Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp381110ybl;
        Fri, 23 Aug 2019 02:14:45 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyH5yEFKo6jC5kp0ltF3mKr1r4yqiBVH3iwgaMlwv8rhfU0k07qhiwUcelkp3AW5yJ53p4u
X-Received: by 2002:a17:90a:800a:: with SMTP id b10mr4008266pjn.23.1566551685640;
        Fri, 23 Aug 2019 02:14:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1566551685; cv=none;
        d=google.com; s=arc-20160816;
        b=uipTtZUSjESR/F7TkRPsfaqoY5DoCi/4P3H+0KuO6f9m0Ar7UO84AWAN2b4PmmJ/Ap
         zO538TonpaCpCRZxsWTp/VxlTGpK5+HnmpxgUAh2x0oQu32FyMGiN8Ml2tKKg+aO9KQw
         054mjaIQ037Ugg5gIkPg52a/YlK/fPxvY6X+QVJdXDy8lnBwsYRKqSQQ5JuSvK5WYa4v
         i/5WamhVW0VAwQVy9nXRtwGQvFS6Cagad1B2fFxv7WDHORK/RA/fblY5vv9+ppii3KaT
         NIm/YAYc5JrOVyCZ1odYQfV4OOb41PmdtVqziiBS32uLhRA+z+vOZI85yMHssg0OCI2e
         xpVg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-disposition:robot-unsubscribe
         :robot-id:message-id:mime-version:references:in-reply-to:cc:subject
         :to:reply-to:from:date;
        bh=fmqJi+bTRs2Esnw5YBm13DMajc/TsQGLizUkRKUt5Og=;
        b=vMY3qg8nzIRWd1M4BYuHcCVMWKre0VB98n3Mh+H7OrGtFb0cUODBNs/QWIEwypfHft
         Lkhkt+Ce0fqxzF6ik78LOv4BAmP7Gx5Fp93tkO1JxTpVujpVgZegNri92f4GaGOzIOih
         7JXGD6qHvyNWrJHs3ARtXGgpI4yhkJy3KPGFDo3MFBhCVYI9YxhfGwAnfBW2tqu/24Cv
         QlNa6v2AV9Vw3Q/gRvk467iPmy0Iob93pRY4CTxZrituWlQK/9aZxzmZIty6Euzl+udY
         5ABCMy7ncb78eNSaqHnLnswdAHUhQgWd0biQoe1yljC7AjKFX8WPASi5XKudTPmPrDL+
         OX8w==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f37si1826630pjg.61.2019.08.23.02.14.30;
        Fri, 23 Aug 2019 02:14:45 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732503AbfHWAzs (ORCPT <rfc822;patchstalker@gmail.com>
        + 99 others); Thu, 22 Aug 2019 20:55:48 -0400
Received: from Galois.linutronix.de ([193.142.43.55]:33482 "EHLO
        Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1732470AbfHWAzs (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 22 Aug 2019 20:55:48 -0400
Received: from [5.158.153.53] (helo=tip-bot2.lab.linutronix.de)
        by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
        (Exim 4.80)
        (envelope-from <tip-bot2@linutronix.de>)
        id 1i0xrj-0000Ak-S7; Fri, 23 Aug 2019 02:55:44 +0200
Received: from [127.0.1.1] (localhost [IPv6:::1])
        by tip-bot2.lab.linutronix.de (Postfix) with ESMTP id 35F8E1C07E4;
        Fri, 23 Aug 2019 02:55:43 +0200 (CEST)
Date:   Fri, 23 Aug 2019 00:55:39 -0000
From:   tip-bot2 for Thomas Gleixner <tip-bot2@linutronix.de>
Reply-to: linux-kernel@vger.kernel.org
To:     linux-tip-commits@vger.kernel.org
Subject: [tip: timers/urgent] timekeeping/vsyscall: Prevent math overflow in
 BOOTTIME update
Cc:     linux-kernel@vger.kernel.org,
        Vincenzo Frascino <vincenzo.frascino@arm.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Chris Clayton <chris2553@googlemail.com>
In-Reply-To: <alpine.DEB.2.21.1908221257580.1983@nanos.tec.linutronix.de>
References: <alpine.DEB.2.21.1908221257580.1983@nanos.tec.linutronix.de>
MIME-Version: 1.0
Message-ID: <156652173939.9311.7491866845285987289.tip-bot2@tip-bot2>
X-Mailer: tip-git-log-daemon
Robot-ID: <tip-bot2.linutronix.de>
Robot-Unsubscribe: Contact <mailto:tglx@linutronix.de> to get blacklisted from
 these emails
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
X-Linutronix-Spam-Score: -1.0
X-Linutronix-Spam-Level: -
X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required,  ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The following commit has been merged into the timers/urgent branch of tip:

Commit-ID:     b99328a60a482108f5195b4d611f90992ca016ba
Gitweb:        https://git.kernel.org/tip/b99328a60a482108f5195b4d611f90992ca016ba
Author:        Thomas Gleixner <tglx@linutronix.de>
AuthorDate:    Thu, 22 Aug 2019 13:00:15 +02:00
Committer:     Thomas Gleixner <tglx@linutronix.de>
CommitterDate: Fri, 23 Aug 2019 02:12:11 +02:00

timekeeping/vsyscall: Prevent math overflow in BOOTTIME update

The VDSO update for CLOCK_BOOTTIME has a overflow issue as it shifts the
nanoseconds based boot time offset left by the clocksource shift. That
overflows once the boot time offset becomes large enough. As a consequence
CLOCK_BOOTTIME in the VDSO becomes a random number causing applications to
misbehave.

Fix it by storing a timespec64 representation of the offset when boot time
is adjusted and add that to the MONOTONIC base time value in the vdso data
page. Using the timespec64 representation avoids a 64bit division in the
update code.

