Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp3305257ybi; Fri, 5 Jul 2019 05:17:29 -0700 (PDT) X-Google-Smtp-Source: APXvYqw+1mhBdFRWUojitmHKezhZ9gBGIfc4UiP2FXebyuAGnwYidG9SvlsyIWwzLuuQ7thXL4yx X-Received: by 2002:a63:2323:: with SMTP id j35mr5235100pgj.166.1562329049630; Fri, 05 Jul 2019 05:17:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562329049; cv=none; d=google.com; s=arc-20160816; b=PybQ+js0QH2MD7d5rCNbO/w6ANjnW+ItaIls3qqLMAOeKWi/NbQSCwrl4m0LObPSh9 zwTpN3/TdTfzhGUI91SFz3ZKZJdCdjO6cucrayZovrpXjrTZIRss2swWo/j7zc600CQk DjaJ7nDzUzlBw8p+ObJkbgVSVVbtn39tg1jppDAlUvkNBGKPp4DSam9OF/S84frlQNxl 8Zez7LRBl6zPGMQ5hTS+QQpuM+Btqj9NgCs8Ts6CIPzcu+svCNwMYy5V7I4/DXOuabAj gjZbQH72A5dMjnF4edRVzfmWWtUY2kje27Kc/P2nE38eww5JN1xCzyOrTveEEA6ruFRz pRSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=ZOyy67kAYQQm/dl3bxYCEGjkw2VbXVOY62WPjrp1dWA=; b=kjKVQZjohzrI1NUJ4vgKLyPTWDxICL9hFomXtEwz8jgE8ORkVLSgD0GyhaOfNwrWzo iDjQthlMEqGQ8Q2gdv7jhkBsn4PBXb9c0Fg8VnzGvbvA0u7JvvY6FwGap6R5q8fpm9R0 HapGEXQFlEzp3nsQHPvUhw5g3FvwhPojTrMKG9Yy1BIw8bu/lkhfvTkyDJ0QyD8zECp3 TaqdperhszO0X9icypL46EwnWXH1/aXT1mRbimMqIsvH3x42clr55Rlq6okKCyNGoebi aqbiSSi18LG1SUgJFDYORnpx34DXeBjHJOOmuit7A3UeGzY1mQM/DG/WnjFw7Q6UjN1H xLRg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 3si8739553plx.412.2019.07.05.05.17.14; Fri, 05 Jul 2019 05:17:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728093AbfGEMPB (ORCPT + 99 others); Fri, 5 Jul 2019 08:15:01 -0400 Received: from Galois.linutronix.de ([193.142.43.55]:34668 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725730AbfGEMPA (ORCPT ); Fri, 5 Jul 2019 08:15:00 -0400 Received: from pd9ef1cb8.dip0.t-ipconnect.de ([217.239.28.184] helo=nanos) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1hjN7A-0006lP-Gn; Fri, 05 Jul 2019 14:14:56 +0200 Date: Fri, 5 Jul 2019 14:14:55 +0200 (CEST) From: Thomas Gleixner To: zhengbin cc: john.stultz@linaro.org, sboyd@kernel.org, linux-kernel@vger.kernel.org, yi.zhang@huawei.com, zhangxiaoxu5@huawei.com Subject: Re: [PATCH] time: compat settimeofday: Validate the values of tv from user In-Reply-To: <1562318088-37669-1-git-send-email-zhengbin13@huawei.com> Message-ID: References: <1562318088-37669-1-git-send-email-zhengbin13@huawei.com> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Zhengbin, On Fri, 5 Jul 2019, zhengbin wrote: > Similar to commit 6ada1fc0e1c4 > ("time: settimeofday: Validate the values of tv from user"), > an unvalidated user input is multiplied by a constant, which can result > in an undefined behaviour for large values. While this is validated > later, we should avoid triggering undefined behaviour. I surely agree with the patch, but the argument that this is validated later and we just should avoid UB in general is just wrong. For a wide range of negative tv_usec values the multiplication overflow turns them in positive numbers. So the 'validated later' is not catching the invalid input. So 'should avoid ....' is just the wrong argument here. Validation _is_ required before the multiplication so UB won't turn an invalid value into a valid one. Thanks, tglx