Received: by 2002:ac0:aed5:0:0:0:0:0 with SMTP id t21csp4254679imb; Wed, 6 Mar 2019 08:56:12 -0800 (PST) X-Google-Smtp-Source: APXvYqyCdTO8r/9P2QumbS7xvUHslnA0zHcFJ6NNuaPbj7BYu8axH9CI/j8zPWQ/71UpK//VWjY1 X-Received: by 2002:a17:902:7e0f:: with SMTP id b15mr7559789plm.124.1551891372887; Wed, 06 Mar 2019 08:56:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551891372; cv=none; d=google.com; s=arc-20160816; b=Ry0qViDU6hcW8+06KBoN3puRIoGqzv6LGlGdPo9QhnjmfnsaE2xn6xHrfois0yXYIf K1shr63YTeMHIBeadoweZqSCrDrtKkaZY7GHtrepu4lueGshrWWVha1DCZ0bu6F44zV1 csOYNhPXcjrpV5nfSmr01p3JyprqPEHaabDdpWbZomA3W9+bEfCjRcMVLa0Si3TuqxFw euByUZwL9MZt3W7mn1DuKeyF4ioYC5Q45CacZ1UAtj/4pPhWbkup0HvEiqCgUFDBcdAV pqWn5Ix6Lseetb2xXRXxbAeoZ6S7rKwJG95snri0cqT7IOBpqrUQZqOwjvmRGHpl3XKO 5EMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:to:from; bh=gCl2lrUMHPLnd1Lzq5ZI/lZaabgjQA+WBsvPVqWqHLA=; b=tbhKcGXfjR9iXj3H5tqygNtovg+zNRW/92klgbhyyjwiTQlcQXtLengw/V8S5MbroE hXLHiZicgOqizBsu5aGslZK/2SLrzutBXqrtRKApnAjkPOsRq2faFhgGmCBFc/BrjbuY IFnkp2GkZzQgEXY1A48uI25XwiMchHJAMEj+ztgE+ywflxHy1lXIdTUVfDdR4VQINGSB OI2RfMQ9v2vEgMimnygNja9pjBY4DxPRxsSX52K6XSN92bhY/80fEs8/Fc0oZy4KC12M 7glElIJWL2wGko+z687AhffgrORUigugI9HDA8yMFvG7rx8j7VXHSoE3rhsO2isVE79t WWLw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e130si1956021pfc.264.2019.03.06.08.55.54; Wed, 06 Mar 2019 08:56:12 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730321AbfCFNAu (ORCPT + 99 others); Wed, 6 Mar 2019 08:00:50 -0500 Received: from szxga05-in.huawei.com ([45.249.212.191]:5212 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729159AbfCFNAt (ORCPT ); Wed, 6 Mar 2019 08:00:49 -0500 Received: from DGGEMS413-HUB.china.huawei.com (unknown [172.30.72.58]) by Forcepoint Email with ESMTP id 8B13AF70B9D72C52A802; Wed, 6 Mar 2019 21:00:46 +0800 (CST) Received: from localhost.localdomain.localdomain (10.175.113.25) by DGGEMS413-HUB.china.huawei.com (10.3.19.213) with Microsoft SMTP Server id 14.3.408.0; Wed, 6 Mar 2019 21:00:36 +0800 From: Hongbo Yao To: , , , Subject: [RFC PATCH 1/2] ktime: add ktime_sub_safe() to avoid undefined behaviour Date: Wed, 6 Mar 2019 21:13:25 +0800 Message-ID: <20190306131326.10275-2-yaohongbo@huawei.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190306131326.10275-1-yaohongbo@huawei.com> References: <20190306131326.10275-1-yaohongbo@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII X-Originating-IP: [10.175.113.25] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patch add a new ktime_sub_unsafe() helper which won't throw a UBSAN warning when it does overflows, and then it add ktime_sub_safe() which will check if the result of ktime_sub_unsafe overflows.This patch modify the above functions to use ktime_sub_safe instead of ktime_sub(); Signed-off-by: Xiongfeng Wang Signed-off-by: Hongbo Yao --- include/linux/ktime.h | 8 ++++++++ kernel/time/hrtimer.c | 16 ++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/include/linux/ktime.h b/include/linux/ktime.h index b2bb44f87f5a..325e794b0dd1 100644 --- a/include/linux/ktime.h +++ b/include/linux/ktime.h @@ -45,6 +45,12 @@ static inline ktime_t ktime_set(const s64 secs, const unsigned long nsecs) /* Subtract two ktime_t variables. rem = lhs -rhs: */ #define ktime_sub(lhs, rhs) ((lhs) - (rhs)) +/* + * Same as ktime_sub(), but avoids undefined behaviour on overflow; however, + * this means that you must check the result for overflow yourself. + */ +#define ktime_sub_unsafe(lhs, rhs) ((u64) (lhs) - (rhs)) + /* Add two ktime_t variables. res = lhs + rhs: */ #define ktime_add(lhs, rhs) ((lhs) + (rhs)) @@ -215,6 +221,8 @@ static inline ktime_t ktime_sub_ms(const ktime_t kt, const u64 msec) extern ktime_t ktime_add_safe(const ktime_t lhs, const ktime_t rhs); +extern ktime_t ktime_sub_safe(const ktime_t lhs, const ktime_t rhs); + /** * ktime_to_timespec_cond - convert a ktime_t variable to timespec * format only if the variable contains data diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c index e1a549c9e399..cadc5bcbfc9e 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c @@ -317,6 +317,22 @@ s64 __ktime_divns(const ktime_t kt, s64 div) EXPORT_SYMBOL_GPL(__ktime_divns); #endif /* BITS_PER_LONG >= 64 */ +/* + * sub two ktime values and do a safety check for overflow: + */ +ktime_t ktime_sub_safe(const ktime_t lhs, const ktime_t rhs) +{ + ktime_t res = ktime_sub_unsafe(lhs, rhs); + + if (lhs > 0 && rhs < 0 && res < 0) + res = ktime_set(KTIME_SEC_MAX, 0); + else if (lhs < 0 && rhs > 0 && res > 0) + res = ktime_set(-KTIME_SEC_MAX, 0); + + return res; +} +EXPORT_SYMBOL_GPL(ktime_sub_safe); + /* * Add two ktime values and do a safety check for overflow: */ -- 2.20.1