Received: by 2002:ac0:8845:0:0:0:0:0 with SMTP id g63csp623129img; Thu, 28 Feb 2019 05:20:19 -0800 (PST) X-Google-Smtp-Source: AHgI3IbXjVCtBeZ7r6gtKa1crD9UfUENx6Zd61UEhJF8jQSBEw5NEK2yMg8ABqGOwNI7NE221K3q X-Received: by 2002:a17:902:e00d:: with SMTP id ca13mr7939778plb.206.1551360019816; Thu, 28 Feb 2019 05:20:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551360019; cv=none; d=google.com; s=arc-20160816; b=LUOhkFm8rUZBnFIEyKTocyydBXd0tbUWsVdVT5A9FQ7cf0QLPl5HDEISL14kqJM28q ZIuFkk7k434vKnRJlAFa9A/N79+kyAOrRYmdQKrKEAD8eCYFJ+ikTf3kCH58WjVx2USU Kdk01nSWZ78vtge9X5szVLf9/iLLGOeCx4pzY0yV6sDOAKvbngfjIbD+gHyjgyhLBOeZ +Qy7od+cHaVSuKSLQPpbdj+3lmlXA+az4eng34fU8B2oaiQ46ae00Cs+maXcsnyiTcbr dVt1fxPrfD5UZWQ1QlxRQMHES9/DcKQhatR/oFiWgYXecP0IqfoUMoaDDzTaTaMKXenL CrkA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=vZq/8tSYNI4e0H4mmX27ZMkrVsniwgx+/R2tLMemqn4=; b=WRhnMDjdzp7U7+nic6AI0hgyTxPEG50WCuzk8u1iPBxi8+yEJzyYbDvqwxXvuU4GMC 7MhiOhtriHvRhKq7KvW8jjMNuc0TzY+l2Dm6qRKhSLlux6V069wMNOvmW4AjpS7Q6fSP T2Q6WHQ7AWH/jKHdbviXwZfV3wQJ5eDckZgFENk5sas+ohfngkrfmoRLgItA2f3aKuqm CNhIVbcMZ98gty+k+ytN4lBKT+I0/l1WDTku1IRXeN28bJckdFsEzaqIlEx8aoKHaQmo Z7BgRlVF+MzgIecNeLO//WOnWl5Wo1+OE6V2pHzVpgzOcvpp6bkFtttN16OCZIbCmUjg rqTQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m6si17648245pll.18.2019.02.28.05.20.04; Thu, 28 Feb 2019 05:20:19 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730927AbfB1KgB (ORCPT + 99 others); Thu, 28 Feb 2019 05:36:01 -0500 Received: from Galois.linutronix.de ([146.0.238.70]:54694 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726918AbfB1KgA (ORCPT ); Thu, 28 Feb 2019 05:36:00 -0500 Received: from [5.158.153.52] (helo=nanos.tec.linutronix.de) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1gzJ2i-0001zT-D5; Thu, 28 Feb 2019 11:35:56 +0100 Date: Thu, 28 Feb 2019 11:35:56 +0100 (CET) From: Thomas Gleixner To: Arnd Bergmann cc: Deepa Dinamani , Xiongfeng Wang , Linux Kernel Mailing List Subject: Re: [PATCH v2] posix-cpu-timers: Avoid undefined behaviour in timespec64_to_ns() In-Reply-To: Message-ID: References: <1551253922-3307-1-git-send-email-wangxiongfeng2@huawei.com> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 28 Feb 2019, Arnd Bergmann wrote: > On Thu, Feb 28, 2019 at 5:25 AM Deepa Dinamani wrote: > > > > On Tue, Feb 26, 2019 at 11:52 PM Xiongfeng Wang > > wrote: > > > > > > +++ b/kernel/time/posix-timers.c > > > @@ -853,8 +853,8 @@ static int do_timer_settime(timer_t timer_id, int flags, > > > unsigned long flag; > > > int error = 0; > > > > > > - if (!timespec64_valid(&new_spec64->it_interval) || > > > - !timespec64_valid(&new_spec64->it_value)) > > > + if (!timespec64_valid_strict(&new_spec64->it_interval) || > > > + !timespec64_valid_strict(&new_spec64->it_value)) > > > return -EINVAL; > > > > > > if (old_spec64) > > > > sys_timer_settime() is a POSIX interface: > > http://pubs.opengroup.org/onlinepubs/7908799/xsh/timer_settime.html > > > > The timer_settime() function will fail if: > > > > [EINVAL] The timerid argument does not correspond to an id returned by > > timer_create() but not yet deleted by timer_delete(). > > > > [EINVAL] A value structure specified a nanosecond value less than zero > > or greater than or equal to 1000 million. > > > > So we cannot return EINVAL here if we want to maintain POSIX compatibility. > > Maybe we should check for limit and saturate here at the syscall interface? > > I think returning EINVAL here is better than silently truncating, we > just need to > document it in the Linux man page. > Note that truncation would set the time to just before the overflow, > it bad things > start to happen the instant after it returns from the kernel. This is possibly > worse than setting a random value that may or may not crash the system. Not necessarily. On the hrtimer based side, we clamp the values to KTIME_MAX. That means in theory the overflow could happen when the timer expires and the interval is added. There are two things which prevent that: 1) The timer expires in about 292 years from now, which I really can't be worried about 2) The rearming code prevents the overflow into undefined space as well. So, it's not unreasonable to do clamping as long as the handed in value is at least formally correct. Of course we need to look at the posix-cpu-timer side of affairs to ensure that the limits are handled correctly. Thanks, tglx