Fixes: 44f57d788e7d ("timekeeping: Provide a generic update_vsyscall() implementation")
Reported-by: Chris Clayton <chris2553@googlemail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Chris Clayton <chris2553@googlemail.com>
Tested-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
Link: https://lkml.kernel.org/r/alpine.DEB.2.21.1908221257580.1983@nanos.tec.linutronix.de

---
 include/linux/timekeeper_internal.h |  5 -----
 kernel/time/timekeeping.c           |  5 -----
 kernel/time/vsyscall.c              | 22 +++++++++-------------
 3 files changed, 9 insertions(+), 23 deletions(-)

diff --git a/include/linux/timekeeper_internal.h b/include/linux/timekeeper_internal.h
index 84ff284..7acb953 100644
--- a/include/linux/timekeeper_internal.h
+++ b/include/linux/timekeeper_internal.h
@@ -57,7 +57,6 @@ struct tk_read_base {
  * @cs_was_changed_seq:	The sequence number of clocksource change events
  * @next_leap_ktime:	CLOCK_MONOTONIC time value of a pending leap-second
  * @raw_sec:		CLOCK_MONOTONIC_RAW  time in seconds
- * @monotonic_to_boot:	CLOCK_MONOTONIC to CLOCK_BOOTTIME offset
  * @cycle_interval:	Number of clock cycles in one NTP interval
  * @xtime_interval:	Number of clock shifted nano seconds in one NTP
  *			interval.
@@ -85,9 +84,6 @@ struct tk_read_base {
  *
  * wall_to_monotonic is no longer the boot time, getboottime must be
  * used instead.
- *
- * @monotonic_to_boottime is a timespec64 representation of @offs_boot to
- * accelerate the VDSO update for CLOCK_BOOTTIME.
  */
 struct timekeeper {
 	struct tk_read_base	tkr_mono;
@@ -103,7 +99,6 @@ struct timekeeper {
 	u8			cs_was_changed_seq;
 	ktime_t			next_leap_ktime;
 	u64			raw_sec;
-	struct timespec64	monotonic_to_boot;
 
 	/* The following members are for timekeeping internal use */
 	u64			cycle_interval;
diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
index ca69290..d911c84 100644
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -146,11 +146,6 @@ static void tk_set_wall_to_mono(struct timekeeper *tk, struct timespec64 wtm)
 static inline void tk_update_sleep_time(struct timekeeper *tk, ktime_t delta)
 {
 	tk->offs_boot = ktime_add(tk->offs_boot, delta);
-	/*
-	 * Timespec representation for VDSO update to avoid 64bit division
-	 * on every update.
-	 */
-	tk->monotonic_to_boot = ktime_to_timespec64(tk->offs_boot);
 }
 
 /*
diff --git a/kernel/time/vsyscall.c b/kernel/time/vsyscall.c
index 4bc37ac..8cf3596 100644
--- a/kernel/time/vsyscall.c
+++ b/kernel/time/vsyscall.c
@@ -17,7 +17,7 @@ static inline void update_vdso_data(struct vdso_data *vdata,
 				    struct timekeeper *tk)
 {
 	struct vdso_timestamp *vdso_ts;
-	u64 nsec, sec;
+	u64 nsec;
 
 	vdata[CS_HRES_COARSE].cycle_last	= tk->tkr_mono.cycle_last;
 	vdata[CS_HRES_COARSE].mask		= tk->tkr_mono.mask;
@@ -45,27 +45,23 @@ static inline void update_vdso_data(struct vdso_data *vdata,
 	}
 	vdso_ts->nsec	= nsec;
 
-	/* Copy MONOTONIC time for BOOTTIME */
-	sec	= vdso_ts->sec;
-	/* Add the boot offset */
-	sec	+= tk->monotonic_to_boot.tv_sec;
-	nsec	+= (u64)tk->monotonic_to_boot.tv_nsec << tk->tkr_mono.shift;
+	/* CLOCK_MONOTONIC_RAW */
+	vdso_ts		= &vdata[CS_RAW].basetime[CLOCK_MONOTONIC_RAW];
+	vdso_ts->sec	= tk->raw_sec;
+	vdso_ts->nsec	= tk->tkr_raw.xtime_nsec;
 
 	/* CLOCK_BOOTTIME */
 	vdso_ts		= &vdata[CS_HRES_COARSE].basetime[CLOCK_BOOTTIME];
-	vdso_ts->sec	= sec;
-
+	vdso_ts->sec	= tk->xtime_sec + tk->wall_to_monotonic.tv_sec;
+	nsec = tk->tkr_mono.xtime_nsec;
+	nsec += ((u64)(tk->wall_to_monotonic.tv_nsec +
+		       ktime_to_ns(tk->offs_boot)) << tk->tkr_mono.shift);
 	while (nsec >= (((u64)NSEC_PER_SEC) << tk->tkr_mono.shift)) {
 		nsec -= (((u64)NSEC_PER_SEC) << tk->tkr_mono.shift);
 		vdso_ts->sec++;
 	}
 	vdso_ts->nsec	= nsec;
 
-	/* CLOCK_MONOTONIC_RAW */
-	vdso_ts		= &vdata[CS_RAW].basetime[CLOCK_MONOTONIC_RAW];
-	vdso_ts->sec	= tk->raw_sec;
-	vdso_ts->nsec	= tk->tkr_raw.xtime_nsec;
-
 	/* CLOCK_TAI */
 	vdso_ts		= &vdata[CS_HRES_COARSE].basetime[CLOCK_TAI];
 	vdso_ts->sec	= tk->xtime_sec + (s64)tk->tai_offset;