([209.85.222.196]:37925 "EHLO mail-qk1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726038AbfB1Iou (ORCPT ); Thu, 28 Feb 2019 03:44:50 -0500 Received: by mail-qk1-f196.google.com with SMTP id p15so11598356qkl.5 for ; Thu, 28 Feb 2019 00:44:49 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=B5kwBGJvOewBDChV9seYnSkUiyXY2vxNNbNPiECI+j8=; b=AZWECewspEfeVOy25+r175XwMy69kgA+Le5HHibMyqW9Jczrkc9i4MFABzjlGGnr4j K+OnGmNVmYv2Pjoq6hoBCXViLU59o92KV/1EwWR3m7Cthwv+SbaSqI7z5m7UBi5IOlb5 GiUoIB9MKtLRW+SXe3+10Ac4qbETkkykXPET2CE8poXMyIeJgluT6+FkBzAcQjd+wTf6 2BQxIZwkAsSJASVumZmarajLMFr1iPkrZG9b0BVSoMcPIkpD5AfeOsD04iE/7C6H72H9 hW9pxVWch9qTWahCsuviH3AnuxGDvZXHTvvIsZ+XKpy/xUQIf0hYhZK3P/BGI7Tiv/ZS jdBA== X-Gm-Message-State: APjAAAUcCU3QCgSsdB5o4u9NxisRDr6W5BYg3VN843datlB6I8RU80Mp ANnxSSDgr8tW3VUe2stQ87+Xo5DEJRCac0OfdjU= X-Received: by 2002:a37:8dc5:: with SMTP id p188mr5465375qkd.330.1551343489403; Thu, 28 Feb 2019 00:44:49 -0800 (PST) MIME-Version: 1.0 References: <1551253922-3307-1-git-send-email-wangxiongfeng2@huawei.com> In-Reply-To: From: Arnd Bergmann Date: Thu, 28 Feb 2019 09:44:32 +0100 Message-ID: Subject: Re: [PATCH v2] posix-cpu-timers: Avoid undefined behaviour in timespec64_to_ns() To: Deepa Dinamani Cc: Xiongfeng Wang , Thomas Gleixner , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Feb 28, 2019 at 5:25 AM Deepa Dinamani wrote: > > On Tue, Feb 26, 2019 at 11:52 PM Xiongfeng Wang > wrote: > > > > +++ b/kernel/time/posix-timers.c > > @@ -853,8 +853,8 @@ static int do_timer_settime(timer_t timer_id, int flags, > > unsigned long flag; > > int error = 0; > > > > - if (!timespec64_valid(&new_spec64->it_interval) || > > - !timespec64_valid(&new_spec64->it_value)) > > + if (!timespec64_valid_strict(&new_spec64->it_interval) || > > + !timespec64_valid_strict(&new_spec64->it_value)) > > return -EINVAL; > > > > if (old_spec64) > > sys_timer_settime() is a POSIX interface: > http://pubs.opengroup.org/onlinepubs/7908799/xsh/timer_settime.html > > The timer_settime() function will fail if: > > [EINVAL] The timerid argument does not correspond to an id returned by > timer_create() but not yet deleted by timer_delete(). > > [EINVAL] A value structure specified a nanosecond value less than zero > or greater than or equal to 1000 million. > > So we cannot return EINVAL here if we want to maintain POSIX compatibility. > Maybe we should check for limit and saturate here at the syscall interface? I think returning EINVAL here is better than silently truncating, we just need to document it in the Linux man page. Note that truncation would set the time to just before the overflow, it bad things start to happen the instant after it returns from the kernel. This is possibly worse than setting a random value that may or may not crash the system. Arnd